Free worldwide shipping on all orders above 50€

30-day money-back guarantee

2-year warranty included

Work in Progress: Pre-orders have not yet started.

Privacy Policy for Tech10 UG (PlantCam App and Website)

Last updated: April 14, 2025.

Introduction and Scope

Welcome to Tech10 UG (haftungsbeschränkt) ("Tech10", "we", "us" or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application "PlantCam" (available on iOS and Android) and our PlantCam website and online shop (collectively, the "Services"). It also outlines your rights under the EU General Data Protection Regulation (GDPR) and how you can exercise them.

Scope: This Privacy Policy applies to all users of the PlantCam mobile app and the PlantCam website (including any e-commerce features). By using our Services, you acknowledge that your personal data will be processed as described in this Policy. If you do not agree with any part of this Policy, please refrain from using the Services.

Data Controller and Contact Information

The responsible entity (Data Controller) for processing your personal data is:

Tech10 UG (haftungsbeschränkt)

Mailänder Platz 11, 70173 Stuttgart, Germany

Email: [email protected]

Managing Director: Yannik Simon

If you have any questions or concerns about this Privacy Policy or about how your data is handled, you may contact us at the above postal address or via email. We take data protection seriously and will respond to your inquiries promptly.

What Data We Collect

We collect and process various types of personal data from you when you use our app and website. We limit our data collection to what is necessary for the purposes set out in this Policy. The categories of data we collect include:

Account and Profile Data: When you create an account or make a purchase, we collect personal identifiers such as your name, email address, and username. We also collect a password (stored in hashed form for security) to secure your account. These details are necessary to register and manage your user account and to enable core features of our Services.
Order and Shipping Information: If you purchase a PlantCam device or other products through our online shop, we collect additional information to process the order. This includes your billing and shipping address, and (if needed for delivery) your contact phone number. We use this information to fulfill your orders and arrange shipment via our delivery partners (e.g. DHL). Payment details (such as credit card numbers) are not collected or stored by Tech10 directly; all payments are handled securely by our payment processor (Stripe) as described below.
Device and Usage Data: When you use the PlantCam app or website, we gather certain technical and usage information. This includes:
- Device Identifiers: a unique identification number of your PlantCam device (ESP32 hardware) and your mobile device identifiers. The ESP32 ID is used to link your physical camera device to your account so that you can control it through the app.
- App Usage Data: We track in-app user interactions and events (such as feature usage, button clicks, and navigation flows) via Firebase Analytics. Similarly, on our website we collect analytics on page views and interactions via Plausible Analytics. These usage logs help us understand how the Services are used and improve functionality. All analytics data is collected in an aggregated or pseudonymized form without directly identifying you (see Analytics section below for details).
App Permissions and Sensor Data: The PlantCam mobile app may request access to certain features of your smartphone, which can involve personal data:
- Location Data: With your permission, the app may access your device’s geolocation. This is used, for example, to assist in connecting to your PlantCam device via Bluetooth/Wi-Fi and to allow location-based functionalities (such as tagging where your camera is installed). Location access is optional and you can choose whether to grant the app this permission. We do not track your location in the background when the app is not in use.
- Photos/Media Library: The app may request access to your photo gallery or media library. This is used solely for saving the time-lapse videos or images captured by your PlantCam to your device. We will not access or upload your personal photos; the permission is only to export and save content you create with the app.
- Bluetooth and Wi-Fi: The app will request access to your device’s Bluetooth and Wi-Fi settings in order to discover and connect to the PlantCam camera hardware. This technical access is required to pair the app with the camera and stream data. We do not collect or store any data about your Wi-Fi networks or Bluetooth devices except what is needed momentarily to connect to your PlantCam.
- Notifications (optional): If you agree to receive push notifications (see Push Notifications below), the app will collect a device token to send notifications to your phone. No other personal data is collected for notifications.
Photos and Videos from PlantCam: The primary function of PlantCam is to capture images and create time-lapse videos of your plants. These photos and videos may be uploaded from your PlantCam device to our servers so that you can view them in the app and website. Any such media is stored securely on our servers (hosted in Germany) and associated with your account. You maintain ownership of this content. We do not use your photos or videos for any purpose other than providing the service to you (e.g., displaying back to you, and enabling you to create time-lapse compilations).
Communications Data: If you contact us (for example, via email at [email protected] or via a contact form or support chat), we will collect and store the information you provide. This may include your name, email address, and the contents of your message or inquiry. We use this data to respond to your requests, provide customer support, and improve our services based on feedback.

We do not collect any sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data. We also do not intentionally collect any data from children under 16 (see Children’s Privacy below).

How We Use Your Data and Legal Basis for Processing

We process your personal data only for specific purposes and in accordance with the GDPR. In this section we explain why we process your data (purposes) and the legal bases that allow us to do so. Tech10 UG will only use your information when one or more of the following legal bases apply:

Providing and Improving Our Services: We use your data to create and manage your user account, authenticate you, and provide the core functionality of the PlantCam app and website (Art. 6(1)(b) GDPR – performance of a contract). This includes allowing you to view live feeds or images from your PlantCam device, create time-lapse videos, and manage your profile. We also use usage and device data to monitor performance, fix bugs, and improve the quality and design of our app/website (our legitimate interest in providing a reliable and evolving service, Art. 6(1)(f) GDPR).
Processing Orders and Payments: If you purchase a PlantCam or other products from our online shop, we use your personal data to process the transaction and deliver your order. This includes using your name and address for shipping, and your email or phone to send order confirmations or delivery updates. The legal basis is performance of a contract (Art. 6(1)(b) GDPR) as this processing is necessary to fulfill your purchase. Payment information is handled by Stripe on our behalf; we do not see or store your full payment card details, but we receive confirmation of payment to complete the order.
Shipping and Delivery: We share necessary information with our shipping partner (e.g., DHL) to deliver physical products you ordered. This includes your name and delivery address, and possibly your phone or email for delivery notifications. The legal basis is again contract performance (Art. 6(1)(b) GDPR), as we must provide this data to ship your order.
Analytics and Usage Tracking: We analyze how users interact with our app and website to better understand usage patterns and improve our Services. For the mobile app, we use Google Firebase Analytics to collect in-app events and usage statistics. For the website, we use Plausible Analytics to collect anonymized visitor data (without cookies). We perform analytics only in a privacy-friendly manner:
- Plausible Analytics does not use cookies or collect personally identifying information; it simply provides aggregate insights (e.g., page visit counts, approximate geolocation by region, device types). We rely on our legitimate interests (Art. 6(1)(f) GDPR) to process these minimal analytics for improving our website, as this does not infringe on users’ privacy rights (no tracking profiles or ads).
- Firebase Analytics for the app may collect data such as device information, app version, usage frequency, and in some cases coarse location or interests (depending on configuration). This helps us troubleshoot issues like app crashes and understand what features are most used. Important: Where required by law (for example, on iOS devices for any tracking beyond app analytics), we will seek your consent. By default, Firebase Analytics data is largely aggregated. We do not use it to identify you individually, and we do not combine it with other personal data. The legal basis for app analytics is our legitimate interest in improving our app (Art. 6(1)(f) GDPR). If in the future we enable more detailed tracking or advertising features, we will implement a consent mechanism in compliance with GDPR and platform requirements (see Future Changes below).
Customer Support and Communications: If you reach out to us with questions, feedback or support requests, we will use your contact data and message to respond to you (Art. 6(1)(b) GDPR, performance of contract or steps prior to a contract when you ask for information; alternatively Art. 6(1)(f) GDPR, our legitimate interest in providing good customer service). We may also inform you of important service or account updates (for example, changes to terms or privacy policy, security alerts, or feature updates relevant to your use of PlantCam). These service-related communications are not promotional in nature and are sent as part of our contract obligations or legitimate interests to keep you informed.
Legal Compliance and Protection: We may process and retain some data to comply with legal obligations (Art. 6(1)(c) GDPR). For instance, we keep invoice records for the legally required retention period (e.g., tax and accounting rules in Germany require keeping transaction records for up to 10 years). Additionally, we may process personal data if necessary to establish, exercise or defend legal claims, or to prevent fraud or misuse of our Services (Art. 6(1)(f) GDPR, legitimate interests in protecting our business).
Marketing and Newsletters (Future Use): Currently, Tech10 does not send any newsletters or marketing emails. We will not use your data to send you promotional content unless you have explicitly opted-in. In the future, if we introduce a newsletter or promotional communications, we will only send such emails if you have given explicit consent (Art. 6(1)(a) GDPR). For example, we may add a checkbox during account registration or checkout for you to subscribe to a newsletter. You can withdraw your consent at any time, and we will provide an easy opt-out (unsubscribe link) in any marketing email. If you do not subscribe, you will not receive marketing messages from us.
No Profiling or Automated Decision-Making: We do not use your personal data for any kind of automated decision-making or profiling that produces legal effects or similarly significant effects on you (as defined in Art. 22 GDPR). In other words, we do not conduct any automated evaluations of personal aspects (e.g. no credit scoring, no automated hiring decisions, etc.) with the data you provide.

Cookies and Tracking Technologies

Website Cookies: Our PlantCam website is designed to be privacy-friendly. Currently, we do not use any cookies on our website except for essential cookies that may be required for the site to function (for example, if you log into an account or add items to a shopping cart, a temporary session identifier might be used, but no tracking cookies are set). Because we use Plausible Analytics which operates without cookies, you will notice we do not present a cookie consent banner at this time – since we are not storing marketing or analytics cookies on your browser. If in the future we introduce new cookies or tracking tools (such as Google Analytics or cookies for a future marketing tool), we will update this Policy and, if required, obtain your consent through a cookie banner or similar mechanism before activating such cookies.
Analytics Tools: As mentioned, the website uses Plausible Analytics (a GDPR-compliant analytics tool) which does not use cookies or store personal data. It collects only aggregate usage data. The mobile app uses Firebase Analytics to gather app usage data. These tools help us understand user engagement without identifying individuals. No advertising or third-party tracking cookies are used in our app or on the website. For more information on these tools:
- Plausible Analytics: operates by counting page views and other metrics in an anonymized way. No personal profiles are built and nothing is shared with third-party advertisers.
- Firebase Analytics: is a service provided by Google. While it can collect device identifiers or advertising IDs, we have configured it for basic app analytics. If you have enabled the “Limit Ad Tracking” or similar setting on your device, Firebase respects that choice. iOS users will not be tracked beyond necessary analytics unless they consent to tracking (in accordance with Apple’s App Tracking Transparency framework).
Do-Not-Track Signals: Our website honors browsers' "Do Not Track" signals appropriately. Given that we do not perform cross-site tracking, the effect of a DNT signal is that aside from the minimal analytics mentioned, no tracking cookies are placed.

Disclosure of Personal Data to Third Parties

We treat your personal data with care and do not sell your information to anyone. However, we do share data with certain trusted third parties in order to run our business and provide our Services to you. Whenever we share data, we ensure it is done securely and only to the extent necessary. The categories of recipients include:

Service Hosting (Hetzner): Our application servers and databases are hosted on Hetzner Online GmbH data centers in Germany. All data, including account information and media (photos/videos) you store via PlantCam, are kept on servers located in Germany. We have a Data Processing Agreement with Hetzner, ensuring they protect your data under strict European data protection standards. Hetzner acts under our instructions and does not access or use your data except to the extent needed to maintain the hosting environment.
Payment Processing (Stripe): For online payments in our shop, we rely on Stripe as an external payment processor. When you enter payment details (such as credit card information) during checkout, that information is transmitted directly to Stripe. Stripe may process your payment data (e.g., card number, payment amount, billing name) to authorize and complete the transaction. We receive a confirmation from Stripe that payment was successful. Stripe may also store your payment method for future purchases if you choose (e.g., card tokenization). Stripe is a service provided by Stripe Payments Europe, Ltd. (Ireland) for EU customers, but it may involve transfers to Stripe, Inc. in the USA (see International Data Transfers below). Stripe is PCI-DSS compliant and has its own privacy policy. We recommend reviewing Stripe’s Privacy Policy for details on their data practices. Tech10 does not store or have access to your full card details; we only keep basic transaction records (date, amount, last4 digits of card, etc.) for reference and legal compliance.
Shipping and Logistics (DHL): If your purchase includes physical product delivery, we will share the necessary shipping information with our logistics partners such as DHL (Deutsche Post AG) or alternative courier services. This typically includes your name and delivery address, and possibly your contact phone/email for tracking updates. The courier will use this information solely to deliver your package and may contact you regarding delivery. They are independently responsible for compliance with data protection laws in their operations.
Analytics and Crash Reporting (Google Firebase): Our mobile app integrates certain Google Firebase services, including Firebase Analytics and possibly Firebase Crashlytics (for crash reports). These services are provided by Google Ireland Ltd. (Ireland) and Google LLC (USA). Firebase Analytics will receive some device information and usage events from the app (as described earlier). Firebase Crashlytics, if enabled, would collect crash logs and device details at the time of a crash to help us diagnose issues. This information may be sent to Google’s servers. We have a data processing agreement with Firebase/Google, and where data is transferred outside the EU, Standard Contractual Clauses are in place (see International Data Transfers). Google will not use this data for any purpose other than providing the analytics/crash services to us. No Firebase Analytics data is shared with other Google services unless you separately consent (e.g., we do not currently link Firebase Analytics with Google Ads or similar).
Website Analytics (Plausible): As noted, our website uses Plausible Analytics, a service provided by Plausible Insights OÜ, an EU-based company (Estonia). The data collected about website usage (page views, etc.) is stored on servers in the EU. Plausible does not collect personal identifiers. We have ensured via our agreement with Plausible that no personal data is shared in the analytics process.
Email and Communication Tools: If we send emails (for account verification, transactional emails, or future newsletter), we may use an email delivery service (for example, an SMTP relay or email service provider) to send those messages. Such a provider would process your email address and the email content on our behalf. We will ensure any such provider is GDPR-compliant and, if outside the EU, protected by proper safeguards. (Currently, transactional emails are handled by our own server or by our hosting environment, and we do not have an external email processor for bulk email.)
Law Enforcement or Legal Requirements: In certain rare circumstances, we may need to disclose personal data in response to valid legal requests, such as subpoenas, court orders, or to comply with applicable laws. We will only do so to the extent required by law. Additionally, if it’s necessary to share information in order to investigate or remedy fraud, security issues, or violations of our Terms of Service, we may do so to protect our users, our company, or the public (legal basis: compliance with legal obligations or legitimate interest in safeguarding rights).

Other than the parties mentioned above, your personal data will not be transferred to third parties unless you have been informed and, where required, consented. Whenever we engage third-party processors, we do so under a contract that binds them to strict data protection obligations in line with Article 28 GDPR.

International Data Transfers

Tech10 is based in Germany and we primarily store and process data within Germany (and broadly within the European Union/European Economic Area). However, some of our service providers are located outside the EU/EEA, which means your personal data may be transferred to or accessed from a country outside the EU. In particular:

Stripe and Google (Firebase) may process data in the United States. The U.S. currently does not have an EU adequacy decision, which means the data protection laws in the U.S. are not deemed equivalent to EU standards.
Plausible Analytics and Hetzner process data within the EU (no international transfer for those services).

Whenever we transfer personal data out of the EU/EEA, we take steps to ensure that an equivalent level of data protection is maintained. Our safeguards for international transfers include:

Standard Contractual Clauses (SCCs): We have entered into EU Standard Contractual Clauses or rely on such clauses embedded in our service providers’ terms (for example, Google and Stripe include SCCs in their data processing addendums). These clauses are legal contracts approved by the European Commission that require the recipient to protect EU personal data according to GDPR standards.
Additional Measures: Where appropriate, we implement additional technical and organizational measures, such as data encryption in transit and at rest, pseudonymization of data, and limiting what data is transferred to what is necessary.
Service Provider Commitments: Our providers like Stripe and Google have publicly committed to complying with GDPR and have robust security measures in place. We carefully select these providers and review their privacy and security practices.

If you would like more information about our international data transfer safeguards, you can contact us (see Contact Information above). Despite any transfers, your personal data will always be afforded a level of protection that meets the requirements of GDPR.

Data Retention and Deletion

We will not retain your personal data for longer than is necessary for the purposes for which it is processed, unless a longer retention period is required or permitted by law. In general:

Account Data: If you have a PlantCam account, we retain your account information and content for as long as your account is active. You have the option to delete your account at any time (either through an account settings option in the app/website or by contacting us with a deletion request). Upon deletion of your account, we will promptly erase or anonymize the personal data associated with your account, including your profile information and any PlantCam photos/videos stored on our servers. Account deletion is irreversible – once completed, your data (including any media) cannot be recovered. We may retain log records of the deletion request itself for a short period to maintain a record of compliance.
Order and Transaction Data: Purchase history and invoice data will be retained for the period necessary to fulfill the contract and thereafter as required by commercial and tax law. In Germany, this is generally 6 to 10 years after the end of the year in which the transaction took place, to comply with Section 147 of the German Fiscal Code (AO) and related laws. We restrict access to this data after your order is completed, using it only if needed for audits or legal obligations.
Analytics Data: Analytics information collected via Plausible is stored in aggregate form without personal identifiers; it may be kept indefinitely for trend analysis. Firebase Analytics data is retained as per Google’s standard retention (which is typically 14 months by default for user-level data, though we do not store user identifiers). We mainly review aggregated analytics which do not have a fixed retention limit. If you object to analytics tracking, see below on your rights – we will honor any valid opt-out or deletion requests for data that is personally identifiable.
Logs and Device Data: Server logs (which may include IP addresses when you access the website or app) are kept for security and troubleshooting purposes. These logs are usually rotated and deleted within a short timeframe, typically 30 days, unless an issue is being investigated. Crash reports from Crashlytics (if any) are kept to fix bugs, and generally contain no personal data beyond device and stack trace; these may be retained until the issue is resolved.
Communications: If you contacted support or customer service, we may retain that correspondence and our response for a period of time that allows us to effectively manage our relationship (for example, if you have ongoing issues or queries). This is typically up to 2 years after the last interaction, unless a longer period is needed for legal reasons (e.g., evidence in a dispute).
Backups: Our systems may create backup copies of data for resilience. These backups are kept securely and are subject to scheduled deletion. There may be a short lag (a few days) between account deletion and complete removal from all backup systems, but during that time the data is not accessible for routine business use.

Once the retention period expires, we will either securely delete or anonymize your personal data. Anonymized data (which is not identifiable to you) may be retained for statistical purposes without further notice to you.

Your Rights Under GDPR

As a user of our Services and as a data subject under the GDPR, you have certain rights regarding your personal data. We are committed to honoring these rights. You may exercise these rights at any time by contacting us at [email protected]. These rights include:

Right of Access: You have the right to obtain confirmation whether we are processing personal data about you, and if so, request a copy of the personal data we hold about you, along with supplementary information (e.g. the purposes of processing, categories of data, etc.). We will provide this in a concise and transparent manner, typically within one month of your request.
Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay. You can also update basic account information (like your username or email) by logging into your PlantCam account settings.
Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data. This includes the ability to delete your entire account and all data associated with it. As noted, you can trigger this via the app/website or by contacting us. We will then erase your data (except for data we are required to retain for legal compliance). Once completed, your account data and content (photos, videos) will be permanently removed from our systems. We will also instruct any processors (like third-party services) to delete your data from their systems where applicable.
Right to Restrict Processing: In certain circumstances (for example, if you contest the accuracy of your data or object to our processing), you can request that we restrict the processing of your data. This means we would mark the data to be used only for certain limited purposes (such as to exercise or defend legal claims or to store it in a way that it’s not actively processed). If you request this, we will still store your data but not use it until the issue is resolved.
Right to Data Portability: You have the right to receive the personal data you have provided to us in a commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible. For example, you can ask us for a copy of the data you provided upon registration. (Note: This right applies to data processed by automated means on the basis of consent or contract. In our case, most data is under contract basis, so it is applicable to things like your account info and possibly your PlantCam media).
Right to Object: You have the right to object to certain types of processing of your data at any time, on grounds relating to your particular situation. For instance, if we process your data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you can object to that processing. If you object, we will stop processing the data unless we have compelling legitimate grounds to continue or if it is needed for legal claims. Specifically, you have the right to object to any direct marketing use of your data (though we currently do not do this). If in the future we send marketing, you can opt-out at any time and we will cease such use.
Right to Withdraw Consent: In cases where we rely on your consent for processing (e.g., if in the future we ask for consent for Google Analytics tracking, or for sending a newsletter or push notifications), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. You can manage your preferences (for example, turning off certain analytics, unsubscribing from a newsletter, or disabling push notifications) through the provided channels (app settings, unsubscribe link, device settings) or by contacting us for assistance.
Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or GDPR requirements, you have the right to lodge a complaint with a supervisory data protection authority. You may do this in the EU member state where you reside, where you work, or where the alleged infringement occurred. For example, our lead supervisory authority in Germany is the Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg (Office of the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg), which can be contacted at Lautenschlagerstraße 20, 70173 Stuttgart, Germany. Alternatively, you can contact any other data protection authority of your choice. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please feel free to contact us with any issue.

We will not discriminate against you for exercising any of these rights. Please note, for security reasons, we may need to verify your identity before fulfilling certain requests (especially for access, deletion, or portability) to ensure that we do not disclose data to an unauthorized person.

Security Measures

We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. These measures include:

Encryption: All communication between your app or browser and our servers is encrypted using HTTPS/TLS. This means data transmitted to us is protected in transit. Sensitive data (like passwords) is additionally encrypted or hashed in our database.
Access Controls: Personal data is accessible only by authorized personnel who need access to perform their duties (principle of least privilege). Our staff are bound by confidentiality obligations.
Hosting Security: Our servers at Hetzner are located in secure facilities with strong physical and network security. We keep software and infrastructure updated to protect against vulnerabilities. Regular backups are performed to prevent data loss.
Monitoring: We monitor for potential security breaches and have procedures in place to respond to incidents. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

While we strive to protect your information, no system can be 100% secure. You also play a role in keeping your data safe. We advise you to use a strong unique password for your PlantCam account and keep your login credentials confidential. If you suspect any unauthorized access to your account, please notify us immediately.

Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16. If you are under 16, please do not use the app or website or provide any personal information. If we learn that we have inadvertently collected data of a child under 16, we will promptly delete such data. If you are a parent or guardian and believe we might have information about a child under 16, please contact us so we can address it.

Push Notifications (Planned Feature)

This section applies if and when push notifications are implemented in the PlantCam app. In the future, we plan to introduce push notification functionality to enhance the user experience (for example, to alert you when your PlantCam has captured a new time-lapse or to send important alerts related to your device or account).

If you choose to enable push notifications, the app will register your device with a push notification service (such as Apple Push Notification service for iOS devices and Firebase Cloud Messaging for Android). This involves the collection of a device token or identifier, which is a unique code generated by Apple or Google to route push messages to your specific device. The only purpose of this token is to send you notifications; it does not reveal your identity to us.

Your Consent: The app will ask for your permission to send push notifications. You can decline or skip this, and still use the app (you will simply not receive real-time alerts). If you grant permission, you can later opt out or adjust notifications at any time via your device settings or app preferences. For example, you can disable notifications completely or only allow certain types (depending on functionality we provide).

Use of Notifications: We will send push notifications for service-related purposes, such as:

Alerts about your PlantCam device status (e.g., camera disconnected, new images ready to view).
Reminders or tips about app features.
(If in the future we send marketing via push): We will not send promotional content via push notifications without your explicit consent. Any optional promotional notifications would be clearly presented for opt-in within the app settings.

Data Handling: Aside from the device push token and perhaps the type of device, we do not collect additional personal data for notifications. Push messages are delivered through the platform providers (Apple or Google). Standard data protection applies as per those services’ terms (Apple and Google may process the push data under their privacy policies, but the content of push messages we send typically contains no personal information beyond maybe your username or device name for context). By enabling push notifications, you agree to the processing of this information. If you disable push notifications, the related data (device token) may be deleted or become inactive, and you will no longer receive notifications.

Google Analytics (Future Use)

As of now, we do not use Google Analytics on the PlantCam website. However, we include this notice in anticipation of potential future use. Google Analytics is a popular web analytics service provided by Google that uses cookies or similar technologies to collect information about website visitors, such as IP address, browser type, pages visited, and time spent on the site. The data collected can be used to analyze how users use the site and to improve website functionality and content.

If we decide to implement Google Analytics in the future, we will do so in a GDPR-compliant manner:

Consent: We will update our cookie settings to request your consent before activating Google Analytics cookies. Without your opt-in, Google Analytics will remain inactive. You will have the choice to allow or decline such tracking when you visit our site.
Data Anonymization: We would enable IP anonymization so that Google truncates/anonymizes the last octet of your IP address within the EU, meaning that the full IP is not stored on Google’s servers.
Data Sharing: The information generated by the Google Analytics cookie about your use of the website would be transmitted to and stored by Google on servers which may be in the United States. Google will use this information on our behalf to evaluate use of the website, compile reports on website activity, and provide other services relating to website usage. We would not allow Google to use or share our analytics data for their own purposes (such as advertising) – features like Google Signals or Advertising Features would remain disabled unless explicitly described and consented to.
Safeguards: As with any international transfer, we would rely on Standard Contractual Clauses and Google’s commitments as a processor to protect the data (see International Data Transfers above). Google is certified under frameworks like the EU-U.S. Data Privacy Framework (if applicable in the future) or otherwise uses SCCs.
Opt-Out: Even after consenting, you would retain the ability to opt-out of Google Analytics at any time. We would provide a method, such as a link to manage cookie preferences on our site or honor “Do Not Track” signals to disable Google Analytics. Additionally, Google provides a browser add-on to opt-out of Google Analytics tracking which you could use as an extra measure.

Any future use of Google Analytics will be reflected in an updated version of this Privacy Policy. We will always inform users of new data processing activities and obtain necessary consents.

Future Updates and Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features we introduce. If we make material changes, we will notify you by email (if you have an account, to the registered address) or by prominently posting a notice on our website or within the app. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. The "last updated" date at the bottom of this Policy indicates when the latest changes were made. Your continued use of the Services after any update constitutes your acknowledgment of the changes and agreement to the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:

Tech10 UG (haftungsbeschränkt)

Mailänder Platz 11

70173 Stuttgart, Germany

Email: [email protected]

We will address your inquiry as soon as possible and in any case within the timeframe required by law. For security and privacy reasons, we may need to verify your identity before executing certain requests (such as data access or deletion).

Supervisory Authority Contact: In addition to contacting us, you have the right to reach out to the relevant data protection supervisory authority. Our lead authority is the State Data Protection Commissioner in Baden-Württemberg, Germany (Lautenschlagerstraße 20, 70173 Stuttgart, Germany, phone: +49 711 615541-0, email: [email protected]). You can find a list of data protection authorities in the EU on the European Data Protection Board’s website for other jurisdictions.