Privacy Policy

Last updated: January 6, 2026

1. Introduction

Welcome to Bonsai Buddy. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform.

Our Privacy Commitment:

We do not sell or share your personal data with third parties for marketing purposes. Your bonsai collection, photos, and personal information are yours alone.

2. Information We Collect

2.1 Information You Provide

When you create an account and use Bonsai Buddy, we collect:

  • Account Information: Name, email address, and password (encrypted)
  • Profile Information: Optional profile photo/avatar
  • Bonsai Data: Specimen names, species, age, health status, care notes, and photos you upload
  • User-Generated Content: Posts, comments, and other content you create on the platform
  • Interaction Data: Likes, subscriptions to specimens, and other engagement activities

2.2 Automatically Collected Information

When you use our platform, we automatically collect:

  • Usage Data: Pages visited, features used, and time spent on the platform (via Vercel Analytics)
  • Device Information: Browser type, operating system, and device type
  • Log Data: IP address, access times, and referring URLs

2.3 Cookies and Similar Technologies

We use cookies and similar technologies to maintain your session and improve your experience:

  • Authentication Cookies: Supabase Auth session cookies to keep you logged in
  • Analytics Cookies: Vercel Analytics to understand how users interact with our platform
  • Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings, but disabling certain cookies may affect platform functionality.

3. How We Use Your Information

We use your information for the following purposes:

  • Provide Services: To operate and maintain your account and bonsai collection
  • Community Features: To display your shared content to other users (posts, public specimens)
  • Communication: To send you important updates about the platform or respond to your inquiries
  • Improvement: To analyze usage patterns and improve our platform's features and performance
  • Security: To protect against unauthorized access, fraud, and abuse
  • Legal Compliance: To comply with applicable laws and regulations

We will never: Sell your data, use your photos for advertising without permission, or share your personal information with third parties for their marketing purposes.

4. How We Share Your Information

4.1 Within the Platform

When you choose to share content publicly on Bonsai Buddy (posts, community updates), that information is visible to other users of the platform. Your private collection data remains private unless you explicitly share it.

4.2 Third-Party Service Providers

We use the following trusted third-party services to operate our platform:

  • Supabase: Provides our database, authentication, and file storage infrastructure. Supabase may access your data to provide these services. View their privacy policy at supabase.com/privacy
  • Vercel Analytics: Provides privacy-friendly analytics to help us understand platform usage. No personal data is shared. View their privacy policy at vercel.com/legal/privacy-policy

These service providers are contractually obligated to protect your data and use it only for providing their services to us.

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or governmental request, or to protect the rights, property, or safety of Bonsai Buddy, our users, or others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Data Storage and Security

5.1 Data Storage

Your data is stored securely using Supabase's infrastructure, which uses industry-standard security practices. Data is stored in secure data centers with encryption at rest and in transit.

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Passwords are encrypted using industry-standard hashing algorithms
  • All data transmission uses HTTPS/SSL encryption
  • Access to user data is restricted to authorized systems only
  • Regular security updates and monitoring

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but take all reasonable precautions.

6. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide you services.

Account Deletion: You may delete your account at any time through your profile settings. Upon deletion, your personal data, bonsai collection, and user-generated content will be immediately deleted from our active database. Some data may persist in backup systems for a short period for technical reasons, but will not be accessible or used.

We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

7. Your Privacy Rights

You have the following rights regarding your personal data:

7.1 General Rights

  • Access: Request access to your personal data
  • Correction: Update or correct inaccurate information through your profile settings
  • Deletion: Delete your account and associated data at any time
  • Export: Request a copy of your data in a portable format
  • Objection: Object to certain data processing activities

7.2 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Restriction: Request restriction of processing of your data
  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on your consent, performance of our contract with you, and our legitimate interests in providing and improving our services.

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about what personal data we collect, use, and share
  • Right to Delete: Request deletion of your personal data (with certain exceptions)
  • Right to Opt-Out: Opt-out of the sale of personal data (we do not sell personal data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights

To exercise any of these rights, please contact us at henderson.develop@gmail.com. We will respond to your request within 30 days (or as required by applicable law).

8. Children's Privacy

Bonsai Buddy is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will delete the information.

Users between 13 and 18 should obtain parental consent before using the platform.

9. International Data Transfers

Bonsai Buddy is operated in the United States. If you are accessing the platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.

By using Bonsai Buddy, you consent to the transfer of your information to the United States. We take appropriate safeguards to protect your data in accordance with this Privacy Policy and applicable laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The "Last updated" date at the top indicates when the policy was last revised.

For material changes, we will provide notice through the platform or via email. We encourage you to review this Privacy Policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Do Not Track Signals

Some web browsers have a "Do Not Track" feature. Currently, there is no industry standard for how to respond to these signals. At this time, Bonsai Buddy does not respond to Do Not Track browser settings.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: henderson.develop@gmail.com

Project: Bonsai Buddy

We will respond to all requests within 30 days or as required by applicable law.

Your privacy matters to us. We are committed to transparency in how we handle your data and to protecting your rights. Thank you for trusting Bonsai Buddy with your bonsai journey!