Privacy Policy
Last updated: 5 June 2026
Who we are
Holly's FlowerGarden is operated by TechThomas. Questions: dynamicbuildmachine@gmail.com. This policy is governed by the laws of the Netherlands.
What we collect
Without an account (default)
- Nothing is uploaded. Your flower sightings, botanical profile, and consent timestamp are stored only in your browser's
localStorage. - No cookies. No advertising or analytics cookies are set.
- Map tiles. The world map is served entirely from our own server — no third-party tile service or CDN is contacted.
- GPS coordinates (only when you tap "Find flowers near me") are used entirely within your browser to find nearby countries. They are never stored or transmitted.
With an account (optional cloud sync)
When you sign up, we store in Supabase (our cloud database, EU region):
- Your email address (for passwordless sign-in via magic link).
- Your flower sightings, botanical profile ratings, optional display name, and consent timestamp in a per-user row protected by row-level security.
- If you add a custom flower, a copy is stored in a review table for our team to consider adding to the public database.
Legal basis (GDPR / AVG)
- Consent — you give explicit consent on first visit and when creating an account.
- Legitimate interest — storing sightings locally so the app works without a network.
Data sharing
We do not sell or share your data with third parties. Supabase processes data as a data processor under a DPA consistent with GDPR. No advertising networks or third-party analytics are used.
Your rights (GDPR)
You have the right to access, rectify, erase, restrict, and port your data. To exercise any right, email us or use the button below to delete all local data immediately.
Data retention
Local data persists until you clear it. Cloud data is retained until you delete your account or request erasure. Unverified sign-in attempts are purged within 24 hours by Supabase.
Security
- Strict Content-Security-Policy (
script-src 'self'), HSTS, X-Frame-Options, and other security headers are set on every response. - The Supabase anon key embedded in the app is public by design; database access is protected by row-level security.
- All data in transit uses TLS.
Children
Holly's FlowerGarden is not directed at children under 13. We do not knowingly collect personal data from children.
Changes to this policy
We will update the "Last updated" date when this policy changes materially. Continued use after a change constitutes acceptance.
Contact
Questions or erasure requests: dynamicbuildmachine@gmail.com
Clear all my data
This button removes all Holly's FlowerGarden data from this browser immediately (sightings, profile, account state). It does not delete your cloud account — email us to do that.