Privacy Policy for “GROWeR” App

Effective date: 24.07.2025

§ 1. General Provisions

  1. This Privacy Policy sets out the rules for processing and protecting Users’ personal data in connection with the use of the “GROWeR” mobile application (hereinafter: the “Application”).
  2. We care about your privacy and the security of your data. We process your personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter: “GDPR”).
  3. This document forms an integral part of the Application’s Terms of Service. By accepting the Terms, you also accept the provisions of this Policy.

§ 2. Data Controller

The controller of your personal data is Inspicon Bogusz Houszka, conducting business at: ul. Ślebodzińskiego 3/2, 54-703 Wrocław, NIP: 8981841498, REGON: 020252980.

For all matters related to the processing of your personal data, you can contact us by e-mail at: hello@getgrower.app.

§ 3. Scope, Purposes, and Legal Bases of Data Processing

We process your personal data for the following purposes:

  1. To provide services, i.e., to operate and maintain your Account in the Application:
    • Scope of data:
      • When you register with an e-mail address: e-mail address, password (stored in encrypted form).
      • When you register via Google or Facebook: first name, last name, e-mail address, unique user identifier (ID).
    • Purpose: To enable you to create and manage your Account, use the Application’s features, and send system and transactional notifications (e.g., about password changes) via the Supabase platform.
    • Legal basis: Art. 6(1)(b) GDPR – necessity for the performance of a contract for the provision of electronic services.
  2. For analytics and improving the Application (analytics):
    • Scope of data: In-app events (e.g., “add plant button clicked”, “tips screen viewed”, “time spent in the app”, “number of plants added”), device data, anonymized user identifier.
    • Purpose: To understand how Users use the Application, which allows us to fix bugs, develop new features, and improve the Application. We use Mixpanel for this purpose.
    • Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in developing and optimizing our services.
  3. For marketing communication (Newsletter):
    • Scope of data: E-mail address, first name.
    • Purpose: To send information about news, promotions, tips, or other marketing activities related to the Application. We use Mailerlite for this purpose.
    • Legal basis: Art. 6(1)(a) GDPR – your voluntary and informed consent, expressed by subscribing to the newsletter.
  4. To handle User contact (form / e-mail):
    • Scope of data: E-mail address and any other data you voluntarily include in your message (e.g., name, problem description, suggestions).
    • Purpose: To enable you to contact us via a dedicated form in the Application or by e-mail. We use your data to respond to your questions, resolve reported technical issues, consider suggestions for the development of the Application, or handle complaints. Correspondence may also be archived.
    • Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in ensuring communication with Users, improving our services, and defending against potential claims. If your request is strictly related to the performance of the contract (e.g., concerns a bug that prevents use of Account features), the legal basis may also be Art. 6(1)(b) GDPR (necessity for the performance of a contract).
  5. To send PUSH notifications:
    • Scope of data: Device token.
    • Purpose: To send reminders about care tasks for your plants.
    • Legal basis: Art. 6(1)(a) GDPR – your voluntary consent expressed in your device operating system settings.

§ 4. Your Rights under the GDPR

In connection with our processing of your data, you have the following rights:

  1. Right of access (Art. 15 GDPR) – you can request information about which of your data we process.
  2. Right to rectification (Art. 16 GDPR) – you can request the correction of data that is inaccurate or the completion of data that is incomplete.
  3. Right to erasure (“right to be forgotten”) (Art. 17 GDPR) – you can request deletion of your data if there is no longer a basis for processing it.
  4. Right to restriction of processing (Art. 18 GDPR) – you can request that we restrict processing of your data to storage only or to actions agreed with you.
  5. Right to object (Art. 21 GDPR) – you may object at any time to processing based on our legitimate interest (e.g., for analytics).
  6. Right to data portability (Art. 20 GDPR) – you have the right to receive your data from us in a structured, commonly used format if we process it based on a contract or your consent.
  7. Right to withdraw consent – if we process data based on your consent (e.g., for the newsletter or PUSH notifications), you may withdraw it at any time. This will not affect the lawfulness of processing carried out before the withdrawal.
  8. Right to lodge a complaint with a supervisory authority – if you believe we process your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw.

To exercise your rights, please contact us at: hello@getgrower.app.

§ 5. Data Recipients and Transfer to Third Countries

  1. Your personal data may be entrusted for processing to entities we cooperate with to provide services. These are our trusted partners who ensure an appropriate level of security.
  2. Recipients of your data include providers of the following tools:
    • Supabase (USA) – for database and authentication services.
    • Google (USA) – for Google account sign-in and analytics (Google Forms).
    • Facebook (Meta Platforms) (USA) – for Facebook account sign-in.
    • Mixpanel (USA) – for Application usage analytics.
    • Mailerlite (Lithuania/USA) – for newsletter management.
    • AirTable (USA) – for handling contact forms and submissions.
  3. Since most of our technology partners are based in the United States, your personal data is transferred outside the European Economic Area (EEA). We ensure that such transfers take place on the basis of Standard Contractual Clauses (SCC) approved by the European Commission, which provide an adequate level of data protection.

§ 6. Data Retention Period

  1. We store data related to your Account for the entire period during which you hold an Account in the Application. After the Account is deleted, your data will be permanently deleted or anonymized, except for data necessary for settlement purposes or for defending against potential claims, which we will store for the period required by law (usually up to 3 years).
  2. Data processed on the basis of consent (e.g., for marketing purposes) is stored until you withdraw your consent.
  3. Data processed on the basis of legitimate interest (e.g., analytics) is stored until you successfully object.

§ 7. Data Security

We apply appropriate technical and organizational measures to protect your personal data against loss, destruction, unauthorized access, or modification. These measures include, among others, encrypted connections, access control, and regular security testing.

§ 8. Changes to the Privacy Policy

  1. We reserve the right to make changes to this Privacy Policy if necessary due to changes in the law or the development of the Application.
  2. We will inform you of any changes in advance through a notification in the Application or by e-mail.
  3. The current version of the Privacy Policy is always available in the Application and on our website.

§ 9. Contact

If you have any questions or concerns regarding this Privacy Policy, please contact us at: hello@getgrower.app.