Bonsai LegacyBonsai Legacy

Privacy Policy

Last updated: February 24, 2026

Bonsai Legacy ("we," "us," or "our") operates the bonsailegacy.com website and application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign in with Google, we receive your name, email, and profile picture from Google.

Collection Data

Information you provide about your bonsai trees, including names, species, photos, care logs, notes, and any beneficiary or succession planning details you choose to enter.

Payment Information

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card number. We retain your Stripe customer ID to manage your subscription.

Usage Data

We may collect basic analytics data such as pages visited, browser type, and device information to improve the service.

2. How We Use Your Information

  • To provide and maintain the service
  • To manage your account and subscription
  • To send you service-related emails (password resets, account confirmations)
  • To respond to support requests
  • To improve the service based on usage patterns

We do not sell your personal information to third parties. We do not use your collection data for advertising purposes.

3. Data Storage & Security

Your data is stored in Supabase (hosted on AWS) with row-level security enabled. This means your collection data is isolated at the database level — only you can access your trees, photos, and plans.

Photos are stored in secure cloud storage with access controlled by your authenticated session.

4. Data Retention

Your data is retained for as long as your account is active. If you downgrade from a paid plan, your data is preserved — nothing is deleted. If you request account deletion, we will remove all your personal data and collection information within 30 days.

5. Third-Party Services

We use the following third-party services:

  • Supabase — authentication and database hosting
  • Stripe — payment processing
  • Google OAuth — optional sign-in provider
  • Vercel — application hosting

Each of these services has its own privacy policy governing how they handle your data.

6. Cookies

We use essential cookies to maintain your authentication session. We do not use tracking cookies or third-party advertising cookies.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your collection data

To exercise any of these rights, contact us at support@bonsailegacy.com.

8. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, contact us at support@bonsailegacy.com.