Privacy Policy
Last updated: April 2026
TilthIQ ("we", "our", "the app") is a garden planning service. This policy explains what data we collect, how we use it, and your rights regarding that data.
1. Data We Collect
| Data Type | Purpose | Shared with Third Parties? |
|---|---|---|
| Email address | Account authentication, notifications | No |
| Password | Stored as a one-way hash only | No |
| Display name | Personalization | No |
| ZIP code | Growing zone lookup, local weather | Weather API provider |
| Garden records | Beds, plantings, seeds, tasks, crop plans | No |
| AI query text | Garden AI assistant responses | Google Gemini |
| Plant photos | AI plant identification | Plant.id |
| Plant name searches | Enrich from Web feature | Wikipedia, Perenual |
| Mobile crash reports | Diagnose crashes in the mobile app | Sentry (stack traces only, no personal data) |
2. Third-Party Services
When you use certain features, data is sent to external services:
- Google Gemini — Processes your AI assistant queries to generate responses. Your query text is sent to Google's servers.
- Plant.id — Processes plant photos you submit for identification. Your images are sent to Plant.id's servers.
- Perenual — Receives plant name queries when using the "Enrich from Web" feature.
- Wikipedia — Receives plant name queries for reference data (public, open-data API).
- Weather API — Receives your ZIP code or coordinates for local weather data.
- Sentry — When the TilthIQ mobile app encounters a crash or unhandled error, a stack trace, device model, OS version, and app version are sent to Sentry so we can diagnose and fix the issue. We explicitly disable Sentry's optional PII collection (no email, no IP address in event bodies, no garden data). Breadcrumb capture is configured to suppress label text to avoid leaking plant names.
We do not sell your data to any third party. Data is only shared with the services above to provide the features you use.
2a. Device Permissions (Mobile App)
- Camera (
android.permission.CAMERA) — The TilthIQ Android app requests camera access to let you photograph plants for AI plant identification and to attach photos to your planting care log. The camera is only accessed when you tap a camera button in the app; we do not record video or continuously monitor the camera. Photos you capture are stored with your garden records and, when you use plant identification, sent to Plant.id as described above. - Internet (
android.permission.INTERNET,ACCESS_NETWORK_STATE) — Required to sync your garden data with the TilthIQ server and to use AI features.
You can revoke the camera permission at any time in your device's app settings. The camera-dependent features (plant identification, care-log photos) will be disabled but the rest of the app continues to work.
3. Analytics
When enabled, we use PostHog to collect anonymous usage analytics (page views, feature usage) to improve the app. We respect Do Not Track browser settings. Analytics data is associated with your account only if you are signed in, and is used solely to understand how features are used. We do not share analytics data with advertisers.
4. Data Storage and Security
- All data is stored in a PostgreSQL database on our servers.
- Passwords are stored using industry-standard one-way hashing (ASP.NET Core Identity).
- All connections use HTTPS encryption in transit.
- Account lockout is enforced after 5 failed login attempts.
5. Data Retention
- Your garden data is retained as long as your account is active.
- AI query logs are retained for service improvement and may be subject to a retention policy (currently 90 days planned).
- If you delete your account, all personal data is permanently removed (see section 7).
6. Your Rights
You have the right to:
- Access your data — all your garden data is visible in the app.
- Correct your data — edit your profile, plantings, and garden records at any time.
- Delete your data — use the Delete Account feature to permanently remove all your data.
- Export your data — print and download features are available for your garden plans and calendars.
- Withdraw consent — you can stop using any feature that shares data with third parties at any time.
If you are located in the European Union (GDPR) or California (CCPA), you have additional rights under those regulations. Contact us to exercise any data rights not available through the app.
7. Account Deletion
You can permanently delete your account and all associated data from Account → Delete Account. This action:
- Removes all gardens, plantings, seeds, tasks, photos, and crop plans.
- Removes all AI query history.
- Removes your user account and profile.
- Preserves any anonymous plant data contributions for the community (with no link to your identity).
Account deletion is permanent and cannot be undone.
8. Children's Privacy
TilthIQ is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us so we can remove it.
9. Changes to This Policy
We may update this policy from time to time. We will notify registered users of significant changes via email or an in-app notice. The "Last updated" date at the top reflects the most recent revision.
10. Contact
For privacy questions or data requests, contact us at:
Email: [email protected]