Privacy Policy
Effective date: April 29, 2026
1. Who We Are
Plantet (“we,” “our,” or “us”) operates the plant marketplace at plantet.app. This policy explains what personal information we collect, how we use it, and what rights you have over it.
2. Information We Collect
Account Information
When you create an account we collect your email address, username, and password (stored as a bcrypt hash — we never see your plaintext password). If you choose to add a bio, shop location, profile photo, or banner image, that information is stored in your profile.
Listing & Auction Content
When you create a listing or auction we collect the plant name, variety, description, price, quantity, category, and any photos you upload. This content is publicly visible.
Transaction & Payment Data
When you make or receive a payment, we collect order details including the items purchased, amounts, and shipping address you provide at checkout. Full payment card details are processed and stored exclusively by Stripe — we never see or store your card number, CVV, or bank account credentials.
Seller Onboarding Data
If you connect a bank account to receive payments, that process is handled entirely by Stripe Connect. Stripe collects your identity and banking information directly and is responsible for its security.
Reviews & Ratings
Reviews you write are publicly associated with your username. We store the star rating, comment text, and the order it relates to.
Seller Analytics
Sellers on qualifying plans may access analytics about their own orders — for example, a breakdown of which states their buyers ship to. These reports are derived exclusively from orders placed through the seller's own storefront. The data is aggregated and presented at the state or region level only; no individual buyer name, address, or identity is ever exposed to the seller. We apply a minimum-order threshold so that a single buyer cannot be singled out from a small sample.
Usage & Technical Data
Our hosting provider (Vercel) and database provider (Supabase) may collect standard server logs including IP addresses, browser type, pages visited, and timestamps. We do not sell or share this data for advertising purposes.
3. How We Use Your Information
- To create and manage your account
- To process purchases, auctions, and payouts
- To display your public seller storefront
- To send transactional emails (order confirmations, bid notifications, shipping updates) via Resend
- To detect and prevent fraud, abuse, and prohibited content
- To comply with legal obligations
- To provide sellers with aggregated, anonymized analytics about their own orders (e.g. top shipping states) — no personally identifiable buyer information is included in these summaries
We do not sell your personal information to third parties. We do not use your data for behavioral advertising.
4. Third-Party Services
We rely on the following third-party providers to operate Plantet. Each has its own privacy policy.
- Supabase — database, authentication, and file storage. Your account credentials and uploaded photos are stored on Supabase infrastructure. See supabase.com/privacy.
- Stripe — payment processing and seller payouts via Stripe Connect. Stripe is a PCI-DSS Level 1 certified payment processor. See stripe.com/privacy.
- Vercel — website hosting and serverless functions. See vercel.com/legal/privacy-policy.
- Resend — transactional email delivery. See resend.com/legal/privacy-policy.
5. Data Retention
We retain your account data for as long as your account is active. Order records are retained for a minimum of 7 years for tax and legal compliance. If you delete your account, your profile, listings, and non-order data are removed within 30 days. Order records tied to completed transactions are retained for the legally required period even after account deletion.
6. Your Rights
Depending on where you live, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update incorrect or incomplete information in your account settings.
- Deletion (CCPA / GDPR “right to be forgotten”): Request deletion of your personal data. Note that order records may be retained as described above.
- Portability: Request your data in a machine-readable format.
- Opt-out of sale: We do not sell personal data. No opt-out is required.
To exercise any of these rights, email us at privacy@plantet.app. We will respond within 30 days.
7. Children's Privacy
Plantet is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that a user is under 18, we will deactivate their account and delete their data promptly. If you believe a minor has created an account, please contact us at privacy@plantet.app.
8. Cookies & Local Storage
We use cookies and browser local storage strictly for functionality — to keep you logged in and to remember UI preferences (such as your Plant Guide toggle setting). We do not use tracking cookies or third-party advertising cookies.
9. Security
We use industry-standard security measures including TLS encryption for data in transit, bcrypt password hashing, and row-level security policies on our database. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but take reasonable precautions to protect your information.
10. Changes to This Policy
We may update this policy from time to time. We will notify registered users by email and update the effective date at the top of this page. Continued use of Plantet after changes take effect constitutes acceptance of the revised policy.
11. Contact Us
Questions about this policy or your data? Contact us at privacy@plantet.app.