Privacy Policy

We collect only what is needed to make the app work:

• Email address and password — if you create an account. Used solely for authentication. We never sell or share your email.
• Location (city, latitude/longitude) — entered by you or detected via your browser's geolocation API with your permission. We collect your ZIP code or city name and, where available, latitude/longitude coordinates. We do not track your precise real-time GPS location. Location data is used solely to calculate your USDA hardiness zone, local frost dates, and planting schedules, and is stored in your profile.
• Garden and plant data — everything you add to your garden: plant names, dates, notes, harvest logs, and journal entries. This data is yours; we store it on your behalf so it persists across devices.
• Photos uploaded for AI diagnostics — when you use the AI Plant Doctor feature, the photo you submit is sent to Anthropic's Claude API for analysis. Photos are not stored on our servers after the diagnostic request is complete; they are processed transiently and discarded.
• Usage data — we do not currently run analytics or tracking. We may add privacy-respecting, cookie-free analytics in the future and will update this policy if we do.

We use one strictly necessary session cookie set by Supabase (our authentication provider) to keep you signed in. This cookie does not track you across other websites and is not used for advertising.

Under GDPR and similar laws, strictly necessary cookies do not require your consent because they are essential for the service to function. We do not use marketing, tracking, or analytics cookies.

The Explore Crops page includes links to seed company websites (Burpee, Johnny's Selected Seeds, Baker Creek Heirloom Seeds, and Territorial Seed). Some of these links may be affiliate links, meaning we may earn a small commission if you make a purchase after clicking through — at no extra cost to you.

Affiliate links are disclosed with an “may include affiliate links” notice wherever they appear, in accordance with FTC guidelines. Affiliate relationships do not influence which plants or seed companies we recommend.

We use the following third-party services to power the app:

• Supabase — database and authentication. Your account data, garden records, and profile (including stored location) are stored in Supabase's managed PostgreSQL database. Supabase is SOC 2 Type II certified.
• Tomorrow.io — weather forecasts. We send your latitude and longitude to fetch local weather data. No personally identifiable information is included in these requests.
• Perenual — plant database. When you search for a plant, your search query is sent to the Perenual API. No account data is shared.
• Anthropic (Claude) — AI-powered plant diagnosis and crop substitution suggestions. When you use the AI Plant Doctor feature, your uploaded photo, plant name, and hardiness zone are sent to Anthropic's API. When you use AI crop suggestions, your plant name and hardiness zone are sent. No other personal data (such as your email or account ID) is included in these requests. Anthropic's data handling is governed by their privacy policy.

Your location is used exclusively to power location-specific features:

• Calculating your USDA plant hardiness zone
• Determining average last and first frost dates for your area
• Generating planting schedules and succession planting timelines
• Fetching local weather forecasts and alerts

We do not sell, license, or share your location with advertisers. We do not build a profile of your movements or use location data for any purpose other than those listed above.

Your account and all associated data (garden plants, tasks, journal entries, harvest logs) are retained for as long as your account is active. Photos submitted for AI diagnostics are not retained after the request is processed.

To delete your account and all your data, contact us using the email below. We will permanently delete your data within 30 days of your request. Anonymous usage data, if any, may be retained in aggregate form.

Depending on where you live, you may have rights including:

• The right to access the personal data we hold about you
• The right to correct inaccurate data
• The right to delete your data (“right to be forgotten”)
• The right to export your data in a portable format

To exercise any of these rights, contact us at the address below.

Trellis is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this policy as the app evolves. We will update the “Last updated” date at the top of this page. For significant changes, we will notify signed-in users via email or an in-app notice.

Questions about this policy or your data? Reach us at trellisplants@gmail.com. We aim to respond within 5 business days.