Plantory

Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how Plantory collects and uses personal data when operating its digital garden planning platform, AI recommendations, plant identification, visualizations, billing, and related support. Unless stated otherwise, we act as the controller of the personal data described below.

1. Controller and Contact Details

The controller for Plantory is:

  • Prokop Simek, sole trader
  • Registered address: Skalsko 114, Pohoří, 254 01, Czech Republic
  • Business ID (IČO): 88240495
  • VAT ID (DIČ): CZ9201190328
  • Email: support@plantory.ai

2. What Data We Process and Why

The scope of processing depends on how you use Plantory. Some data is necessary to provide the service, while other data is used for security, support, billing, analytics, and product operations.

Account, Identity, and Organization Data

When you create and use an account, we process information such as your name, email address, authentication details, organization membership, role, account settings, and, where applicable, data received from a social login provider. We use this data to create and administer accounts, authenticate users, secure access, manage organizations, and provide service functionality.

Garden Planning Data

We process the content you submit to Plantory, including garden names, addresses and locations, dimensions, map layers, climate and growing conditions, plant lists, zones, notes, tasks, shopping lists, shared garden settings, and other planning-related content.

Photos, Files, and Metadata

If you upload photos or files, we process their content together with related technical metadata, including EXIF data where present. We use this data for garden documentation, plant identification, visualizations, imports, and secure file storage.

Usage, Logs, and Support Data

We process data about how the service is used, error states, submitted forms, support communication, subscription status, order history, and technical events. We use this information to provide support, prevent abuse, resolve incidents, handle billing, maintain audit trails, and improve the service.

Technical and Network Data

We may automatically process IP address, browser type, device type, operating system, language, timezone, session identifiers, and similar technical data needed for security, diagnostics, service delivery, and proper rendering.

3. Legal Bases for Processing

We mainly rely on the following legal bases:

  • Performance of a contract and steps prior to entering into a contract, especially for registration, account operation, paid and free service features, billing, and customer support.
  • Compliance with legal obligations, especially accounting, tax, consumer law, security, and regulatory duties.
  • Legitimate interests, especially for service security, fraud prevention, abuse detection, internal claims management, legal defense, diagnostics, and limited operational analytics.
  • Consent, where required, especially for non-essential analytics or marketing cookies and any processing that cannot be based on another legal ground.

4. AI, Automation, and External Databases

Plantory uses AI features and external plant databases. These features may process data you submit or data needed to generate outputs.

AI Features and Inputs

For AI chat, recommendations, plant identification, task generation, planting plans, and visualizations, we may process your prompts, garden context, images, attachments, related conversation history, and technical metadata required to deliver the output. AI outputs may be stored as part of your account so they remain available in future sessions.

Plant Databases and External Sources

When you search for plants or when we enrich the plant catalog, we may use external sources such as Trefle and Perenual. We only share the scope of queries and technical information needed to retrieve botanical and growing data.

AI History and Outputs

Prompts, AI responses, identifications, visualizations, and related metadata may be retained for the duration of your account, or until the relevant content is deleted, unless longer retention is necessary for security, dispute resolution, or legal obligations.

5. Recipients and Data Sharing

We do not share personal data without reason. Data is disclosed only to the extent necessary to operate the service, comply with legal obligations, or protect our rights.

What We Do Not Do

  • We do not sell your personal data to data brokers.
  • We do not publish the contents of your private gardens unless you use a sharing feature or instruct us to do so.
  • We do not provide your personal data to third parties for their own targeted advertising without an appropriate legal basis.

Categories of Processors and Recipients

Depending on how you use Plantory, we may work with the following categories of providers:

  • Hosting, database, cache, and S3-compatible file storage providers.
  • Stripe for payment processing, billing, and related anti-fraud checks.
  • Resend for transactional and lifecycle email delivery.
  • Google and related AI services for AI generation, identification, and automation features.
  • PostHog for product analytics and usage measurement, where enabled by your consent settings.
  • Google Tag Manager and related Google tags, where activated under your consent settings.
  • Sentry and similar monitoring tools for error tracking, logs, and diagnostics.
  • Trefle and Perenual for plant data and catalog enrichment.

Disclosures Required by Law

We may disclose information where required by law, binding authority request, court order, or where necessary to protect our rights, defend claims, prevent fraud, maintain security, or enforce these terms.

6. Cookies and Analytics

We use cookies, similar identifiers, and local storage for service operation, preference storage, and, where allowed, analytics. The scope depends in part on whether you have granted consent.

Essential Technologies

Essential cookies and similar storage are used for authentication, session security, abuse prevention, technical preferences, and the core operation of the service. Plantory cannot function properly without them.

Functional Preferences

We store settings such as language, appearance, cookie consent state, and other preferences you choose.

Analytics and Measurement

We use tools such as PostHog and Google Tag Manager to measure product usage and improve the service. Where the law requires consent, especially in the EU, EEA, and UK, non-essential analytics is enabled only after consent. We generally retain the consent record for no longer than 13 months unless you renew or change it earlier.

7. Retention Periods

We do not keep personal data longer than necessary for the relevant purpose. The retention period depends on the type of data and the legal basis:

  • Accounting and tax records are retained for the period required by law, typically 10 years.
  • Account, organization, and garden content is retained for the lifetime of the account and then for a reasonable additional period needed for backups, security, disputes, or legal claims.
  • Support communication and operational records are retained for as long as needed to handle the request and then for the duration of applicable limitation periods.
  • Technical and security logs are retained for as long as needed for security, audit, and diagnostics.
  • Cookie consent records are retained for the duration of consent validity, typically no longer than 13 months unless renewed or changed earlier.

8. Data Security

We implement reasonable technical and organizational measures appropriate to the nature of the service and the risks involved. These include, in particular:

  • Encryption of data in transit.
  • Access controls and restrictions on access to personal data.
  • Security event logging, monitoring, and error diagnostics.
  • Separation of production and internal environments where appropriate.
  • Multi-factor authentication for selected accounts and roles.
  • Backup and recovery measures.

9. Your Rights

If GDPR or another applicable privacy law applies, you may have the following rights:

  • Right of access to personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure where the data is no longer needed or processing is unlawful.
  • Right to restriction of processing in cases provided by law.
  • Right to data portability where processing is based on a contract or consent and is automated.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time where processing is based on consent.

You may exercise your rights by contacting support@plantory.ai. We may request reasonable identity verification before fulfilling the request.

You also have the right to lodge a complaint with the Czech Data Protection Authority (UOOU), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.gov.cz.

10. Children's Privacy

Plantory is not intended for children. If we become aware that we processed a child's data without an appropriate legal basis, we will take reasonable steps to delete the data or limit further processing.

11. International Transfers

Some of our providers may process personal data outside the European Economic Area. Where this happens, we rely on appropriate safeguards required by law, such as adequacy decisions or standard contractual clauses.

12. Changes to This Policy

We may update this policy from time to time if the product, legal requirements, or our processing practices change. The current version is always published on the Plantory website. For material changes, we may also use in-app notices or email where appropriate.

13. Contact

If you have questions about this Privacy Policy or about personal data processing in Plantory, contact us at:

support@plantory.ai

  • Prokop Simek
  • Skalsko 114, Pohoří, 254 01, Czech Republic
  • Business ID (IČO): 88240495
  • VAT ID (DIČ): CZ9201190328