Privacy Policy

Last updated: December 2025

1. Introduction

Gardiflora ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web service.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using Gardiflora, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

  • Email address (required for account creation)
  • Display name (optional)
  • Authentication data from Google if you choose to sign in with Google

2.2 Garden Data

  • Garden names and descriptions
  • Garden addresses (optional, for location-based features)
  • Plants, sections, biotopes, and structures you add to your gardens
  • Tasks and notes associated with your garden elements
  • Hemisphere setting (for seasonal task scheduling)

2.3 Photos and Images

  • Plant photos you capture for identification (processed but not permanently stored by the identification service)
  • Garden and element images you choose to upload

2.4 Usage Data

  • App interactions and feature usage (anonymized analytics)
  • Device type and operating system
  • Error reports and crash logs

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Gardiflora service
  • Authenticate your account and ensure security
  • Generate personalized gardening tasks based on your plants and location
  • Identify plants using AI-powered image recognition
  • Send important service notifications (e.g., password resets)
  • Improve our app based on usage patterns
  • Respond to your support requests and feedback

4. Third-Party Services

We use the following third-party services to operate Gardiflora:

4.1 Supabase

Our backend infrastructure provider. Stores your account data, garden information, and uploaded images securely. Data is encrypted in transit and at rest.

Supabase Privacy Policy

4.2 PlantNet

AI plant identification service. When you use the plant identification feature, your photo is sent to PlantNet for analysis. PlantNet does not permanently store your images for identification requests.

PlantNet Privacy Policy

4.3 Google (OAuth)

If you choose to sign in with Google, we receive your email address and basic profile information. We do not access your Google contacts, calendar, or other data.

Google Privacy Policy

4.4 Resend

Email delivery service for transactional emails (verification, password reset).

Resend Privacy Policy

4.5 Vercel

Web hosting and analytics. Collects anonymized usage data and performance metrics.

Vercel Privacy Policy

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase, located in the European Union. We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest
  • Row-level security policies ensuring you can only access your own data
  • Secure authentication with hashed passwords
  • Regular security updates and monitoring

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within 30 days.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

8. Camera and Photo Permissions

Gardiflora requests camera access solely for the plant identification feature. Photos taken for identification are:

  • Sent securely to PlantNet for analysis
  • Not stored permanently by PlantNet
  • Not shared with any other parties
  • Optionally saved to your garden records if you choose

9. Children's Privacy

Gardiflora is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Significant changes will be communicated via email or in-app notification.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@gardiflora.app

Data Controller: Gardiflora
Belgium


This privacy policy is effective as of December 2025.