Privacy Policy

Last updated: June 2, 2025

PlantyTime ("we," "our," or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our mobile application and services. By using PlantyTime, you agree to the practices described here.

1. Information We Collect

1.1 Personal Information

  • Email address — used for passwordless authentication (OTP) and account management.
  • Name (optional) — first and last name to personalize your experience.
  • Language preference — your selected language to localize the app interface.

1.2 Plant Data

  • Plant information — species names, custom names, locations, and notes you add.
  • Plant images — photos uploaded for identification and health analysis.
  • Care schedules — watering, fertilizing, and other care activities you track.
  • Health analysis history — AI-generated assessments and recommendations.
  • Wishlist and recommendations — plants you save or are suggested to you.

1.3 Device Information

  • Device tokens — Firebase Cloud Messaging tokens for push notifications.
  • Device details — model, OS version, and platform (iOS or Android).
  • Time zone — used to schedule care reminders at appropriate local times.

1.4 Usage & Diagnostics

  • Leaf token balance — your in-app currency balance, ads watched, and tokens consumed.
  • Log data — anonymized IP addresses, request timestamps, and API endpoints for security and debugging.
  • Error reports — crash logs collected via Sentry to improve app stability.

2. How We Use Your Information

2.1 Core Services

  • Authenticate you securely without passwords using email OTP.
  • Store and manage your plant collection, care schedules, and history.
  • Process plant images through AI to provide health assessments and recommendations.
  • Send care reminders and health alerts via push notifications.
  • Personalize the app based on your language and usage patterns.

2.2 Service Improvement

  • Analyze usage patterns to improve features and performance.
  • Debug technical issues and ensure stability.
  • Monitor for fraudulent activity and security threats.

2.3 Communication

  • Send transactional emails (OTP codes, account notifications).
  • Respond to support requests and inquiries.

3. Third-Party Services

We use the following services to operate PlantyTime. Each has its own privacy policy.

AI Services

Plant images and context are processed by third-party AI providers to generate health assessments. We select providers that meet high privacy and security standards.

Firebase Cloud Messaging

Google's FCM delivers push notifications to your device. See Firebase's Privacy Policy.

Wikimedia Commons

Plant images are sourced from Wikimedia Commons to enrich our plant database. No personal data is shared with Wikimedia. See their Privacy Policy.

Resend

We use Resend to deliver transactional emails. Your email is processed solely for delivery. See Resend's Privacy Policy.

Cloudflare

Cloudflare provides security, performance, and hosting for our infrastructure. They may process your IP and request metadata. See Cloudflare's Privacy Policy.

Google AdMob

AdMob displays ads in exchange for leaf tokens. It may collect device identifiers for ad targeting. You can opt out via your device's ad settings. See Google's Advertising Privacy Policy.

We do not sell or rent your personal data. Data shared with service providers is strictly limited to what is needed to operate our services.

4. Data Storage and Security

Storage

  • Database — PostgreSQL hosted on a secure VPS in the European Union (Germany/Netherlands).
  • Images — stored on our server's local filesystem with restricted access.
  • Cache — Redis for temporary session data and performance.

Security Measures

  • TLS/SSL encryption for all data in transit.
  • JWT authentication with short-lived access tokens and refresh tokens.
  • Strict access controls — only authorized systems can access user data.
  • Regular security updates and automated threat monitoring.

Retention

  • Account data — retained for the lifetime of your account or until you request deletion.
  • OTP codes — expire after 15 minutes and are invalidated after use.
  • Log data — retained for up to 90 days, then automatically deleted.
  • Inactive accounts — accounts inactive for 3 years may be anonymized or deleted.

5. Your Rights

Access and Portability

  • View and export your plant data and account information from within the app.
  • Request a copy of your data by contacting [email protected].

Correction and Deletion

  • Update your profile directly in the app settings.
  • Delete individual plants, images, or care activities from your collection.
  • Request full account deletion via this page or by emailing [email protected]. We will permanently delete your data within 30 days.

Notification Control

  • Manage push notification preferences in the app settings.
  • Disable specific notification types or turn off all notifications.

Advertising

  • Opt out of personalized ads via your device settings (iOS: Settings > Privacy > Advertising; Android: Settings > Google > Ads).

6. Children's Privacy

PlantyTime is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe your child has provided information, contact [email protected] and we will delete it promptly.

7. International Transfers

If you access PlantyTime from outside the European Union, your data will be transferred to and processed on EU-based servers. We ensure appropriate safeguards are in place under applicable data protection laws.

8. GDPR (European Users)

If you are in the European Economic Area, you have the following rights under GDPR:

  • Access — obtain confirmation of whether we process your data and access it.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Restrict processing — limit how we use your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — withdraw consent at any time.
  • Complain — file a complaint with your local data protection authority.

To exercise these rights, contact us at [email protected].

9. CCPA (California Residents)

Under the California Consumer Privacy Act, California residents have the right to know what data we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact [email protected].

10. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via a push notification or email and reflected in the "Last Updated" date above. Continued use of PlantyTime after changes are posted constitutes acceptance.

11. Contact

Questions, concerns, or data requests:

We respond within 30 days.

Back to home