Skip to main content
PlantCareAI Home
PlantCareAI

Your plants deserve to thrive. We'll show you how.

Privacy Policy

Last updated: May 6, 2026

1. Introduction

Elloquist LLC (formerly EDH Dev), operating under the assumed name PlantCareAI ("we", "our", or "us"), operates the PlantCareAI website and service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Information You Provide

  • Email Address: Required for account creation and passwordless OTP authentication
  • Plant Information: Plant names, descriptions, photos, and care schedules you add
  • Location Data: Optional city name you enter manually for weather-aware plant care tips (we do not use GPS or automatic geolocation)
  • Questions and Interactions: Questions you ask the AI assistant and related information
  • Plant Photos: Images you upload are stored in Supabase Storage and may be accessible via a public URL
  • Payment Information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number. We receive and store your Stripe customer ID, subscription status, and billing plan to manage your account

Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: Browser type, operating system, IP address
  • Page-Level Analytics: We use Cloudflare Web Analytics (privacy-preserving, no cookies, no personal data collection)
  • Anonymous Session Analytics: When you use the AI assistant without an account, we store a random session identifier (a UUID generated fresh for each browser session) alongside a count of questions submitted. This identifier is not linked to your identity, email, IP address, or any personal information. It is used solely to measure how often unauthenticated visitors use the tool, to help us improve the product.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Authenticate your account via one-time passcode (OTP)
  • Generate personalized plant care recommendations using AI
  • Provide weather-aware suggestions based on your location
  • Process subscription payments and manage your billing (via Stripe)
  • Improve and optimize the Service
  • Send you important Service updates (via email)
  • Send marketing emails if you opt in (you may unsubscribe at any time)
  • Protect against abuse and unauthorized access

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases per GDPR Article 6:

  • Performance of Contract (Art. 6(1)(b)): Account creation, plant management, AI-powered care recommendations, reminders, subscription payment processing, and core Service features
  • Consent (Art. 6(1)(a)): Marketing emails and optional promotional communications (you may withdraw consent at any time via Account Settings)
  • Legitimate Interest (Art. 6(1)(f)): Privacy-preserving analytics (Cloudflare Web Analytics), anonymous session analytics (random UUID only, no PII), security monitoring, abuse prevention, and service improvement

5. Automated Decision-Making

The Service uses AI models (Anthropic Claude, Google Gemini) to generate plant care recommendations and weather-adjusted watering schedules. These are suggestions only and do not constitute legally significant automated decisions. You can always override, dismiss, or ignore any AI-generated recommendation. No automated profiling is performed that produces legal or similarly significant effects.

6. Data Storage and Security

Your data is stored securely using Supabase (a PostgreSQL database provider) with the following protections:

  • Encryption: All data is encrypted at rest and in transit (HTTPS/TLS)
  • Row-Level Security: Database access is restricted to your own data
  • Rate Limiting: Protection against brute force and abuse attempts
  • Regular Backups: Your data is backed up regularly
  • OTP Codes: One-time passcodes are hashed with SHA-256 before storage and expire after 15 minutes

7. Third-Party Services

We use the following third-party services:

Service Purpose Data Shared
Supabase Database, authentication, file storage Email, profile, plants, photos
Anthropic Primary AI plant care recommendations Questions, plant info, city
Google Gemini Backup AI service Questions, plant info, city
Stripe Payment processing for subscriptions Email, Stripe customer ID, billing events (Stripe handles all card data)
OpenWeatherMap Weather data for care suggestions City name only
Resend Transactional and marketing emails Email address
Render Application hosting All data in transit (server logs, IP addresses)
Cloudflare Web analytics (no cookies) Anonymous page views only

Important: When you ask the AI assistant a question, your question and plant information may be sent to Anthropic's API or Google Gemini (as a fallback). These providers do not use API data to train their models. See their respective privacy policies for details.

8. Data Sharing

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly agree to share information
  • Service Providers: With trusted third-party services (listed above) necessary to operate the Service
  • Legal Requirements: If required by law, regulation, or legal process
  • Safety and Security: To protect the rights, property, or safety of Elloquist LLC, users, or others

9. Your Privacy Rights

You have the right to:

  • Access Your Data: Request a copy of the personal information we hold about you
  • Correct Your Data: Update or correct inaccurate information via your Account Settings
  • Delete Your Data: Delete your account and all associated data from the Account Settings page
  • Export Your Data: Download all your data as JSON from the Account Settings page
  • Restrict Processing: Request that we limit how your data is processed
  • Object to Processing: Object to processing based on legitimate interest
  • Opt-Out: Opt out of non-essential emails (essential Service emails may still be sent)

To exercise these rights, you can use the self-service tools in Account Settings or contact our designated privacy contact at ellen@elloquist.com or info@plantcareai.app. We will respond to verifiable requests within 30 days.

10. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete all your personal information immediately, including plants, reminders, journal entries, and photos. If you had an active subscription, it will be cancelled in Stripe; Stripe may retain transaction records as required by financial regulations. OTP codes automatically expire and are purged after 15 minutes. Server logs containing IP addresses are retained for up to 30 days for security purposes. Anonymous session analytics records (random UUID + timestamp, no personal information) are retained for up to 90 days for product improvement analysis, then deleted.

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us and we will promptly delete that information.

12. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. Our third-party service providers (Supabase, Anthropic, Google) maintain Standard Contractual Clauses (SCCs) and comply with applicable data protection frameworks to safeguard international transfers.

13. Cookies and Tracking

We use a single cookie for Service functionality:

  • Session Cookie (session): HttpOnly, Secure, SameSite=Lax. Expires after 7 days of inactivity. Contains your authentication state if you are logged in. For unauthenticated visitors who use the AI assistant, also contains a randomly generated anonymous session ID (a UUID) used to count unauthenticated usage for product analytics. This ID is not linked to your identity or personal information and is discarded when the session expires.

We do not use third-party advertising cookies, tracking pixels, or any non-essential cookies. Cloudflare Web Analytics operates without cookies and does not collect personal data.

Do Not Track: We respect Do Not Track (DNT) browser signals. Since we do not perform cross-site tracking, there is no change in behavior when DNT is enabled.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information is collected about you
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, use the self-service tools in Account Settings or contact us at info@plantcareai.app.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date and, if appropriate, sending you an email notification.

16. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at info@plantcareai.app.

Back to Home