top of page

Privacy Policy

Effective Date: January 2, 2026
Last Reviewed: January 2, 2026


1. INTRODUCTION

Welcome to Garden Designer, operated by Garden Designer LLC, a Washington State limited liability company ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal data.

This privacy policy explains how we collect, use, and safeguard your information when you use our garden design application, whether accessed via web browser or mobile app through the Apple App Store or Google Play Store.

Data Minimization Principle: We collect only the minimum data necessary to provide our service. We do NOT collect location data, browsing history, contacts, device identifiers for advertising, or any other information not directly related to garden design functionality.


1.1 GOOGLE PLAY DATA SAFETY DISCLOSURE

In compliance with Google Play's Data Safety requirements, we declare the following:

Data Types Collected:
• ✅ Email address - for account authentication
• ✅ User-generated content - garden designs, uploaded images
• ✅ App activity - subscription tier, feature usage for service provision

Data Types NOT Collected:
• ❌ Location data - We do not collect precise or approximate location
• ❌ Personal identifiers - No device IDs, advertising IDs, or phone numbers
• ❌ Financial information - Payment processing handled by third parties (Stripe, Google Play Billing)
• ❌ Contacts or calendar - We never access your contacts or calendar
• ❌ Photos and videos - Only when you explicitly choose to upload (permission required)
• ❌ Web browsing history - We do not track your browsing
• ❌ Health and fitness data - Not collected

Data Usage and Sharing:
• ✅ All collected data is encrypted in transit (HTTPS/TLS)
• ✅ Data is encrypted at rest in secure databases
• ✅ You can request deletion of your data at any time
• ❌ We do NOT sell or share data with third parties for advertising or marketing
• ❌ We do NOT use data for purposes other than providing garden design services

Data Safety Consistency: This privacy policy is consistent with our Google Play Data Safety declaration. The information disclosed here matches exactly what we report in the Play Store Data Safety section. Any updates to our data practices will be reflected in both locations simultaneously.


2. INFORMATION WE COLLECT

2.1 Account Information:
• Email Address: Used for authentication, account recovery, and important notifications
• Password: Securely encrypted using industry-standard bcrypt hashing (we never store plain-text passwords)
• Email Verification Status: Tracks whether you've confirmed your email address
• Account Metadata: Creation date, last login, and admin status (if applicable)

  • Timezone Preference: User-selected timezone for accurate timestamp display on garden edits (defaults to Pacific Time if not set). This is a manual preference setting, NOT location tracking


 


2.2 Garden Design Data:
• Garden Metadata: Garden name, description, status (active/archived), and timestamps
• Design Specifications: Dimensions, shape (rectangular/custom), grid size, and display mode
• Plant Selections: Plant types, positions (X/Y coordinates), rotation, scale, and custom properties
• Hardscape Elements: Paths, patios, and other non-plant garden features you add
• Cost Estimates: Price calculations based on your plant and material selections

2.3 User-Uploaded Assets:
• Image Files: Custom plant images, garden photos, or design inspiration you upload
• Asset Metadata: File names, categories, tags, upload dates, and URLs
• Original Filenames: Preserved for your reference

2.4 Technical Information:
• Authentication Tokens: Stored in browser localStorage to keep you logged in
• Session Data: Managed by Supabase to maintain your active session
• Browser Storage: We use localStorage for authentication tokens only—no tracking or analytics cookies

Error Reporting and Crash Diagnostics:
To maintain app quality and fix bugs quickly, we use Sentry (sentry.io) to detect and diagnose app crashes.

When the app crashes, we collect:
• Device model and operating system version
• App version number
• Stack trace (code location of error)
• Timestamp of crash
• Approximate memory usage at time of crash

We do NOT send:
• Your email address or account information
• Your garden designs or uploaded images
• Your location or device identifiers

Privacy Protection: Crash reports are anonymous and cannot be traced to individual users
Data Retention: Crash data retained for 90 days for debugging purposes, then permanently deleted
Sentry Privacy Policy: https://sentry.io/privacy/

App Version and Update Information:
• Current App Version: Stored to ensure compatibility with backend services
• Update History: NOT tracked - we don't monitor when you update the app
• Platform Version: Basic Android/iOS version checking for compatibility only
• Error Diagnostics: Only transmitted when app crashes (via Sentry as described above)

2.5 Mobile App Permissions and Data:
When you use the mobile app version, we request only essential permissions. Here's exactly what we access and why:

• Internet Access (REQUIRED): Essential for syncing your garden designs with our cloud database
• Network State (REQUIRED): Checks if you're online before syncing to prevent data loss
• Storage/Photos (OPTIONAL): Only when you explicitly choose to upload custom plant images. You can deny this permission and still use all other features
• Camera (OPTIONAL): Only if you choose to take photos directly in the app. Fully functional without this permission

Permissions We DO NOT Request:
• ❌ Location - We never ask for or use location services
• ❌ Contacts - We do not access your contact list
• ❌ Calendar - We do not integrate with your calendar
• ❌ Microphone - No audio recording capabilities
• ❌ Phone/SMS - We do not make calls or send SMS messages
• ❌ Bluetooth - Not used
• ❌ Device Admin - We never request admin privileges
• ❌ Biometric Data - We do NOT support fingerprint or face recognition login

Prominent In-App Disclosure (Permission Requests):
When our app requests optional permissions (camera, storage), we display an in-app explanation dialog BEFORE showing the Android system permission request. This dialog clearly explains:
• Why we need the permission
• What data we'll access
• How the data will be used
• That you can deny and still use other features

You must actively consent by tapping 'Allow' - permission dialogs do not auto-dismiss. If you deny a permission, the app remains fully functional except for the specific feature requiring that permission.

Device Information:
• Device Identifiers: We do NOT collect device IDs, IDFA, Android Advertising ID, or any advertising identifiers
• Push Notifications: Notification token stored only if you grant permission (can be disabled in device settings). Notifications contain only generic reminders, never personal garden data
• App Store Account: We do not access your Apple ID, Google account, or payment information from app stores
• Device Model/OS: Basic device info may be logged for crash reporting only (not used for tracking)
• Clipboard Access: We do NOT access your device clipboard
• Screenshots: We cannot access screenshots or screen recordings you take of the app

2.6 Subscription and Payment Information:
Garden Designer offers different subscription tiers (Free, Pro) with varying feature limits. If you subscribe to a paid plan, we may collect:
• Subscription Tier: Your current plan level (free, pro) stored in our database
• Garden Limits: Maximum number of gardens, plants per garden, and other tier-specific limits
• Storage Quota: Storage space allocation for uploaded assets (varies by tier)
• Feature Access: Tier-specific features you have access to

Payment Processing:
• We DO NOT directly collect, store, or process credit card information
• All payment processing is handled by third-party payment processors (e.g., Stripe, Apple App Store, Google Play Billing)
• Payment processors are PCI-DSS compliant and follow industry security standards
• We only receive confirmation of successful/failed payments, subscription status, and subscription expiration dates
• Your billing details remain with the payment processor and are not visible to us
• Refund requests are processed according to the platform's refund policy (Apple, Google, or our payment processor)

2.7 Third-Party Service Data Collection:
We use the following third-party services that may collect or process data on our behalf:
• Supabase (Database & Authentication): Stores all user account data, garden designs, and uploaded assets. Acts as our data processor. Location: varies by region selected. Privacy Policy: https://supabase.com/privacy
• Sentry (Error Monitoring): Receives anonymous crash reports when app malfunctions. Only technical data (device model, OS, stack trace) - no personal information. Privacy Policy: https://sentry.io/privacy/
• Anthropic Claude (AI Services): Plant data enrichment only (botanical facts). No user-specific data or personal information sent. Privacy Policy: https://www.anthropic.com/privacy
• Perenual API (Plant Database): Licensed plant taxonomy and scientific names. No personal data shared. Terms: per API subscription agreement
• Payment Processors (when applicable): Stripe, Apple App Store, or Google Play Billing handle payment transactions. We do not receive your payment card details

2.8 Background Data Collection:
Garden Designer does NOT collect data when the app is in the background or closed.

• Foreground Only: All data syncing occurs only when app is actively in use
• Authentication: Tokens refresh only during active sessions, not in background
• No Background Location: We never track location, foreground or background
• No Background Photo Access: Camera/storage only accessed when you explicitly choose to upload
• Push Notifications: If enabled, notifications do not collect or transmit personal data
• Offline Mode: If internet disconnects, edits are saved locally and synced when you return online
• Cross-Device Syncing: Your data syncs automatically across devices when logged into same account (foreground only)


3. HOW WE USE YOUR INFORMATION

We use your information for the following specific purposes:

3.1 Core Functionality:
• Authenticate your identity and maintain secure access to your account
• Save and synchronize your garden designs across browser sessions
• Store your uploaded assets in secure cloud storage (Supabase Storage)
• Calculate costs based on your plant and material selections
• Enable undo/redo functionality for design changes

3.2 Account Management:
• Send email verification links to confirm your account
• Process password reset requests when you forget your credentials
• Notify you of critical account security events
• Manage your subscription or service access (if applicable)

3.3 Service Improvement:
• Monitor system performance and identify technical issues
• Optimize database queries for faster load times
• Develop new features based on usage patterns (anonymized data only)

3.4 Legal and Security:
• Enforce our Terms of Service and prevent abuse
• Comply with legal obligations and respond to lawful requests
• Protect the rights, property, and safety of our users


4. DATA STORAGE AND SECURITY

4.1 Infrastructure:
• Database: Supabase (PostgreSQL) with enterprise-grade security and automatic backups
• Authentication: Supabase Auth with bcrypt password hashing and JWT tokens
• File Storage: Supabase Storage with access controls and public URL generation
• Data Location: Your data is stored in secure data centers operated by Supabase

4.2 Security Measures:
• Row Level Security (RLS): Database policies ensure you can only access your own data
• Encryption in Transit: All data transmissions use HTTPS/TLS 1.2+ encryption
• Encryption at Rest: Database uses AES-256 encryption managed by Supabase PostgreSQL. File storage uses server-side encryption (SSE) for all uploaded assets
• Password Security: Passwords are hashed with bcrypt (cost factor 12, industry standard) - never stored in plain text and not reversible
• Authentication Tokens: JWT tokens with HMAC SHA-256 signatures, 1-hour expiration for security
• Foreign Key Constraints: Automatic data cleanup when accounts are deleted
• Email Verification: Required before full account access to prevent fake accounts

Security Audits and Compliance:
• Infrastructure Provider: Supabase maintains SOC 2 Type II certification for data security
• Internal Security Reviews: We conduct quarterly security reviews of our codebase and practices
• Independent Audits: Third-party security audit not yet completed (planned for 2026)
• Vulnerability Disclosure: Contact florasketch@protonmail.me for responsible security disclosure
• Monitoring: Automated alerts for suspicious activity, failed login attempts, and unusual data access patterns

4.3 Data Retention:
• Active Accounts: Garden designs are retained indefinitely while your account is active
• Uploaded Assets: Images remain available until you delete them or close your account. Storage limits apply based on your subscription tier (Free: 500MB, Pro: 10GB)
• Authentication Tokens: JWT tokens expire after 1 hour of inactivity for security. Refresh tokens last up to 7 days
• Deleted Gardens: Permanently removed immediately (no soft-delete recovery period)
• Closed Accounts: All user data (gardens, assets, account info) is permanently deleted within 30 days via CASCADE constraints
• Email Verification: Unverified accounts have a 3-day verification deadline before account access is restricted
• Backup Retention: Database backups are retained for 7 days for disaster recovery, then permanently deleted

4.4 File Storage Specifications:
• Storage Bucket: Private bucket (user-assets) - not publicly accessible
• Access Method: Signed URLs with 1-year expiration for authenticated access only
• File Naming: Random UUIDs to prevent enumeration attacks (format: userId/random-uuid-timestamp.jpg)
• Supported Formats: JPEG, PNG, WebP, GIF (images only)
• Maximum File Size: 10MB per file
• Row Level Security: Database policies ensure you can only access your own files

4.5 Data Portability and Export:
You have the right to export your data in machine-readable formats:
• Garden Designs: Export as JSON containing all garden metadata, plant positions, and hardscape elements
• Asset List: CSV export of uploaded asset metadata (names, categories, tags, URLs)
• Account Data: Request complete data export including account information, subscription details, and all associated content
• Request Method: Contact us through Help & Support or email for data export requests (processed within 30 days)


5. DATA SHARING AND THIRD PARTIES

We do not sell, trade, or rent your personal information to third parties. Your garden designs and personal data remain private and are only accessible by you.

5.1 Service Providers:
• Supabase: Provides database, authentication, and storage infrastructure under strict confidentiality agreements
• Service providers only process data on our behalf and cannot use it for their own purposes

5.2 Legal Requirements:
• We may disclose data when required by law, court order, or government request
• We may share information to enforce our Terms of Service
• We may disclose data to protect the rights, safety, or property of our users or the public

5.3 What We DO NOT Do:
• ❌ No third-party analytics (Google Analytics, Facebook Pixel, etc.)
• ❌ No advertising networks or tracking cookies
• ❌ No data brokers or marketing companies
• ❌ No social media integration that shares your data
• ❌ No AI training on your garden designs without explicit consent


6. YOUR RIGHTS AND CONTROLS

6.1 Access and Portability:
• View all your garden designs at any time from the Account page
• Access your uploaded assets and their metadata
• Export your designs (feature availability may vary)
• Request a copy of all your personal data in machine-readable format

6.2 Modification:
• Update your email address through Account Settings
• Change your password at any time
• Edit, rename, or delete any of your garden designs
• Remove uploaded assets from your library

6.3 Deletion and Right to be Forgotten:
In compliance with GDPR, CCPA, and Google Play requirements, you have complete control over your data deletion:
• Individual Items: Delete individual garden designs from the Account page instantly
• Assets: Remove uploaded images from your asset library at any time
• Full Account Deletion: Request complete account deletion through Help & Support or email florasketch@protonmail.me or visit https://florasketch.co/deleteaccount
• What Gets Deleted: ALL your data including gardens, plants, uploaded assets, account information, and subscription details
• Timeline: Account deletion processed within 30 days. Data is permanently removed from active systems immediately and from backups within 7 days
• Irreversibility: Account deletion is permanent and cannot be undone. No recovery options available
• Exceptions: We may retain limited data only if required by law (e.g., financial records for tax purposes), but personal identifiers are removed

6.4 Data Download and Portability:
You can request a copy of all your data in machine-readable format:
• Email florasketch@protonmail.me to request data export
• Receive JSON files with all garden designs, metadata, and account information
• Includes list of uploaded assets with download links
• Delivered within 30 days via secure download link

6.5 Communication Preferences:
• Opt out of non-essential email communications (security alerts cannot be disabled)
• Manage notification preferences in Account Settings (when available)
• Unsubscribe links included in all marketing emails


7. COOKIES AND BROWSER STORAGE

7.1 What We Use:
• localStorage: Stores authentication tokens to keep you logged in between sessions
• Session Cookies: Managed by Supabase for authentication (essential for functionality)
• All storage is cleared when you log out or clear browser data

7.2 What We DON'T Use:
• ❌ No third-party tracking cookies
• ❌ No advertising cookies
• ❌ No cross-site tracking
• ❌ No analytics cookies (Google Analytics, etc.)
• ❌ No fingerprinting or device tracking


8. AI AND AUTOMATED PROCESSING

Use of Artificial Intelligence: Garden Designer uses AI (Anthropic Claude) to enrich plant database information with botanical facts such as sunlight requirements, watering needs, and bloom characteristics.

• What AI Does: Generates factual botanical data (hardiness zones, care instructions, plant characteristics) for our plant library
• What AI Does NOT Do: We do NOT send your personal data, garden designs, or user-uploaded content to AI services
• Data Sent to AI: Only plant scientific names and taxonomy for enrichment purposes
• Your Data: Your personal gardens, designs, and uploaded images are NEVER processed by AI or used for AI training
• Disclosure: AI-generated plant information is clearly labeled with ⚠️ disclaimer warnings
• No Automated Decisions: We do not use AI or automated processing to make decisions that significantly affect you


9. CHILDREN'S PRIVACY (COPPA COMPLIANCE)

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Age Restriction Enforcement:
• Platform Age Rating: Our app is rated 13+ on Google Play Store and Apple App Store
• Terms of Service: Account creation requires users to be at least 13 years old
• No Age Gate: We rely on platform-level age restrictions rather than collecting birthdates
• Discovery and Deletion: If we learn a user is under 13, their account is immediately deleted with all associated data

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at florasketch@protonmail.me, and we will delete such information within 48 hours.


10. INTERNATIONAL DATA TRANSFERS

Garden Designer LLC is based in Washington State, USA. Your data is stored on Supabase servers, which may be located in various countries. By using our service, you consent to the transfer of your information to these locations.

We ensure that appropriate safeguards are in place to protect your data regardless of where it is processed, in accordance with applicable data protection laws, including GDPR (for European users) and CCPA (for California users).


11. APP STORE PRIVACY LABELS

For users downloading from the Apple App Store or Google Play Store, we provide the following privacy label disclosures:

Data Used to Track You:
• ❌ NONE - We do not track you across apps or websites

Data Linked to You:
• ✅ Contact Info (Email) - for authentication only
• ✅ User Content (Garden designs, uploaded images) - stored in your account

Data NOT Linked to You (Anonymous):
• ✅ Crash Logs (Device model, OS, app version, error details) - cannot be traced to individual users
• ✅ Diagnostics (Performance data, memory usage) - aggregated and anonymous

Data NOT Collected:
• ❌ Location data (precise or approximate)
• ❌ Browsing history
• ❌ Contacts or calendar
• ❌ Financial information (payment processing handled by third parties)
• ❌ Health & fitness data
• ❌ Device identifiers for advertising (no IDFA, no Android Advertising ID)
• ❌ Biometric data (no fingerprint or face recognition)


12. DATA BREACH NOTIFICATION

In the unlikely event of a data breach that affects your personal information, we will:
• Notify you via email within 72 hours of discovering the breach
• Describe what information was compromised
• Explain what steps we're taking to address the breach
• Provide recommendations for protecting your account
• Comply with all applicable data breach notification laws (including Washington State RCW 19.255.010)


13. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:
• Update the "Effective Date" at the top of this policy
• Send you an email notification to your registered address
• Display a prominent notice in the application for 30 days

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.


14. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
• Right to Know: Request disclosure of personal data we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We don't sell personal information, so no opt-out is needed
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights


15. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
• Legal Basis: We process your data based on contract performance and legitimate interests
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion under certain conditions
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests

To exercise these rights, contact us through the Help & Support section.


16. GOVERNING LAW

These Terms shall be governed by and construed in accordance with the laws of the State of Washington, USA, without regard to its conflict of law provisions.

Any disputes arising from these Terms or your use of the Service shall be subject to the exclusive jurisdiction of the state and federal courts located in Washington State.


17. WASHINGTON STATE PRIVACY RIGHTS

Washington State residents have specific rights under the Washington My Health My Data Act (MHMDA) and other state privacy laws:
• Right to Know: You can request information about personal data we collect
• Right to Delete: You can request deletion of your personal information
• Right to Correct: You can request correction of inaccurate data
• Data Breach Notification: We comply with RCW 19.255.010 breach notification requirements


18. CONTACT INFORMATION

Company Legal Name: Flora Sketch LLC
State of Formation: Washington State, USA

Privacy Inquiries:
• Email: florasketch@protonmail.me
• In-App Support: Contact Form on Website, Help & Support section in the application
• Data Rights Requests: florasketch@protonmail.me
• Security Concerns: florasketch@protonmail.me

Mailing Address:
Flroa Sketch LLC
Privacy Officer
2111 N Dick Rd
Spokane Valley, WA 99212
United States

Response Times:
• General inquiries: Within 7 business days
• GDPR/CCPA/Washington privacy rights requests: Within 30 days (may extend to 45 days if complex)
• Data breach or security concerns: Within 24 hours
• Account deletion requests: Processed within 30 days

---

Note: This privacy policy complies with Apple App Store and Google Play Store requirements, as well as federal laws (COPPA, CAN-SPAM) and state laws including Washington State privacy regulations, California CCPA, and European GDPR where applicable.
 

bottom of page