Legal · Updated 18 May 2026

Privacy
policy.

What Plant Step collects, where it goes, and how you stay in control. Written in plain English so you can read it once and move on.

Effective: 18 May 2026 Plain-language summary at the bottom

1 · Who this applies to

This policy describes how the Plant Step iPhone application ("the app") collects and uses information. It applies to anyone who downloads or uses the app from the Apple App Store. By using the app you agree to this policy.

2 · Data controller

The app is developed and operated as an individual developer:

There is no parent company. The developer is the sole data controller for purposes of the GDPR (Regulation 2016/679), the Swedish Data Protection Act (2018:218), the CCPA, and equivalent laws.

3 · What we collect

Plant Step does not ask for your email, phone, social-network identity, real name, or location. The data we do collect falls into the buckets below.

On your device only

  • Step counts read from Apple HealthKit (see §4)
  • Display preferences — chosen tab, onboarding state, locally-stored celebration acknowledgements
  • Widget snapshot — your current plant's stage + step total, stored in the app's App Group container so the home-screen widget can render without launching the app

Synced to our servers (Google Cloud Firestore)

  • Anonymous device identifier — a random UUID generated on your device and stored in the iOS Keychain. It is not linked to your Apple ID, email, or phone number.
  • Display name you choose during onboarding (visible only to friends you've paired with).
  • Plant progress — the seeds/pots you own, your active plant, its current stage and live step total. Step totals here are a snapshot for sharing and widgets — Health raw samples are not uploaded.
  • Subscription & coin balance — whether you have an active Premium subscription, your in-app coin balance, and the IAP product ids you've purchased.
  • Partner relationships — the anonymous device identifiers of friends you've paired with (see §5).
  • Push notification token — your APNs/FCM token, so we can deliver stage-advance toasts and partner notifications. It is not used for marketing.
  • Last-active timestamp — for partner sync freshness only.

Handled by Apple, not us

  • Payment information. All subscription and in-app coin pack purchases run through Apple StoreKit. We never see your card details, billing address, or Apple ID. We receive a signed transaction receipt confirming a purchase happened and we credit your coins/subscription accordingly via RevenueCat (see §7).
  • Apple system crash reports, if you opted in to share them with developers in iOS Settings.

We do NOT collect

  • Location, GPS, motion data beyond HealthKit step counts
  • Contacts, calendar, photos, microphone, camera
  • Browsing history, advertising identifiers (IDFA), or fingerprinting signals
  • Email, phone number, or any social-network identity
  • Any third-party analytics SDKs beyond what Firebase itself logs (see §7)

4 · Health & step data

Plant Step reads step count from Apple HealthKit on your device. Raw HealthKit samples never leave your phone. We compute your today-total and your active plant's accumulated total locally; the resulting integer step totals (and only those) get written to your plant document in Firestore so friends you've paired with can see them and so the widget can read them after a background wake-up.

HealthKit data is never used for advertising, never sold, and never used to train any model. We do not request write access to HealthKit and we do not store individual workout sessions.

You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → Plant Step. The app continues to launch but plants stop growing until access is restored.

5 · Sharing with friends

You can pair with up to ten friends to see each other's plants. Pairing is mutual and explicit:

  • You generate a 6-character invite code in the app and share it out-of-band (Messages, etc.). Codes expire after 24 hours.
  • When a friend enters your code, our server links both of your device identifiers as partners. Neither side sees the other's data until that handshake.
  • While paired, your partner can read your display name, your active plant's progress, and the plant's current stage. They cannot read your full plant history, your inventory, your coins, your purchases, or any HealthKit data beyond what you've already snapshot-shared.
  • You can stop sharing with any partner at any time from Profile → Plant sharing. The unpair happens atomically — both sides lose access in the same write.

6 · Why we collect what we collect

Each item exists for one of the reasons below — and only those reasons:

  • Operate the app. Anonymous identifier, plant progress, inventory, coin balance — without them the app cannot function.
  • Fulfil purchases. Subscription/coin records and receipts so we honour what you paid for and Apple's audit obligations.
  • Deliver friend-shared progress. Display name + plant snapshot for paired partners only.
  • Send the notifications you opted in to. Push token used solely for stage advances, bloom celebrations, and partner events.
  • Fix bugs. Apple crash reports (only if you opted in at the OS level).

We do not collect anything for advertising, behavioural profiling, location tracking, or "future product development." If a use case isn't listed here, we don't have a basis for it.

7 · Third-party processors

We use a small set of clearly-named processors to operate the app. Each one only sees the categories listed.

  • Apple — App Store distribution, StoreKit purchases, APNs delivery for push notifications.
  • Google (Firebase) — Anonymous Authentication, Firestore (user/plant/inventory documents), Cloud Functions (login, partner pairing, purchase validation, notifications), Firebase Cloud Messaging (push delivery routing). Data lives in Google Cloud regions selected by the developer.
  • RevenueCat — Subscription and consumable-IAP receipt validation. They receive the transaction id, product id, and your anonymous device identifier so they can map purchases back to your account. No personal data beyond that.

We do not sell data. We do not transfer data to advertisers, brokers, analytics resellers, or "data partners." If the developer is ever required to transfer this app to another party, your data continues to be governed by this policy until you receive an in-app notice and the option to delete your account.

8 · How long we keep it

  • Account & plant data in Firestore — kept until you delete the app from all devices and request deletion (see §9). The data is keyed by the anonymous device identifier stored in the iOS Keychain; reinstalling on the same device restores access, reinstalling after a device reset does not.
  • Partner invite codes — 24 hours, then auto-expired.
  • Push tokens — refreshed every foreground; replaced when the OS rotates them.
  • Purchase receipts — retained as long as required by Apple's tax and consumer-protection rules in your country (typically 5–10 years).
  • Apple crash reports — retained by Apple per their own retention rules; the developer can view aggregated counts for ~90 days.

9 · Your rights

Depending on where you live (GDPR in the EU/EEA (including Sweden) and UK, CCPA in California, LGPD in Brazil, and similar regimes elsewhere) you have one or more of the following rights:

  • Access — request a copy of any data we hold about you.
  • Correction — fix anything inaccurate.
  • Deletion — ask us to delete data we hold ("right to be forgotten").
  • Portability — get a copy in a machine-readable format (JSON).
  • Withdrawal of consent — revoke HealthKit, push notifications, or partner pairings at any time directly in the app or iOS Settings.
  • Complaint — lodge a complaint with your local data-protection authority.

Most of these you can exercise yourself — uninstall the app, revoke HealthKit, stop sharing with partners. For full account deletion (server-side), email plantstep2026@outlook.com from any address with the device identifier shown in Profile → About. We respond within 30 days and delete confirmed records within 90 days.

10 · Children

Plant Step is not directed at children under 13 and we do not knowingly collect personal information from anyone under 13. The app is rated 4+ on the App Store but contains no advertising and no chat — only the partner pairing feature in §5, which requires both sides to exchange a code out-of-band. If you are a parent and believe a child under 13 has used the app, contact us and we will remove their account data within 30 days.

11 · Security

Plant Step uses Firebase Authentication and Firestore Security Rules to scope access — each user can only read and write their own document tree, and a partner's documents only when there is a mutual entry in the partners array on both sides. All traffic between the app and our servers uses HTTPS / TLS 1.3. Receipts are validated server-side by RevenueCat before any coins or subscription state changes are written. The iOS Keychain protects the device identifier from other apps on the same phone.

No system is perfect. If we ever discover a data incident that materially affects you, we will notify you in-app and by your data-protection authority within the legally required window (72 hours under GDPR).

12 · International transfers

The developer is located in Sweden. Firestore data is stored in Google Cloud regions selected for proximity and reliability (currently eur3 / Europe). RevenueCat processes data in the United States under Standard Contractual Clauses. By using the app you acknowledge that your data may be processed in these jurisdictions. If you are an EU/UK resident, processors are bound by the EU Standard Contractual Clauses and equivalent UK IDTA.

13 · Changes to this policy

If we make changes that meaningfully affect what we collect or how we use it, we will show an in-app notice and update the Effective date at the top of this page. Older versions are archived — ask us if you'd like a copy.

14 · Contact

Questions, requests, or concerns about this policy:

For Swedish residents, the supervisory authority is the Integritetsskyddsmyndigheten (IMY).

In one paragraph

Plant Step is built by one individual developer. We read your steps from Apple Health on your phone and sync only the step totals (not raw samples), the seeds and pots you own, and the friends you've paired with — all keyed to a random device id, no email or name required. Purchases go through Apple's StoreKit (we don't see card info). Push notifications stay opt-in. We don't run ads, don't sell data, don't profile you. Delete the app and revoke HealthKit to stop us completely; email plantstep2026@outlook.com to wipe the server copy too.