Privacy Policy
1. Data Controller
Robert Gürgens Software- und IT-Dienstleistungen Suhler Straße 17 12629 Berlin Germany
E-Mail: dpo@gartenkern.de
2. General principles
We process personal data of our users only to the extent necessary for providing a functional platform and meeting our contractual and legal obligations (data minimization, GDPR Art. 5).
Legal bases
- GDPR Art. 6 (1)(a) — Consent (where you grant it separately for individual features)
- GDPR Art. 6 (1)(b) — Contract performance (account, platform usage)
- GDPR Art. 6 (1)(c) — Legal obligation (accounting, taxes)
- GDPR Art. 6 (1)(f) — Legitimate interests (security, abuse detection)
3. Data we process
| Data | Purpose | Legal basis |
|---|---|---|
| Email, display name | Account creation, login | Art. 6 (1)(b) |
| Workspace + garden content (plantings, journal, tasks, images) | Platform usage | Art. 6 (1)(b) |
| Garden location polygon | Map / weather features | Art. 6 (1)(b) |
| EXIF data in uploaded images | Stripped before storage (data minimization) | — |
| IP address at login + upload | Security, abuse detection | Art. 6 (1)(f) |
| Cookies (session, locale, theme) | Platform function (technically necessary) | Art. 6 (1)(b) + § 25 (2) TTDSG |
4. Cookies
We use only technically necessary cookies:
ory_kratos_session— login session (essential)csrf_token_…— CSRF protection (essential)NEXT_LOCALE— chosen language (essential)theme— light/dark preference (essential)gartenkern_invite_token— validation of your invite code during the closed beta (essential, HttpOnly, expires after 2 hours)
No tracking, no profiling, no third-party advertising. No cookie consent banner is required under § 25 (2) TTDSG.
5. Data Processors & External Services
| Provider | Purpose | Location | Legal basis |
|---|---|---|---|
| netcup GmbH | Hosting | DE Nuremberg | DPA per Art. 28 GDPR |
| Hetzner Online GmbH | Backup storage (encrypted) | DE | DPA per Art. 28 GDPR |
| Proton AG | Email reception + sending | CH (adequacy decision) | DPA |
| Stripe Payments Europe, Ltd. | Payment processing (subscriptions, invoices) | IE (EU) | DPA per Art. 28 GDPR |
| Mistral AI SAS | Plant identification, AI chat, season summaries, receipt/meter OCR, disease diagnosis | FR (EU) | DPA per Art. 28 GDPR |
| OpenRouter, Inc. | Public plant knowledge enrichment + DE↔EN translations | US (SCCs) | Art. 28 + Art. 46 GDPR |
Mistral La Plateforme (servers in the EU, France) processes on our behalf:
- Plant photos for identification and disease diagnosis
- AI chat requests with journal context (only if you use AI chat)
- Season summaries about your garden (only when you create them)
- Receipts when uploaded to the household ledger
- Meter-reading photos when uploaded to meter tracking
Mistral processes this content solely for inference and deletes it from its audit logs within 30 days per the Scale-plan DPA. No training use. We store neither the original image nor raw Mistral responses long-term — only the structured result (identified plant, extracted ledger item, answer text) enters your garden.
For public, non-personal data (general plant knowledge enrichment in our plant knowledge base, DE↔EN translations for plant content and blog articles) we additionally use OpenRouter, Inc. (USA, with EU Standard Contractual Clauses per Art. 46 GDPR). Your journal entries, AI chat requests, or photos are never processed there — the router technically refuses those routes (GDPR hard-fail).
When you take out a paid subscription, Stripe Payments Europe, Ltd. (Ireland, EU) processes your payment data (e.g. payment method, billing address) for settlement. We do not store full payment data ourselves — only the Stripe reference IDs and the subscription status.
A detailed sub-processor list with models, pricing and architecture guarantees is available on request at dpo@gartenkern.de.
External services your browser contacts directly
For some features your browser contacts external services directly; this necessarily transmits your IP address. These services are not processors but independent recipients. The legal basis is our legitimate interest in providing the respective feature (GDPR Art. 6 (1)(f)):
| Service | Purpose | Location |
|---|---|---|
| OpenFreeMap | Map tiles (default map view) | EU (public instance) |
| MapTiler AG | Map tiles (satellite/hybrid) | CH (adequacy decision) |
| Open-Meteo | Weather data for your garden (no API key, no tracking) | DE/EU |
Push notifications: If you enable browser notifications, they are delivered via your browser's push service (e.g. Mozilla, Google or Apple — depending on your browser). We store only a technical push subscription for this, which you can revoke at any time in the settings.
Error telemetry: We capture technical errors via a self-hosted GlitchTip on our server in Germany (no disclosure to third parties) in order to fix problems. IP addresses are not stored by default.
6. Your Rights (GDPR Art. 15–22)
You have the right at any time to:
- Access (Art. 15) — what we have stored about you → on request at dpo@gartenkern.de
- Rectification (Art. 16) — directly in your account profile
- Erasure (Art. 17, "right to be forgotten") → on request at dpo@gartenkern.de; soft-delete with 30-day window, then irreversible
- Restriction of processing (Art. 18) — by email request
- Data portability (Art. 20) — on request in a structured, commonly used format
- Object (Art. 21) — by email request
- Complaint to a supervisory authority (Art. 77)
These requests and all other data protection questions go to dpo@gartenkern.de. We respond within 30 days (GDPR Art. 12 (3)).
7. Minimum age
The platform is accessible to persons aged 16 and over (GDPR Art. 8, § 3 BDSG for Germany).
8. Backups and retention
Backups are encrypted and retained for 30 days. A deletion request takes effect immediately in the live database; deletion in backups is finalized through rollover within 30 days. Backups are used exclusively for disaster recovery.
9. Security (GDPR Art. 32)
State of the art: TLS 1.3 for all connections, Argon2 for password hashes (via Ory Kratos), EXIF stripping on image uploads, isolated workspace processing, authorization on every endpoint.
10. Breach Notification
In case of a data breach with risk to your rights, we will inform you and the responsible supervisory authority within 72 hours (GDPR Art. 33).
Last updated: 2026-06-05 · added payment processor (Stripe) as active processor, beta invite cookie, and the LLM sub-processors (Mistral/OpenRouter) to match the German version