PlantRitual

Legal

Privacy Policy

Last updated: March 19, 2026

1. Introduction

PlantRitual ("we," "our," or "us") operates the PlantRitual mobile application and the website at plantritual.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and share your information when you use our Service.

By using PlantRitual, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication (magic link, Google Sign-In, or Apple Sign-In).
  • Authentication provider — which sign-in method you use.

We do not collect your name, phone number, or mailing address.

2.2 Plant Care Data

When you use the app, we store:

  • Plants you add (species, nickname, room assignment, photos).
  • Care schedules and task history (watering, fertilizing, pruning, etc.).
  • Care logs and feedback you provide (e.g., "on time," "too early").
  • Environment observations (light, humidity, temperature — entered manually, not sensed).
  • Notes you write about your plants.

2.3 Optional Profile Data

During onboarding, you may optionally provide:

  • Experience level (beginner, casual, enthusiast) — used to personalize care recommendations.
  • Plant relationship archetype — used for content personalization.

This data is optional and can be changed at any time in Settings.

2.4 Device & Technical Data

We automatically collect:

  • Device identifier — a stable ID used to associate your device with push notifications. This is not your advertising ID.
  • Device timezone — to schedule reminders at appropriate times.
  • Platform (iOS or Android) and app version.
  • Language/locale preference.

2.5 Usage Analytics

We collect anonymized usage events to improve the app, including:

  • Screens viewed, features used, and actions taken (e.g., task completed, plant added).
  • Onboarding completion status.
  • Paywall interactions (shown, converted, dismissed) — to understand subscription conversion.
  • Notification interactions (scheduled, tapped).

Analytics events include your experience level and app version for cohort analysis. They do not include your email, plant names, or notes.

2.6 Photos

If you upload plant photos, they are stored in a private, access-controlled storage bucket. Only you can access your photos. We do not use your photos for AI training, advertising, or any purpose other than displaying them to you within the app.

2.7 Payment Information

We do not collect or store credit card numbers, bank account details, or any payment credentials. All payment processing is handled by Apple (App Store) and Google (Google Play) through RevenueCat, our subscription management provider. We receive only: subscription status, plan type, renewal dates, and transaction identifiers.

3. How We Use Your Information

  • Provide the Service — store your plants, generate care schedules, send reminders.
  • Personalize your experience — adjust care recommendations based on your experience level and plant data.
  • Send notifications — care reminders at your preferred time, respecting quiet hours you set.
  • Improve the app — analyze aggregated usage patterns to prioritize features and fix issues.
  • Process subscriptions — manage your premium plan status via RevenueCat.
  • Communicate with you — respond to support requests sent via email.

We do not use your data for advertising, sell your data to third parties, or create advertising profiles.

4. Third-Party Services

We use the following third-party services to operate PlantRitual:

ServicePurposeData Shared
SupabaseDatabase, authentication, file storageAll user data (encrypted in transit and at rest)
RevenueCatSubscription managementUser ID, purchase receipts, entitlement status
ExpoPush notification deliveryPush tokens, notification content
GoogleOAuth authentication (optional)OAuth token (validated by Supabase, not stored by us)
AppleOAuth authentication (optional), payment processingOAuth token, purchase receipts

Each service has its own privacy policy. We encourage you to review them.

5. Data Storage & Security

  • Your data is stored in Supabase cloud infrastructure with Row-Level Security (RLS) enforced — you can only access your own data.
  • Authentication tokens are stored on-device using secure encrypted storage (iOS Keychain / Android Keystore) with the protection level "when unlocked, this device only."
  • All data in transit uses HTTPS/TLS encryption.
  • Plant photos are stored in a private storage bucket with access restricted to the photo owner.

6. Data Retention

  • Plant care data — retained as long as your account exists.
  • Analytics events — retained as long as your account exists (anonymized and aggregated for product improvement).
  • Local cache — 24 hours on device (AsyncStorage).
  • Auth tokens — until you sign out or the session expires.

When you delete your account, all your data is permanently removed (see Section 8).

7. Your Rights

You have the right to:

  • Access your data — export all your plant data (plants, rooms, schedules, tasks, logs) in JSON format from Settings → Export Data.
  • Delete your data — permanently delete your account and all associated data from Settings → Delete Account.
  • Modify your data — edit or delete individual plants, notes, and preferences at any time within the app.
  • Withdraw consent — disable notifications, revoke permissions, or stop using the Service at any time.
  • Data portability — export your data in a machine-readable format (JSON).

If you are a resident of the European Economic Area (EEA), you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority.

8. Account Deletion

You can delete your account at any time from Settings → Delete Account. This action:

  • Permanently deletes all your plants, care data, schedules, tasks, logs, notes, photos, rooms, analytics events, notification data, subscription records, and experiment assignments.
  • Deactivates your push notification tokens.
  • Is irreversible — deleted data cannot be recovered.

If you have an active subscription, please cancel it through the App Store or Google Play before deleting your account to avoid continued billing.

9. Children's Privacy

PlantRitual is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at the email below and we will delete it.

10. Cookies & Website

The plantritual.com website is a static site and does not use cookies, tracking pixels, or third-party analytics. No personal data is collected when you visit the website. If this changes in the future (e.g., when we add a web app with user accounts), this policy will be updated.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or updating the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: privacy@plantritual.com