Privacy Policy

The short version

Your plant data belongs to you. It is saved directly to your own Google Drive — Prickly's servers never store your collection, photos, or care logs. The only information we hold server-side is your email address (to manage your plan and prevent duplicate welcome emails) and an optional location you choose to provide.

About Prickly

Prickly is a personal plant care tracker made by LIMO Business NZ, based in Wellington, New Zealand. The app is available at helloprickly.com.

If you have any questions about this policy, contact us through the Feedback & Support section in the app.

What we ask Google for — and why

Prickly uses Google Sign-In so you don't need a separate account or password. When you sign in, you'll see a Google consent screen listing the permissions (scopes) the app requests. Here is exactly what each scope is used for:

Prickly does not request access to your Gmail, Google Calendar, Google Photos, contacts, or any other Google service. The drive.file scope is the narrowest Drive permission available — it is scoped exclusively to files Prickly creates.

What information Prickly stores

In your browser (localStorage)

Your plant collection, care logs, and photos are saved locally in your browser's storage. This data never leaves your device except to sync to your Google Drive.

In your Google Drive

A file called prickly-data.json in a folder called Prickly. This file contains your complete plant collection including names, care notes, care logs, and photos. It is created and owned by you in your own Drive — Prickly cannot access it after you revoke access.

On Prickly's servers (Cloudflare KV)

We store the following minimal data server-side:

• Email address — to check if you are a new user, manage your Pro plan status, and to prevent duplicate welcome emails.
• Plan status — whether your account has Pro access, linked to your email address.
• Location (optional) — if you choose to set a country and city in Settings → Country & climate, this is stored server-side and used to make AI care advice season-aware. You can delete it at any time by clearing the location field in Settings.
• Last sign-in timestamp — recorded when you sign in, used for account management by the app owner only.

We do not collect: browsing history, device identifiers, advertising identifiers, health data, financial data, or any data from other apps.

How AI features use your data

Prickly uses Google Gemini AI for three features: plant identification, care advice, and health checks. When you use these features, the relevant photo or plant name is sent to Google's Gemini API to generate a response. Photos are resized to 800px before being sent.

Gemini API data use is governed by Google's Gemini API Terms of Service. Prickly does not store the content of AI requests or responses beyond displaying them in the app.

If you add your location in Settings, it is included in care advice prompts as context (e.g. current season, hemisphere) to make advice more relevant. It is not sent for plant identification or health check prompts.

Services Prickly uses

• Google Identity Services — sign-in and OAuth. Google Privacy Policy
• Google Drive API — saving your plant data to your own Drive.
• Google Gemini API — AI plant identification, care advice, and health checks.
• GBIF (Global Biodiversity Information Facility) — plant name database lookups. No personal data is sent.
• EmailJS — sending welcome and feedback emails. Your email address and message are sent to EmailJS for delivery. EmailJS Privacy Policy
• Stripe — payment processing for Pro subscriptions. Prickly never sees your card details — payment is handled entirely by Stripe. Stripe Privacy Policy
• Cloudflare Pages — app hosting. Cloudflare Privacy Policy

Your choices and rights

• Access your data — your plant data is in your Google Drive in the Prickly folder, readable as a JSON file at any time.
• Delete your data — sign out of Prickly (Settings → Sign out), then delete the Prickly folder from your Google Drive. To remove server-side data (email, plan status, location), contact us and we will delete it within 30 days.
• Revoke Google access — you can revoke Prickly's access to your Google account at any time via Google Account → Security → Third-party apps. After revoking, Prickly can no longer sync to or from your Drive.
• Location data — clear your location at any time via Settings → Country & climate (leave both fields empty and save).
• Cancel Pro — manage your subscription directly through Stripe. Your plant data is never deleted when you cancel.

How we protect your data

Server-side data (email, plan status, location) is stored in Cloudflare KV, a globally-distributed key-value store with encryption at rest. We retain this data for as long as you have an account. If you request deletion, we will remove all server-side data within 30 days.

Your plant data in Google Drive is protected by Google's own security measures and your Google account credentials — Prickly cannot access it once you revoke the drive.file permission.

Prickly does not sell, rent, or share your personal data with third parties for marketing purposes.

Children's privacy

Prickly is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of Prickly after changes are posted constitutes acceptance of the updated policy.