Privacy Policy

Last updated: 27 June 2026

1. Who we are

Plantara ("we", "us", "our") is a pest identification service based in Lisbon, Portugal, and is the data controller for the personal data described in this policy. We can be contacted at hello@getplantara.com.

2. What data we collect

We collect the following data when you use Plantara:

  • Account information — your name and email address, managed through our authentication provider Clerk
  • Uploaded images — the photos you submit for pest identification
  • Identification results — the species, confidence scores, severity ratings, and treatment information generated from your images, saved as your scan history
  • Location data — your approximate location or coordinates, collected only if you grant permission, used to provide local recommendations and the community pest map
  • Usage data — how you interact with the Service, including device and log information, used to operate and improve it
  • Payment data — processed securely by Stripe. We never see or store your full card details.

3. How we use your data

  • Provide pest identification results and location-aware recommendations
  • Save your scan history to your account
  • Maintain and display an aggregated, anonymised community "pests near you" / outbreak map
  • Improve the accuracy, quality, and safety of the Service
  • Process payments and manage subscriptions
  • Communicate with you, including service messages and (only if you opt in) seasonal pest alerts
  • Detect, prevent, and address abuse, fraud, and security issues, and comply with legal obligations

4. Aggregated, anonymised outbreak map

If you grant location access, your approximate location may be used to contribute to a community "pests near you" / outbreak map. Location is shown only in aggregated, anonymised form, combined with data from other users to indicate general pest activity in an area. Individual users are not identified on the map, and we do not display your precise location, identity, or personal details to other users.

5. Legal basis for processing (GDPR)

  • Contract — to provide the Service you signed up for
  • Legitimate interest — to improve the Service, maintain the aggregated map, and prevent abuse
  • Consent — for email alerts and location data, which you can withdraw at any time
  • Legal obligation — where required by law

6. Images and AI processing

Photos you upload are sent to a third-party AI provider (Anthropic, operator of Claude) for automated image analysis and pest identification. By uploading an image you understand that it will be processed by this third-party AI provider for that purpose. We do not permanently store the raw image files in the ordinary course of providing the Service — only the identification results are saved to your account. Any location data associated with an image is aggregated and anonymised before it is used on the community pest map.

7. Third-party processors

We share data only with the service providers needed to operate Plantara. Each acts as a processor under appropriate data-processing terms:

  • Clerk — user authentication and account management
  • Stripe — payment processing
  • Anthropic (Claude) — AI image analysis and pest identification
  • Supabase — database hosting (EU region)
  • Vercel — website and application hosting
  • Resend — email delivery for alerts and service messages

We never sell your data to third parties. We never share your data with advertisers.

8. International transfers

Some of our processors are located outside the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an adequacy decision, to ensure your data receives an equivalent level of protection.

9. Data retention

We retain your data for as long as your account is active or as needed to provide the Service and comply with our legal obligations. When you delete your account, your personal data and scan history are permanently deleted within 30 days, except where we are required to retain certain records (for example, billing records) by law. Aggregated, anonymised data that no longer identifies you may be retained.

10. Your rights (GDPR)

If you are in the European Union, you have the following rights over your personal data:

  • Access — request a copy of your personal data
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a structured, portable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request that we restrict processing in certain circumstances
  • Withdraw consent — withdraw consent for email alerts or location data at any time

To exercise any of these rights contact us at hello@getplantara.com. We will respond within 30 days.

11. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), secure database hosting, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Cookies

We use essential cookies only — required for authentication and keeping you signed in. We do not use advertising cookies or tracking cookies.

13. Children

Plantara is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or through the Service.

15. Contact, DPO and complaints

For privacy questions, or to reach our data protection contact, email us at hello@getplantara.com.

If you are in the European Union and believe we have violated your data protection rights, you may lodge a complaint with your local supervisory authority. In Portugal this is the CNPD at cnpd.pt.