Privacy Policy

Effective date: January 6, 2025

Your Privacy Matters

At Potted, we believe your data belongs to you. We've built our app with privacy as a core principle, not an afterthought. This Privacy Policy explains how we collect, use, and protect your information when you use our plant tracking application.

1. Information We Collect

Account Information

When you create an account to use cloud sync features, we collect:

  • Email address - Used to identify your account and send you important notifications about your plants
  • Authentication credentials - Securely managed through our authentication system or third-party providers (Google, Apple) if you choose to sign in with them

User Content

When you use Potted with cloud sync enabled, we store:

  • Plant information you create (names, species, care schedules)
  • Reminders and notifications you set
  • Journal entries and notes
  • Photos you upload of your plants

Technical Information

We automatically collect limited technical information necessary to provide the service:

  • Session data for authentication purposes
  • Error logs to help us fix problems (these do not contain personal information)

2. How We Use Your Information

We use your information solely to provide and improve the Potted service:

  • To operate the service - Storing your plants, reminders, and journal entries
  • To send notifications - Delivering care reminders and watering alerts you've configured
  • To provide support - Responding to your questions and troubleshooting issues

What We Don't Do

We take your privacy seriously. We do not:

  • Sell or rent your personal information to third parties
  • Use your data for advertising or marketing purposes
  • Run analytics on your personal content
  • Share your information except as described in this policy
  • Use your photos for any purpose other than displaying them to you

3. Third-Party Services

To provide Potted, we use the following trusted third-party services that may process your data:

Authentication

We use secure authentication services to manage your login. If you choose to sign in with Google or Apple, their respective privacy policies apply to the authentication process.

Cloud Storage

Your photos and data are stored using Amazon Web Services (AWS) or DigitalOcean infrastructure, located in secure data centers.

Email Delivery

We use Amazon Simple Email Service (AWS SES) to send you care reminders and account notifications.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Data is encrypted in transit using TLS/SSL
  • Passwords and credentials are securely hashed
  • Access to user data is restricted to essential operations
  • Our infrastructure is hosted on reputable cloud providers with industry-standard security

5. Data Retention

We retain your data as follows:

  • Active accounts - Your data is retained for as long as your account is active
  • Deleted accounts - When you delete your account, we retain your data for 90 days to allow for account recovery or dispute resolution, after which it is permanently deleted
  • Backup copies - May persist in encrypted backups for a limited time as part of our disaster recovery procedures

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For All Users

  • Access - Request a copy of the personal data we hold about you
  • Correction - Request correction of inaccurate personal data
  • Deletion - Request deletion of your account and associated data
  • Export - Request your data in a portable format

For European Economic Area (EEA) and UK Residents

Under the General Data Protection Regulation (GDPR), you have additional rights including:

  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is the performance of our contract with you (providing the Potted service) and your consent where applicable.

For California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (note: we do not sell your personal information)
  • Non-discrimination for exercising your privacy rights

7. Cookies

Potted uses only essential cookies required for the application to function:

  • Session cookies - To keep you logged in during your browsing session
  • Authentication cookies - To securely verify your identity

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

8. Children's Privacy

Potted is a general-audience application. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Effective date" at the top. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Email: [email protected]

We aim to respond to all privacy-related inquiries within 30 days.