Back to home

Privacy policy

Privacy policy

This policy explains how Plantio processes personal data in accordance with the Swiss Federal Act on Data Protection (revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

Data controller

Mario Weilenmann, Zeughausstrasse 2, S2, 7310 Bad Ragaz, Switzerland.

Contact for privacy inquiries: support@plantio.ch.

What data we process

Account data: email address, name, password hash, chosen language, plan.

Content you create: plants, groups, tasks, photos, notes, and any other data you enter or upload.

Billing data: name, billing address, VAT number if applicable — handled by Stripe. Plantio never stores full payment card numbers or bank details.

Technical data: IP address, browser fingerprint (User-Agent), request logs kept for up to 30 days for security and abuse prevention.

Error data: uncaught runtime errors, sampled traces, and (opt-in) session replays sent to Sentry to help us diagnose bugs.

Purposes and legal basis

Provision of the service and account management — contract performance.

Billing and fraud prevention — contract performance and legitimate interest.

Sending transactional emails (verification, password reset, notifications) — contract performance.

Security logging and error tracking — legitimate interest in a stable, secure service.

Improvement of the service — legitimate interest, on aggregated data only.

Third-party processors

Stripe Payments Europe, Ltd. (Ireland) — payment processing, subscription and invoicing.

Hoststar (Switzerland) — outbound email delivery via SMTP.

Sentry (Functional Software, Inc., USA — EU data region) — error tracking and, optionally, session replay.

Hosted infrastructure (Switzerland) — application hosting and photo storage. Photos are stored on our own MinIO instance and are not shared with third parties.

Web Push (Mozilla, Google, Apple) — only if you explicitly enable browser notifications.

Cookies

Plantio uses one strictly necessary, httpOnly session cookie to keep you signed in. No analytics or advertising cookies are set. Because only strictly necessary cookies are used, no cookie banner is required under Swiss law or the EU ePrivacy Directive.

Data retention

Account data: for the lifetime of your account and up to 30 days after deletion, then purged.

Content: deleted with the account, subject to backup rotation of up to 30 days.

Invoicing records: retained by Stripe and Plantio for 10 years to comply with Swiss commercial and tax law.

Security logs: 30 days.

Your rights

You have the right to access, rectify, and delete your personal data, to restrict or object to processing, and to receive your data in a portable format.

Send requests to support@plantio.ch. We reply within 30 days.

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are in the EU, your national supervisory authority.

International transfers

Where personal data is processed outside Switzerland or the EU/EEA (for example, by Sentry in the USA), we rely on adequacy decisions and standard contractual clauses (SCCs) to ensure an appropriate level of protection.

Changes

We may update this policy to reflect changes in the service or the law. The current version is always accessible at plantio.ch/privacy.

Effective from 1 July 2026