Privacy Policy

• Account data: email address, password (hashed), display name, locale.
• Garden data: seasons, plots, containers, plant instances, photos, harvest logs, notes.
• Billing data: handled by Stripe. We store only the subscription state, plan id, and a Stripe customer reference. We never see or store card numbers.
• Operational logs: IP addresses and user-agent strings on signup, consent grants, and rate-limit events. Retained for security and debugging purposes.

Plotwise relies on the following sub-processors. They process the data categories listed above only on our instructions.

• Supabase— database hosting and authentication (United States / EU).
• Vercel— application hosting. All HTTP requests transit Vercel infrastructure (United States).
• Stripe— payments and subscription billing. Card data handled directly by Stripe; we never see card numbers (United States).
• Resend— transactional email delivery (United States).
• Anthropic— the AI assistant routes chat messages and uploaded plant photos (when you use the vision feature) to Anthropic's API for processing. Anthropic does not retain conversation content for model training. Used only when you actively chat with the assistant (United States).
• Mapbox— geocoding (your typed location is sent for address-to-coordinates lookup) and satellite map imagery for the plot-canvas underlay (United States).
• PostHog— product analytics (anonymous pageviews and a small set of behavioural events such as signup-completed, ai-message-sent, bug-report-submitted). Configured cookieless (no tracking cookies set) and person profiles are only created for signed-in users (United States).

• Access:request a copy of every record we hold about you. The Account > Export page generates a JSON export on demand.
• Rectification: all account data is editable from within the app. Contact us for help with anything not directly editable.
• Erasure:the Account > Delete page removes every record we hold about you, cancels your subscription, and deletes your sign-in credential. Completed within 30 days; in practice immediate.
• Portability: the export above is a machine-readable JSON file you can move to any other service.
• Withdraw consent: for marketing email and analytics opt-ins, withdraw at any time from Email Preferences.

Account data is kept for as long as your account is active. After deletion, residual logs (audit log entries, rate-limit events) are anonymized within 30 days. Stripe retains its own copy of payment records for the period its compliance obligations require.

Our sub-processors operate from the United States and the EU. Transfers to the US rely on each sub-processor's Data Processing Addendum incorporating the Standard Contractual Clauses.

The Service is not directed at children under 16. We do not knowingly collect data from children.

Privacy requests: team@plotwise.ca. We respond within 30 days.