GrowyearGrowyear

Privacy Policy

Learn how GrowYear collects, uses, and protects your personal data in compliance with UK GDPR.

Last updated: November 2025

This Privacy Policy describes how GrowYear (“we”, “our”, “us”) collects, uses, and protects your personal information when you use our website and services.

We are committed to protecting your privacy and handling your data responsibly in compliance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

GrowYear is a UK-based gardening planning application that helps users plan and manage their vegetable gardens using local growing zones and sowing calendars.

For privacy matters, you can contact us at:

GrowYear Support
📧 support@growyear.com

2. Information We Collect

We collect only the minimum data necessary to provide our services.

a. Account Information

When you create an account with GrowYear, we collect:

  • Your email address (for authentication and account access)
  • Optional profile data such as display name or avatar

This data is stored securely through our authentication provider, Supabase.

b. Automatically Collected Data

When you visit GrowYear:

  • We collect anonymous usage data through Umami Analytics.
  • Umami does not use cookies and does not collect personal data.
  • All analytics data is fully anonymised and aggregated.

We do not track you across websites and do not collect IP addresses for identification purposes.

3. How We Use Your Data

We use your data solely for the following purposes:

  • To provide, maintain, and improve our services
  • To manage user authentication and security
  • To analyse general site usage (anonymously) for performance and usability improvements
  • To communicate important updates related to your account or service

We do not use your data for marketing, profiling, or advertising.

4. Legal Basis for Processing

We process your personal data on the following legal grounds under the UK GDPR:

  • Contractual necessity: To provide access to your GrowYear account
  • Legitimate interest: To maintain security, prevent fraud, and improve our platform
  • Consent: Only if you choose to provide optional profile details

5. Data Storage and Security

All user data is securely stored and processed by Supabase, which complies with industry-standard security practices.

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration.

6. Data Retention

We retain your data for as long as you maintain an account with us.
When you delete your account, all associated personal data is permanently removed from our systems, except where required by law.

7. Sharing Your Data

We do not sell, rent, or share your personal data with third parties.
Your data may be processed by trusted service providers that support our operations, specifically:

  • Supabase — for authentication and database hosting
  • Umami Analytics — for anonymous usage analytics

Each provider processes data in accordance with their own privacy policies and GDPR compliance standards.

8. International Data Transfers

Our service providers may process data outside the United Kingdom or European Economic Area (EEA).
Where this occurs, we ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your personal information.

9. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at support@growyear.com.
We will respond within one month as required by law.

10. Cookies

GrowYear only uses essential cookies required for authentication via Supabase.
We do not use cookies for analytics, marketing, or advertising.

For more details, please see our Cookie Policy.

11. Children’s Privacy

GrowYear is not intended for individuals under the age of 16.
We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy periodically.
Any updates will be posted on this page with a revised “Last updated” date.
If significant changes are made, we will notify registered users by email.

13. Contact Us

If you have any questions, concerns, or data requests regarding this Privacy Policy, please contact us at:

GrowYear Support
support@growyear.com