Privacy Policy

We collect only what is needed to make the app work:

• Email address and password — if you create an account. Used solely for authentication. We never sell or share your email.
• Location (city, latitude/longitude) — entered by you or detected via your browser's geolocation API with your permission. Used to calculate your USDA hardiness zone, frost dates, and planting schedules. Stored in your profile.
• Garden and plant data — everything you add to your garden: plant names, dates, notes, harvest logs, and journal entries. This data is yours; we store it on your behalf so it persists across devices.
• Usage data — we do not currently run analytics or tracking. We may add privacy-respecting, cookie-free analytics in the future and will update this policy if we do.

We use one strictly necessary session cookie set by Supabase (our authentication provider) to keep you signed in. This cookie does not track you across other websites and is not used for advertising.

Under GDPR and similar laws, strictly necessary cookies do not require your consent because they are essential for the service to function. We do not use marketing, tracking, or analytics cookies.

The Explore Crops page includes links to seed company websites (Burpee, Johnny's Selected Seeds, Baker Creek Heirloom Seeds, and Territorial Seed). Some of these links may be affiliate links, meaning we may earn a small commission if you make a purchase after clicking through — at no extra cost to you.

Affiliate links are disclosed with an “may include affiliate links” notice wherever they appear, in accordance with FTC guidelines. Affiliate relationships do not influence which plants or seed companies we recommend.

We use the following third-party services to power the app:

• Supabase — database and authentication. Your data is stored in Supabase's managed PostgreSQL database. Supabase is SOC 2 Type II certified.
• Tomorrow.io — weather forecasts. We send your latitude and longitude to fetch local weather data. No personally identifiable information is included.
• Perenual — plant database. When you search for a plant, your search query is sent to the Perenual API. No account data is shared.
• Anthropic (Claude) — AI-powered crop substitution suggestions. When the AI feature is used, your plant name and hardiness zone are sent to Anthropic's API. No other personal data is included in these requests.

Your account and all associated data (garden plants, tasks, journal entries, harvest logs) are retained for as long as your account is active.

To delete your account and all your data, contact us using the email below. We will permanently delete your data within 30 days of your request. Anonymous usage data, if any, may be retained in aggregate form.

Depending on where you live, you may have rights including:

• The right to access the personal data we hold about you
• The right to correct inaccurate data
• The right to delete your data (“right to be forgotten”)
• The right to export your data in a portable format

To exercise any of these rights, contact us at the address below.

trellis is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this policy as the app evolves. We will update the “Last updated” date at the top of this page. For significant changes, we will notify signed-in users via email or an in-app notice.

Questions about this policy or your data? Reach us at privacy@gardenplanner.app. We aim to respond within 5 business days.