Last updated: October 28, 2025
Welcome to PlantKeeper. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and use our services, and tell you about your privacy rights and how the law protects you.
1. Information We Collect
1.1 Information You Provide
We collect information that you voluntarily provide to us when you:
- Register for an account (email address, name)
- Add plants to your collection (plant names, photos, care notes)
- Use our AI-powered features (plant photos for identification)
- Interact with Plant Doctor chatbot (questions, photos)
- Subscribe to a paid plan (billing information processed by Stripe)
- Contact our support team (email, message content)
1.2 Information Collected Automatically
When you use PlantKeeper, we automatically collect certain information:
- Device information (browser type, operating system)
- Usage data (pages visited, features used, time spent)
- IP address and approximate location
- Cookies and similar tracking technologies
1.3 Information from Third Parties
We may receive information from third-party services:
- Authentication providers (Google, GitHub for sign-in)
- Payment processors (Stripe for billing)
- Analytics services (usage statistics)
2. How We Use Your Information
We use your personal data for the following purposes:
- To provide and maintain our service
- To process your plant identification requests using AI
- To send you reminders about plant care tasks
- To process payments and manage subscriptions
- To send important service notifications and updates
- To improve our services and develop new features
- To prevent fraud and ensure platform security
- To comply with legal obligations
3. AI and Image Processing
3.1 Plant Identification
When you use our AI-powered plant identification feature:
- Photos are sent to Google Gemini AI for analysis
- Images are processed temporarily and not stored by Google
- Results are saved to your account for future reference
- You can delete identified plants and their photos anytime
3.2 Plant Doctor Chatbot
When you interact with Plant Doctor:
- Your questions and photos are processed by Google Gemini AI
- Conversation history is stored in your account
- You can delete conversations at any time
- AI responses are not medical advice and should not replace professional consultation
4. Data Storage and Security
4.1 Where We Store Your Data
Your data is stored securely using:
- Supabase (database and authentication) - hosted in secure data centers
- Supabase Storage (plant photos) - with encryption at rest
- Upstash Redis (rate limiting data) - temporary storage only
- Vercel (application hosting) - with SSL/TLS encryption
4.2 Security Measures
We implement industry-standard security measures:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest
- Row-Level Security (RLS) to protect your data from other users
- Regular security audits and updates
- Rate limiting to prevent abuse
- Secure authentication with Supabase Auth
4.3 Data Retention
We retain your data as follows:
- Account data: Until you delete your account
- Plant data and photos: Until you manually delete them
- Conversation history: Until you delete conversations
- Usage logs: 90 days for analytics and security
- Billing records: As required by law (typically 7 years)
5. Sharing Your Information
We do not sell your personal data. We only share your information in the following circumstances:
5.1 Service Providers
- Google Gemini AI (for plant identification and chatbot)
- Stripe (for payment processing)
- Supabase (for data storage and authentication)
- Vercel (for hosting)
- Email service providers (for transactional emails)
5.2 Legal Requirements
We may disclose your information if required by law or to:
- Comply with legal obligations or court orders
- Protect our rights and property
- Prevent fraud or illegal activity
- Protect the safety of our users
5.3 Business Transfers
If PlantKeeper is acquired or merged, your data may be transferred to the new owner. We will notify you via email before any such transfer.
6. Your Privacy Rights
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Delete your account and personal data
- Portability: Export your data in a machine-readable format
- Object: Object to processing of your data
- Restriction: Request limited processing of your data
- Withdraw consent: Opt-out of optional data processing
To exercise these rights, contact us at support@plantkeeper.app or use the account settings in your dashboard.
7. Cookies and Tracking
We use cookies and similar technologies for:
- Essential cookies: Required for authentication and core functionality
- Analytics cookies: To understand how you use our service (optional)
- Preference cookies: To remember your settings
You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality. See our Cookie Policy for more details.
8. Children's Privacy
PlantKeeper is not intended for children under 13 years old. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately, and we will delete it.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable data protection laws.
10. Third-Party Links
Our service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of PlantKeeper after changes constitutes acceptance of the updated policy.
12. GDPR Compliance (EU Users)
If you are in the European Union, you have additional rights under GDPR:
- Right to lodge a complaint with a supervisory authority
- Right to data portability in a structured format
- Right to object to automated decision-making
- Right to detailed information about data processing
Our legal basis for processing your data includes:
- Contract performance: To provide our services
- Legitimate interests: To improve and secure our platform
- Legal obligations: To comply with laws
- Consent: For optional features like analytics
13. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under CCPA:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of sale of personal information (we do not sell data)
- Right to deletion of personal information
- Right to non-discrimination for exercising your rights
