Greenroot ← Back

Privacy

What I collect. What I don’t.

Plain English. Last updated 10 May 2026.

The short version

I’m one person building Greenroot. The less data I touch, the less there is to lose. Email and payment go through trusted third parties. Plant data, when the app ships, never leaves your phone.

What I collect, and why

If you join the email list

Your email address, via Buttondown (the newsletter tool I use). It’s used to send you build updates and the launch announcement. One-click unsubscribe in every email.

If you pre-order

Your email and card details go through Stripe, who handles every payment online for millions of businesses. I never see or store your card number. Stripe gives me your email and a transaction ID, which I use to email you the launch download and to issue a refund if you ask.

If you fill in the survey

Survey answers go through Tally. Email is optional. I read every answer to decide what ships in v1. I don’t share or sell the data.

If you vote on a feature

A random ID is set as a cookie in your browser so I can stop you double-voting. The ID is a meaningless string and isn’t linked to your email or anything else.

When you visit the page

Cloudflare records aggregate request data (which page, what country, was it slow). I see counts and trends, never individual visits. I do not run Google Analytics or any tracker that follows you across sites.

What I don’t collect

  • Anything inside the app once it ships. Plants, photos, and care logs live on your iPhone and iCloud (encrypted by Apple). I don’t run a server for any of it.
  • Your IP address tied to your email. The two are not linked.
  • Behaviour tracking, ad pixels, retargeting cookies, fingerprinting. None of it.

Who else sees the data

The third parties listed above (Buttondown, Stripe, Tally, Cloudflare) each see only the data they need. None of them sell or share data with me beyond what’s required to do their job. I do not sell, share, or trade any data with anyone else.

Your rights (UK GDPR)

  • Access – ask what I hold on you. I’ll send it.
  • Deletion – ask me to delete it. I will, within 7 days.
  • Correction – tell me what’s wrong. I’ll fix it.
  • Portability – ask for a copy in a machine-readable format. CSV is fine.

Email [email protected] for any of the above.

Cookies

One cookie is set: gr_voter, a random ID used to prevent double-voting on the feature roadmap. It expires after a year. No tracking cookies, no analytics cookies, no advertising cookies.

Changes

If this policy changes in any meaningful way, I’ll email everyone on the list before it takes effect.

Contact

Aaron. [email protected].