Privacy Policy

Last updated: 29 May 2026

This is the short, honest version of what Plan Your Garden stores about you.

The headline

If you don't sign in, we store nothing on our servers. Your plant list, watering history, and filter preferences live in your own browser's localStorage — a folder on your device. We can't see it, can't access it, can't sell it.

If you do sign in, we store the bare minimum needed to sync your plants across devices and send you reminders. Listed below.

What we store, when, and why

Anonymous mode (default)

• Where: your browser's localStorage, under the key planyourgarden_v1
• What: your filter preferences, list of plants you're planning to grow, list of plants you've marked as planted, watering and feeding dates, whether you enabled in-tab notifications
• Who can see it: only you, on this device. Not us.
• How to delete it: use the "Wipe local data" button in Settings, or clear browser site data for this site.

Signed-in mode (optional)

If you click "Sign in" and provide your email, we store the following on servers hosted with Supabase (Frankfurt or London, EU region):

• Your email address — used as your account ID and to send reminder emails
• Your plants list — which plants you've added, their planted dates, and last watering/feeding dates
• Notification preferences — your chosen reminder time and which channels (email, push) you've enabled
• Push subscription details — if you enable push notifications, your browser provides a unique device endpoint we store so we can send a notification to that device

We do not store your name, address, phone number, IP address, payment information, browsing history, or any health/biometric data.

How signed-in data is protected

• Encrypted in transit (HTTPS) and at rest (Supabase Postgres encryption)
• Protected by row-level security — each user can only access their own rows. Verified at the database level, not just in our app code.
• You can delete everything anytime — sign in → Settings → Wipe local data, then contact us to delete the server-side copy (or email rcrooks555@gmail.com).

Email reminders

If you enable daily email reminders, we send a digest from Resend (transactional email provider) at your chosen local time. You can unsubscribe at any time by clicking the link in any reminder email, or by toggling the setting off in the app.

Push notifications

If you enable push notifications, we use the standard Web Push protocol with VAPID. Your device receives notifications via your operating system's push service (Apple, Google, or Mozilla, depending on your browser). We have no access to anything else on your device. You can disable push at any time from the Settings panel or your browser settings.

Affiliate links

When you click a "Buy seeds" or "Buy plant" button, you're sent to a third-party retailer (Amazon, Thompson & Morgan, Crocus, or Sarah Raven). We may earn a small commission on purchases. This does not affect what you pay.

If you choose to make a purchase, that retailer's own privacy policy applies — we don't see your purchase, your details, or any cookies they set. We only receive aggregate commission data from the affiliate network (which item was bought, on which date, for what amount).

If we enable click-tracking in future to see which retailers convert best, the click record we store will contain only: plant ID, retailer name, timestamp. No user-identifying information unless you're signed in.

Analytics + cookies

We don't use Google Analytics. We don't use Facebook tracking pixels. We don't set advertising cookies. We don't sell, share, or rent any data to third parties.

The only browser storage we use is the localStorage entry described above (functional, not tracking) and Supabase Auth's session cookie if you sign in (essential, not optional).

Children

This service isn't directed at children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has signed up, contact us and we'll delete the account.

Your rights under UK GDPR

You have the right to:

• Access — request a copy of all data we hold about you
• Rectify — correct any inaccurate data
• Erase — have all your data deleted ("right to be forgotten")
• Object — opt out of any processing, including reminders and any future analytics
• Portability — export your data in a machine-readable format
• Complain — to the UK Information Commissioner's Office (ico.org.uk) if you believe we're handling your data improperly

To exercise any of these rights, email rcrooks555@gmail.com. We'll respond within one month.

Data controller

Plan Your Garden is operated by Robbie Crooks. Contact: rcrooks555@gmail.com.

Changes to this policy

Any material changes will be reflected in the "last updated" date above and announced in the app. Continued use after a change means you accept the revised policy.

← Back to Plan Your Garden  ·  Terms of Service