Privacy Policy

Last updated: April 27, 2026

Aiya's Garden is a small community website and mobile app for plant lovers. This page explains, in plain English, what we collect, why we collect it, and what choices you have. If anything here is unclear, please email us at hello@aiyasgarden.co.

Who runs the site

Aiya's Garden is owned and operated by MACP Trading LLC, doing business as Aiya's Garden. We are a small operation, we don't sell user data, and the site and app are funded by community supporters and a small number of curated affiliate links.

What we collect

When you create an account or use the app, we store the following on your behalf:

  • Account information: the email address and password you sign up with. Passwords are hashed by Supabase Auth and we never see the plaintext.
  • Profile information you provide: username, bio, avatar colour, optional location text, and a public-or-private setting for your garden.
  • Content you create: forum posts and comments, journal entries, plant records, plant-care logs, harvest entries, propagation tracking, direct messages, and any photos you choose to attach.
  • Activity: what you've liked, posts you've bookmarked, RSVPs to community events, follows, your watering streak, and notification read state.
  • Mobile push token (optional): if you install the iOS or Android app and grant notification permission, we store an Expo push token on your profile so we can notify you about likes, comments, and direct messages. You can revoke this at any time in your phone's notification settings.
  • Supporter status: if you choose to support the project financially, Stripe records your payment and tells us your account is now a supporter. We do not see or store your card details.

What we don't collect

  • We do not run third-party advertising or behavioural-tracking pixels.
  • We do not collect precise device location. Optional location text in your profile is whatever you type.
  • We do not have access to your camera roll or photos beyond the specific images you choose to upload.
  • We do not sell or rent personal information to anyone.

How we use what we collect

Strictly to operate the service you signed up for:

  • Authenticate you and keep you signed in across the website and app.
  • Show your content to other members in the ways you've configured (public garden, forum posts, direct messages).
  • Send notifications about activity on your content (likes, comments, follows, mentions, DMs).
  • Process supporter payments and reflect supporter status on your profile.
  • Diagnose problems and protect against abuse.

Who we share data with

We rely on a small number of trusted service providers. We do not share your data with anyone else and we do not use it for any purpose beyond running the service.

  • Supabase — hosts our database, authentication, and image storage. Your data lives here. Supabase privacy policy.
  • Stripe — processes supporter payments. Stripe receives your card details directly; we never see them. Stripe privacy policy.
  • Expo — delivers push notifications to the mobile app via Apple and Google's push services. We send Expo a push token plus the notification text; we do not share your account details. Expo privacy policy.
  • Vercel — hosts the website. Standard server logs (IP, user-agent, request paths) are kept for a short period for security and debugging. Vercel privacy policy.

How long we keep it

We keep your account and content as long as your account is active. If you delete your account, we delete your profile, posts, comments, plants, journal entries, harvest entries, propagations, messages, and uploaded photos within 30 days. Some content that's been quoted or replied to by other users (e.g. a comment quoting your post) may remain in their threads as part of the conversation history.

Stripe retains payment records independently for legal and accounting reasons; we cannot delete those.

Your rights

You can, at any time:

  • Edit your profile, posts, comments, plants, journal entries, and other content from inside the website or app.
  • Delete individual items you've created.
  • Toggle your garden between public and private.
  • Turn off push notifications in your phone's system settings.
  • Request full account deletion by emailing hello@aiyasgarden.co. We will confirm and complete deletion within 30 days.
  • Request a copy of the personal data we hold about you, in machine-readable form, by emailing the same address.

If you are in the European Union, the United Kingdom, or California, the GDPR / UK GDPR / CCPA give you the rights above plus the right to lodge a complaint with your local data-protection authority.

Children

Aiya's Garden is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children. If you believe a child has created an account, please email us and we will delete it.

Cookies and similar technologies

The website uses a small number of strictly-necessary cookies to keep you signed in and to remember site preferences (e.g. light or dark theme). We do not use advertising or analytics cookies. The mobile app uses local device storage for the same purposes.

Security

Connections to the website and app are encrypted with HTTPS. Passwords are hashed by Supabase Auth. Database access is restricted by row-level security policies that scope your data to your own account. No system is perfectly secure — if you discover a vulnerability, please email hello@aiyasgarden.co and we will respond promptly.

International transfers

Our service providers (Supabase, Stripe, Vercel, Expo) operate globally and your data may be stored or processed in countries other than your own, including the United States. Each of these providers uses standard contractual clauses or equivalent protections for international data transfers.

Changes to this policy

If we make material changes to this policy, we'll post the new version here and update the “Last updated” date at the top. For significant changes we'll also surface a notice in the website and app.

Contact

Questions, requests, or corrections: hello@aiyasgarden.co.

Data controller: MACP Trading LLC, doing business as Aiya's Garden.

GET THE GREEN NOTE

Weekly care tips, new arrivals, and shop events.

Community

My Garden

Shop

Thank you for being part of
this little garden.

Contact

Some links may be affiliate links.

© 2026 Aiya's Garden. All rights reserved.