Privacy Policy

Last updated: 2026-05-13

Who we are
What data we collect
How we use it
Who we share it with
How long we keep it
Your rights (GDPR)
Children
Storage and cookies
Changes
Contact

Who we are

Plantora is an AI-powered plant care service operated by an individual developer. Contact: hello@plantora.io. This Privacy Policy describes what personal data we collect, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR).

What data we collect

We collect only what is necessary to provide the Plantora service:

Account: email address, hashed password (bcrypt), optional display name.
Garden data: plants you add (name, scientific name, nickname, photos, notes, planting date, location label), fertilization records, weather alert history, diagnoses.
Location: optional latitude/longitude of your garden, for weather forecasts.
Language preference: which UI/AI language you chose.
Push subscriptions: device endpoint for sending browser notifications.
Technical logs: IP address and basic request logs are kept briefly (under 30 days) for security and abuse prevention.

How we use it

Provide the service: identify plants, generate care guides, diagnose problems, run weather checks, send reminders.
Authenticate your account and send password reset codes via email.
Send push notifications about weather risks or fertilization reminders (only if you opt in).
Improve the service (aggregated, anonymous usage statistics).

We share data only with the following processors strictly to deliver the service:

Anthropic (Claude API): photos and text prompts are sent for AI processing. Per Anthropic's API terms, your data is not used to train their models.
Open-Meteo: only geographic coordinates are sent. No personal data.
Cloudflare: traffic routing and DNS. Cloudflare may briefly process IP addresses for security.
Hetzner Cloud (Germany): our backend server and database are hosted on Hetzner Cloud servers located in the EU.
Stripe (when paid plans are active): payment information processed by Stripe. We never see your card number.

We do not sell your data to advertisers, data brokers, or third parties.

How long we keep it

Your data is retained as long as your account is active. If you delete your account, all personal data (including plant photos and garden history) is deleted within 30 days. Aggregated, anonymous statistics may be retained.

Your rights (GDPR)

Under EU GDPR you have the following rights:

Access (Art. 15): request a copy of your personal data.
Rectification (Art. 16): correct inaccurate data.
Erasure (Art. 17): delete your account from Settings → Delete account, or email us.
Portability (Art. 20): export your data in JSON format from Settings → Export data.
Object (Art. 21): opt out of push notifications or emails any time.
Complaint: lodge a complaint with your local data protection authority (in Hungary: NAIH).

To exercise any right, email hello@plantora.io. We respond within 30 days.

Children

Plantora is not intended for children under 16. We do not knowingly collect personal data from minors. If you believe a child has registered, please contact us.

Storage and cookies

Plantora uses your browser's localStorage to remember your authentication token and language preference. We do not use tracking cookies, third-party analytics, or advertising trackers.

Changes

If we materially change this policy, we will notify you by email and through the app at least 30 days before the change takes effect.

Contact

Questions or requests about this Privacy Policy: hello@plantora.io