Privacy Policy
Last updated: 16 May 2026
This Privacy Policy explains how DO IT analytics ("we", "us") collects, uses, and protects your personal data when you use the PlantAlarm mobile application and the website at plantalarm.eu (together, the "Service").
We process personal data in line with the EU General Data Protection Regulation (GDPR) and Dutch privacy law.
1. Who is responsible
The data controller is:
- DO IT analytics, registered in the Netherlands
- Chamber of Commerce (KvK): 70550980
- VAT (BTW) number available on request
- Email: hello@plantalarm.eu
The registered business address is publicly available via the Dutch Chamber of Commerce register at kvk.nl under KvK 70550980.
2. What data we collect and why
| Category | Examples | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|---|
| Account data | Email address and account identifier received from Google when you sign in with Google | Create and authenticate your account | Performance of contract (Art. 6(1)(b)) |
| Plant data | Plant names, watering schedules, notes you enter | Provide the core app functionality | Performance of contract (Art. 6(1)(b)) |
| Plant photos | Photos you take or upload for plant identification and for your plant records | Stored in our Supabase storage (EU region) so you can see them in the app. Also transmitted to the PlantNet API to identify the plant. | Performance of contract (Art. 6(1)(b)) |
| Notification preferences | Watering reminder times stored on your device | Local notifications (no server involvement) | Performance of contract (Art. 6(1)(b)) |
| Technical / diagnostic data | Device type, OS version, app version, error logs | Keep the Service stable and secure | Legitimate interest (Art. 6(1)(f)) |
We do not use advertising trackers, do not profile you for cross-app advertising, and do not sell personal data.
3. Who we share data with
We use a small number of trusted processors to operate the Service. Each is bound by a Data Processing Agreement (DPA) where applicable.
- Google LLC — Sign-in with Google (we receive only the email and Google account identifier). See Google's Privacy Policy.
- Supabase Inc. — Authentication, database, file storage, and backend functions. Our Supabase project is hosted in the European Union. See Supabase Privacy Policy.
- PlantNet (Cirad / Inria / Inra / IRD, France) — Plant identification API. Photos are transmitted for the purpose of returning a species match. See PlantNet Privacy Policy.
- Bunny.net — Static hosting for plantalarm.eu. Standard web server logs only.
4. How long we keep your data
- Account, plant data, and plant photos in Supabase storage: until you delete your account or delete the individual item from within the app.
- Copies of plant photos sent to the PlantNet API: governed by PlantNet's own policy (see Section 3).
- Diagnostic logs: up to 30 days, then deleted or anonymised.
5. Your rights under GDPR
You have the right to:
- access your personal data (Art. 15);
- have inaccurate data corrected (Art. 16);
- have your data erased (Art. 17) — see also our account deletion page;
- restrict processing (Art. 18);
- receive your data in a portable format (Art. 20);
- object to processing based on legitimate interest (Art. 21);
- withdraw any consent at any time, without affecting prior lawful processing.
To exercise any of these rights, email hello@plantalarm.eu. We respond within 30 days.
You can also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) — autoriteitpersoonsgegevens.nl.
6. Children
PlantAlarm is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
7. Security
We rely on industry-standard transport encryption (HTTPS / TLS) and on the security controls of our processors. No system is perfectly secure; if you suspect unauthorised access to your account, contact us immediately.
8. International transfers
Your account data, plant data, and plant photos are stored in the European Union (Supabase EU region). Some of our processors — notably Google (Sign-In) — may transfer limited data outside the European Economic Area. Where that is the case, we rely on European Commission adequacy decisions or on Standard Contractual Clauses to protect your data.
9. Changes to this policy
If we make material changes, we will notify you in the app and update the "Last updated" date above. Continued use of the Service after such changes means you accept the updated policy.
10. Contact
For any privacy question: hello@plantalarm.eu.