Back to AssistPlant

Privacy Policy

Last updated: January 27, 2025
Your privacy matters to us. This Privacy Policy explains how AssistPlant ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our website, web application, and related services (the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

When you create an account and use AssistPlant, we collect:
  • Account Information: Your name, email address, and password (hashed and encrypted). If you sign in with Google, we receive your name, email address, and profile photo from Google.
  • Plant Data: Plant names, care schedules, care history, notes, locations, and photos you add to the app.
  • Payment Information: If you subscribe to the Pro plan, payment details are collected and processed directly by Stripe. We store only your Stripe customer ID and subscription status — we never store your credit card number or full payment details.

1.2 Information Collected Automatically

When you use the Service, we automatically collect:
  • Device Information: A randomly generated device identifier, browser type, and operating system. This is used solely for delivering push notifications to the correct device and managing per-device notification preferences.
  • Timezone: Your browser's timezone, used to schedule care reminders at appropriate local times.
  • Push Notification Tokens: If you enable browser push notifications, we store a Firebase Cloud Messaging (FCM) token associated with your device to deliver notifications.

1.3 Information from Third-Party Services

If you connect third-party services, we receive the following:
  • Google Sign-In: Name, email, and profile photo.
  • Google Calendar (Pro): OAuth access and refresh tokens to read and write calendar events on your behalf. We only access calendar events created by AssistPlant.

2. How We Use Your Information

We use the information we collect to:
  • Provide, operate, and maintain the Service.
  • Send you care reminders via push notifications and email based on your preferences.
  • Sync plant care tasks to your Google Calendar (if you connect it).
  • Process subscription payments through Stripe.
  • Send transactional emails (account verification, password resets).
  • Respond to your support requests.
  • Detect and prevent fraud, abuse, or unauthorized access.
We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.

3. Cookies and Local Storage

AssistPlant uses minimal browser storage, all of which is strictly functional:
  • Theme Cookie (assistplant-theme): Stores your light/dark mode preference so the correct theme is applied on page load. This is a first-party, strictly functional cookie. Duration: 1 year.
  • Authentication (IndexedDB): Firebase Authentication uses your browser's IndexedDB to persist your login session securely. This is essential for keeping you signed in.
  • Device Identifier (localStorage): A randomly generated identifier stored locally to manage push notification delivery across multiple devices. It contains no personal information.
  • Notification Preference (localStorage): A flag indicating whether you have disabled push notifications on a specific device.
  • OAuth Security (sessionStorage): A temporary random value used during Google Calendar authorization to prevent cross-site request forgery (CSRF). It is automatically deleted after use.
We do not use analytics cookies, marketing cookies, advertising trackers, or any third-party tracking technologies.

4. Data Storage and Security

Your data is stored using the following services:
  • Firebase (Google Cloud): Account data, plant data, care history, and preferences are stored in Firebase Firestore. Plant photos are stored in Firebase Cloud Storage. All data is encrypted in transit (TLS) and at rest.
  • Firebase Authentication: Manages login credentials. Passwords are hashed and never stored in plain text.
  • Stripe: Payment and subscription data is stored and managed by Stripe in their PCI-compliant infrastructure.
We implement security measures including encrypted data transmission, secure authentication with email verification, Firebase Security Rules to isolate user data, and server-side validation of all operations. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing

We share your data only with the following third-party service providers, solely to operate the Service:
  • Google / Firebase: Infrastructure, authentication, database, storage, push notifications, and Cloud Functions.
  • Google Calendar API: Only when you explicitly connect your Google Calendar. We create and manage plant care events on your behalf.
  • Stripe: Payment processing for Pro subscriptions.
  • Mailgun: Transactional email delivery (account verification, password resets, care reminders).
We may also disclose information if required by law, court order, or governmental regulation, or to protect the rights, property, or safety of AssistPlant, our users, or the public.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all associated data is permanently removed, including:
  • Your user profile and account information.
  • All plant data, care history, and care schedules.
  • All uploaded photos (removed from cloud storage).
  • Push notification tokens and device records.
  • Google Calendar integration data and tokens.
  • Stripe customer record and subscription.
Account deletion is permanent and irreversible. Transactional email logs (e.g., delivery records) may be retained by our email provider for a limited period in accordance with their retention policies.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:
  • Access: You can view your personal data at any time within the app (profile, settings, plant data).
  • Correction: You can update your name, email preferences, and other profile information through the app settings.
  • Deletion: You can delete your account and all associated data at any time from the app settings. This permanently removes all your data from our systems.
  • Portability: You can request a copy of your data by contacting us at support@assistplant.com.
  • Withdrawal of Consent: You can disable push notifications, disconnect Google Calendar, and turn off email reminders at any time through your settings.
  • Objection/Restriction: You can contact us to object to or request restriction of certain processing activities.
To exercise any of these rights, use the in-app settings or contact us at support@assistplant.com. We will respond to your request within 30 days.

8. Email Communications

We send the following types of emails:
  • Transactional: Account verification, password resets. These are essential and cannot be opted out of while you maintain an account.
  • Care Reminders: Daily plant care reminders sent at your preferred time. You can enable or disable these in your app settings at any time.
We do not send marketing or promotional emails. All emails include a link to manage your notification preferences.

9. Push Notifications

AssistPlant uses Firebase Cloud Messaging to send browser push notifications about upcoming plant care tasks. Push notifications require your explicit browser permission. You can:
  • Revoke notification permission through your browser settings.
  • Disable push notifications per-device within the app.
  • Disable all push notifications globally in your app settings.

10. Children's Privacy

AssistPlant is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us at support@assistplant.com and we will promptly delete the information.

11. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence, including in the United States (where Google Cloud / Firebase and Stripe operate). By using the Service, you consent to the transfer of your data to these locations. We ensure that data transfers comply with applicable data protection laws and that our service providers maintain adequate safeguards.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice in the Service before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised. Your continued use of the Service after the updated policy takes effect constitutes acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: support@assistplant.com
© 2026 AssistPlant. All rights reserved.  · Terms of Service · Privacy Policy · Contact Us
Privacy Policy | AssistPlant