Skip to main content
GrowGrid

Privacy

Contact Us

Privacy Policy

Effective date: 2026-04-17 Contact: privacy@growgrid.org

GrowGrid is a free, open source farm and garden management application distributed as a desktop program (Linux, Windows, macOS) and a mobile app (Android, iOS). This policy explains the very small amount of personal data we collect, why we collect it, and the choices you have.

Our position on your data

We do not want your personal data. We collect the minimum required to run the features you turn on, and nothing else. Specifically:

  • GrowGrid is local-first. Your farm data lives on your own device. It is not sent to us. It is not sent to anyone unless you set up the optional self-hosted Sync Hub or, in the future, opt in to a paid cloud account.

  • We will never sell your personal data, ever. Not now, not later, not under a new owner, not in aggregate, not "anonymized". This is a permanent commitment.

  • We will never share your personal data with advertisers, data brokers, or analytics resellers.

  • You can delete everything we hold about you at any time from Settings -> Data -> Privacy & Account, or by emailing privacy@growgrid.org.

Information you voluntarily provide

We only receive personal data when you choose to give it to us. The three channels are:

1. Crash and bug reports (opt-in)

If you choose to submit a crash report, error log, or feedback form from inside the app, we receive: the report you wrote, the app version, the operating system family, and any logs you chose to attach. We do not silently capture crashes. The submission is entirely your choice each time.

In addition, the app exposes two opt-in switches in Settings -> Data -> Privacy & Telemetry, both off by default:

  • Anonymous crash reports - when on, an uncaught exception or unhandled promise rejection sends the error type, message, stack trace, app version, OS family, and an anonymous per-launch session id to https://telemetry.growgrid.org/v1/crash. No user id, username, email, farm content, or request bodies are included.

  • Launch ping - when on, the app sends one event per launch containing only the app version and OS family to /v1/ping, so we can see how many people are running each release.

Crash and ping events are retained for at most 90 days on the receiving server, then deleted. The endpoint is operated by the GrowGrid maintainers and runs on infrastructure under our control; no third-party analytics vendor receives the data. Both switches can be turned off at any time and the app will stop sending immediately.

The "Build diagnostic bundle" button in the same section packages your locally-captured console logs, app version, and OS into a single text file you can review and email to support@growgrid.org. Nothing is sent automatically.

2. Newsletter signup (opt-in)

If you sign up for the GrowGrid newsletter on growgrid.org or in the app, we store your email address and the date you subscribed. We use it only to send the newsletter. Every newsletter contains a one-click unsubscribe link, and unsubscribing deletes your address from our list.

3. Hardware preconfiguration orders (only if you order one)

If you order a preconfigured Raspberry Pi or other hardware from us, we collect the information needed to build, ship, and support it: your shipping address, contact email, the configuration choices you made, and the order receipt. We use this only to fulfill the order and provide support. We do not use it for marketing.

Data that stays on your device

The vast majority of what GrowGrid handles never leaves your device. The following are stored locally and we never receive a copy unless you explicitly export and send it to us:

  • Farm layouts, crop schedules, tasks, harvest reports, fresh-sheet history

  • Journal entries, photos you attach, personal almanac notes

  • Account preferences (theme, tutorial state, units)

  • Bluesky credentials, if you choose to link Bluesky (encrypted with AES-256-GCM at rest on your device)

Optional Sync Hub

If you self-host the optional Sync Hub or join a hub run by someone else (for example, a farm manager), encrypted data is replicated between the devices that hub authorizes. The operator of that hub is the data controller for any data you sync to it. GrowGrid the project does not receive a copy.

Future paid cloud (not active today)

If we launch a paid hosted cloud option, opting in will require an account (username, password hash, optional email) and will store the farm data you sync to the cloud on our infrastructure. The same commitments above apply: minimal data, no selling, no advertising, delete on request. This policy will be updated and you will be told before that option goes live.

Permissions the mobile app may request

These permissions are used on your device only. We do not receive location, camera contents, or notification activity.

  • Location - to look up your growing zone and weather forecast. Used on demand, never tracked in the background. You may decline.

  • Camera - to attach photos to crops, harvest reports, and journal entries. Photos stay on device unless you opt in to cloud sync.

  • Notifications - to remind you about scheduled tasks. You may decline.

Website cookies (growgrid.org)

The growgrid.org marketing site uses only functional cookies that are strictly necessary to make the site work (for example, remembering that you dismissed a banner or that you are signed in to your support account). We do not use advertising cookies, tracking pixels, or third-party analytics cookies that profile you. There is no cookie banner because there is nothing optional to consent to: if a cookie is set, it is required for the page you asked for to function.

If you create a support account or paid hardware order on the site, those cookies authenticate your session for as long as you stay signed in.

Operational data the server processes automatically

If you connect to a GrowGrid server (the optional Sync Hub or, in the future, the paid cloud), the server has to handle a small amount of operational data just to function safely. We list it here for full transparency. None of this is sold, shared with advertisers, or used for analytics.

  • IP address and user agent of incoming requests, used only for rate limiting, abuse blocking, and security audit logs. Audit-log rows are kept for 90 days for fraud investigation, then either deleted or have your user id replaced with NULL.

  • Session cookies so you stay signed in. Marked httpOnly, Secure, and SameSite=strict. They contain only a session id; no profile data.

  • Server error logs for crashes that happen on the server itself (not on your device). These are scrubbed of personal data before they are written.

  • Opt-in crash and launch-ping events sent only when you have enabled the Privacy & Telemetry switches in Settings (see Section 1 above). Retained for at most 90 days.

If you only use GrowGrid locally (desktop or mobile, no Sync Hub, no cloud account) none of the above happens, there is no server in the picture.

How we use the small amount of data we do have

  • To deliver the feature you asked for (send the newsletter, ship the hardware, answer the support ticket, fix the bug you reported).

  • To investigate abuse or a security incident.

  • To comply with the law when we are legally required to.

We do not use your data for advertising, profiling, scoring, training machine-learning models, or sale.

Sharing

We disclose data only:

  • To you, on request.

  • To the hub operator you connect to, for the data you choose to sync to that hub.

  • To shipping carriers and payment processors strictly for fulfilling a hardware order you placed.

  • When required by law (subpoena, court order, or comparable legal process), and only the minimum required.

We do not sell your data. We will not sell your data in the future. This commitment survives any change of ownership or maintainership of the project.

Your rights

Regardless of where you live, you may:

  • Access your data: export from Settings -> Data -> Export Data, or email privacy@growgrid.org.

  • Correct your data: edit any field in the app, or email us.

  • Delete your data: Settings -> Data -> Privacy & Account -> Delete my account, or email privacy@growgrid.org. Deletion removes your account and all linked records immediately. Audit-log rows tied to abuse investigations are retained for 90 days with your user id replaced by NULL.

  • Unsubscribe from the newsletter: click the unsubscribe link in any newsletter, or email us.

  • Object to processing or withdraw consent at any time.

Children

GrowGrid is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, email privacy@growgrid.org and we will delete it.

Security

  • Passwords (when accounts exist) are hashed with bcrypt and a per-user salt. The plaintext is never logged.

  • Session cookies are httpOnly, SameSite=strict in production, and Secure when served over HTTPS.

  • All API requests are rate-limited.

  • A Content-Security-Policy header blocks inline script execution.

  • Bluesky app passwords are encrypted at rest with AES-256-GCM.

No system is perfectly secure. If you suspect a vulnerability, see SECURITY.md for how to report it responsibly.

Changes to this policy

If we make material changes, we will update this file and note the new effective date. Significant changes will also be announced in the in-app changelog and on growgrid.org. The "never sold" commitment is not subject to material change.

Contact