Privacy Policy — GardenSage
Last updated: March 18, 2026
GardenSage ("the App") is published by Sophie Durègne ("we"). This policy explains how we collect, use, and protect your personal data, in compliance with the General Data Protection Regulation (GDPR).
1. Data Controller
Sophie Durègne
Contact: gardensage.support@gmail.com
2. Data Collected
- Account: email address (authentication)
- Approximate location: city or region (manual entry or approximate geolocation, for climate-based recommendations)
- Garden profile: experience level, garden type, area, sunlight, soil type, goals
- Plants: plants added to your garden
- Tasks: planned and completed gardening tasks
- Flore conversations: exchanges with the Flore AI assistant (garden context only)
3. Purpose of Processing
- Personalization of plant and care recommendations
- Generation of tasks tailored to your garden and climate
- Operation of the Flore AI assistant (personalized advice)
- Synchronization of your data across devices
4. Legal Basis
The processing of your data is based on your consent (GDPR Article 6.1.a), granted when you create your account.
5. Storage and Security
Your data is stored on Supabase servers located in Frankfurt, Germany (EU). Communication is encrypted in transit (TLS) and access is protected by Row Level Security policies.
Data is also stored locally on your device (offline mode) via SwiftData.
6. Data Retention
- Your data remains active as long as your account exists.
- Deleted data is first marked as deleted (soft delete), then permanently purged after 30 days.
- When you delete your account, all your data is permanently removed.
7. Use of Artificial Intelligence
The App includes an assistant called Flore, which uses a generative AI model (Claude, developed by Anthropic) to provide personalized gardening advice.
- No directly identifying personal data (email, name) is sent to the model. Only anonymized garden context is used (garden type, plants, climate region).
- Your conversations with Flore are not used to train the AI model.
- Processing is performed through server functions (Supabase Edge Functions) that act as intermediaries.
8. Sub-processors
- Supabase Inc. — hosting, database, authentication (EU servers, Frankfurt)
- Anthropic PBC — AI model for the Flore assistant (no identifying personal data transmitted)
- Apple Inc. — crash reports (MetricKit), push notifications (APNs)
9. Your Rights
Under the GDPR, you have the following rights:
- Access: obtain a copy of your data
- Rectification: correct inaccurate data
- Erasure: request deletion of your account and data
- Portability: receive your data in a structured format
- Objection: object to the processing of your data
To exercise your rights, contact us at: gardensage.support@gmail.com
You can also delete your account directly from the app (Profile > Delete my account).
10. Contact
For any questions about this policy or your data: gardensage.support@gmail.com
© 2026 GardenSage — Sophie Durègne