What is easyDacha and how does it help home gardeners?

easyDacha is a vegetable garden planner app for iPhone. It gives you a visual map of your garden, zone-specific 14-day task calendars, expert care plans for 100+ vegetables, seeds and seedlings inventory, and a lunar calendar — so you always know exactly what to do in your garden and when to do it.

How does easyDacha know what tasks to give me?

easyDacha uses your USDA hardiness zone and the current date to generate a personalized 14-day task calendar. Every task — whether it is starting seeds indoors, transplanting, watering, feeding, or protecting from frost — is timed to your specific zone and plant.

What types of garden beds does easyDacha support?

easyDacha supports four bed types: in-ground beds, raised beds, containers and pots, and greenhouse beds. Your garden map can hold up to 50 beds in rectangular or circular shapes, so you can design your entire garden layout visually.

How many plants can I track with easyDacha?

easyDacha's plant library includes over 100 vegetable types. You can plan up to 100 plant types across your garden. You can also add your own custom plants to the app using the Own Plants feature.

Can I map out my entire vegetable garden in easyDacha?

Yes. easyDacha includes a visual garden map where you place your beds, choose bed shapes (rectangles or circles), and plan where each plant goes. The app automatically accounts for correct plant spacing so you do not overcrowd your beds.

Can I track my seeds and seedlings inventory in easyDacha?

Yes. easyDacha includes a seeds and seedlings inventory with a shopping list feature. You can track what you have on hand, what you need to buy, and manage your seed stock across growing seasons.

Does easyDacha have a free trial?

Yes, easyDacha offers a 14-day free trial so you can explore all features before subscribing. After the trial, plans start at $4.99 per month or $34.99 per year. Download easyDacha on the Apple App Store to get started.

How much does easyDacha cost?

easyDacha offers a 14-day free trial. After that, you can subscribe monthly for $4.99 per month, or save with the annual plan at $34.99 per year (that is less than $3 per month). Download on the Apple App Store.

Where can I download easyDacha?

easyDacha is available on the Apple App Store for iPhone. Search for 'easyDacha' in the App Store or visit easydacha.com and click the Download button to go directly to the App Store listing.

When should I start vegetable seeds indoors before transplanting?

Timing depends on your hardiness zone and plant type. Tomatoes and peppers: 6-8 weeks before your last frost date. Broccoli and cabbage: 6-8 weeks. Cucumbers and squash: 3-4 weeks. Lettuce: 4-6 weeks. easyDacha automatically schedules your indoor seed starting based on your zone and the plants you have selected.

How do I find my USDA hardiness zone for gardening?

Your USDA hardiness zone is based on your ZIP code and determines your frost dates and what plants survive your winters. You can look it up at the USDA Plant Hardiness Zone Map website using your ZIP code. In easyDacha, you enter your location and the app applies the correct zone-specific planting schedule automatically.

When is it safe to plant tomatoes outdoors?

Tomatoes should be planted outdoors after your last frost date, when nighttime temperatures stay consistently above 50°F (10°C). Zone 5: late May. Zone 6: early to mid May. Zone 7: late April. Zone 8: mid April. Zone 9: March-April. easyDacha tells you exactly when to transplant based on your zone.

What vegetables can I plant in May?

What to plant in May depends on your zone. Zone 5-6: transplant tomatoes and peppers after last frost (mid-May), direct sow beans and cucumbers. Zone 7-8: all warm-season crops — squash, corn, basil, beans. Zone 9-10: heat-tolerant crops like okra and sweet potatoes. easyDacha generates a personalized May task calendar for your specific zone.

How do I know if I am overwatering my vegetable garden?

Signs of overwatering include yellowing leaves starting at the bottom, wilting even when soil is wet, root rot, and mold on the soil surface. Most vegetables need deep watering 1-2 times per week — water until the soil is moist 6 inches deep, then let it partially dry before watering again. Stick your finger 2 inches into soil: if it is still moist, wait another day.

Why are my tomato leaves turning yellow?

Yellow tomato leaves have several common causes: overwatering (most common — bottom leaves yellow first), nitrogen deficiency (pale yellow all over), magnesium deficiency (yellow between veins), calcium deficiency (causes blossom end rot), or fungal disease (yellow with dark spots). Remove affected leaves, adjust your watering schedule, and check if your plants need feeding.

What vegetables grow best in raised beds?

Raised beds are ideal for tomatoes, peppers, cucumbers, zucchini, lettuce, salad greens, carrots, radishes, herbs, green beans, and strawberries. The main benefits are better drainage, warmer soil in spring, easier weed control, and better root development. easyDacha's garden map helps you plan exactly what fits in your raised bed with correct spacing.

How do I get rid of aphids on vegetable plants naturally?

Several organic methods work well against aphids. A strong spray of water knocks them off plants. Homemade sprays like hot pepper spray or diluted dish soap solution kill aphids on contact. Neem oil diluted in water is effective and safe for vegetables. You can also attract natural predators — ladybugs and lacewings eat aphids. Check plants daily and treat early before populations get out of control. The easyDacha blog has a step-by-step homemade aphid spray recipe.

How do I treat powdery mildew on vegetable plants without chemicals?

Powdery mildew appears as white powder mainly on squash, cucumbers, and tomatoes. Effective organic treatments: milk spray (1 part milk to 9 parts water, spray weekly on leaves), baking soda spray (1 teaspoon baking soda plus 1 teaspoon dish soap per quart of water), or diluted hydrogen peroxide. Remove heavily infected leaves. Improve air circulation by pruning and avoid wetting leaves when watering. The easyDacha blog has a detailed step-by-step milk spray guide.

What natural fertilizers can I make at home for my vegetable garden?

Several DIY fertilizers work well for vegetables. Fermented nettle tea (steep nettle leaves in water for 2 weeks) provides nitrogen. Wood ash adds potassium and slightly raises soil pH — good for tomatoes and peppers. Yeast fertilizer (yeast, sugar, and water) boosts soil biology. Worm compost tea is a complete all-purpose fertilizer. The easyDacha blog has step-by-step recipes for all of these.

What are the easiest vegetables to grow for beginners?

The most beginner-friendly vegetables are zucchini and squash (fast-growing and hard to kill), radishes (ready in 25 days), green beans (direct sow, minimal care), lettuce and salad greens (cut-and-come-again, very forgiving), cherry tomatoes (easier than large varieties), and herbs like basil and chives. Start with one 4x4 or 4x8 foot raised bed and 3-4 vegetables your family actually eats.

Privacy Policy

Last updated: March 17, 2026

About This Policy

This Privacy Policy explains how easyDacha C-Corp (“easyDacha,” “we,” “us,” or “our”) collects,

uses, shares, and protects your personal information when you use the easyDacha

mobile application and related services (collectively, the “Service”).

By using the Service, you agree to the practices described in this Privacy Policy.

If you do not agree, please do not use the Service.

This Privacy Policy is incorporated into and should be read alongside our Terms and Conditions.

1. Information We Collect1.1 Account & Profile Data
When you create an account, we collect:

Name and email address
Password (stored in hashed, encrypted form; we never store plaintext passwords)
Garden name — a label you choose for your garden (e.g., “My Backyard”)
ZIP code — entered when you create a garden, used to calculate frost dates, planting zones, and seasonal task schedules (see Section 1.4)
Garden content you enter: plant selections, care notes, and observations

1.2 Device & Technical Data
Automatically collected when you use the Service:

Device identifiers: IDFA (Identifier for Advertisers, iOS), IDFV (Identifier for Vendors, iOS), Android Advertising ID (GAID), and Firebase Installation ID
Device type, manufacturer, operating system version, and app version
IP address (used to infer approximate geographic region; not stored long-term)
Push notification token (used to deliver notifications via Firebase Cloud Messaging)
App performance data: crash reports, error logs, load times
Network type (Wi-Fi / cellular)

1.3 Usage & Behavioral Data
How you interact with the Service:

Feature usage events (e.g., which screens you visit, which features you use, actions you take)
Session duration, frequency of use, and navigation paths
In-app interactions: taps, scrolls, and other gestures (captured in aggregated / masked form for UX analysis — see Section 5 for Session Replay details)
A/B test assignments (which version of a feature or content you see)

1.4 Location Data
We collect two distinct types of location information, with different purposes and different privacy implications:
ZIP Code (Entered Manually)

You provide your ZIP code when creating a garden in the app.
We use it to: look up your USDA Hardiness Zone, calculate your last and first frost dates, and generate your personalized planting calendar and task schedule.
ZIP code is approximate location information. It is not classified as Sensitive Personal Information under California law (CPRA) because it does not identify your precise location.

GPS / Device Location (Permission-Based, Optional)

With your explicit permission via your device’s system permission dialog, we may access your device’s precise GPS coordinates.
Precise location is used solely for: real-time weather data and weather-based alerts (frost warnings, heat advisories) delivered via OpenWeatherMap.
If you deny location permission, the app continues to function without a weather feature.
You can grant or revoke GPS location permission at any time in your device’s Settings → Privacy → Location Services.

Important: GPS Location is Sensitive Personal Information (California)

Under the California Privacy Rights Act (CPRA), precise geolocation data is classified as

Sensitive Personal Information. We use your GPS location only to fetch real-time weather

data — nothing else. We do not sell or share your precise location for advertising.

California residents have the right to limit our use of Sensitive Personal Information

to the purposes described here. See Section 11.2 for how to exercise this right.

We do not track your location in the background. Location is accessed only when the app is in use and only if you have granted permission.

1.5 Payment Information
Payments are processed by third-party providers (Apple In-App Purchase, Google Play Billing, or Stripe). easyDacha does not collect, store, or have access to your full payment card number, CVV, or bank account details. We receive only transaction confirmation, subscription status, and a masked payment reference.

1.6 Garden Content & User-Added Plants
Content you create within the Service:

Garden plans and layouts
Plant entries, care notes, and observations
Photos you upload to document your plants or garden
Custom plant entries you add when a plant is not in our library (see Sections 3 and 7 for how these may be used)

The photos you upload are your content. For details on how we may use User-Added Plant photos in the shared plant library, see our Terms and Conditions, Section 5.

1.7 Communications Data
When you contact us or interact with our messages:

Your name, email address, and message content when you write to support
Email engagement data: open rates, link clicks (tracked by Customer.io for transactional and product emails)
In-app message interactions

1.8 Data We Do Not Collect

We Do Not Collect

Full payment card numbers, CVV, or bank account details

Social Security numbers or government-issued ID numbers

Health or medical information

Content of messages in other apps or outside our Service

Contact lists or address books

Background location (GPS is accessed only while the app is in active use)

Personal data from children under 13 (see Section 13)

2. How We Use Your Information
We use the information we collect for the following purposes:

Purpose	Data Used	Legal Basis (GDPR)
Providing the Service: account management, garden plans, care plans, plant database	Account data, garden content, location	Contract Performance
Personalizing your experience: localized weather, seasonal schedules, care plan timing based on your ZIP code and frost dates	ZIP code, GPS location (if granted), plant selections	Contract Performance / Legitimate Interest
AI-Assisted Content: generating plant descriptions, care tips, seasonal advice, and visual assets (sprites) displayed in the app. AI is used for content only — we do not use AI to profile individual users or make automated decisions about users.	Plant type, ZIP code / region, garden data (non-identifiable for AI processing)	Legitimate Interest
Push notifications: task reminders, weather alerts, seasonal tips	Push token, usage data, location	Consent
Email communications: transactional (receipts, password reset), onboarding, product updates	Email address, account data	Contract Performance / Legitimate Interest
Marketing emails and campaigns: promotions, re-engagement	Email address, usage data	Consent
Analytics & product improvement: understanding feature usage, fixing bugs	Usage data, device data, crash logs	Legitimate Interest
UX research: Session Replay analysis to improve app flows (see Section 5)	Masked screen interaction data	Legitimate Interest
Mobile attribution: attributing app installs to advertising campaigns (when ads are active)	Device ID (IDFA/GAID)	Consent (ATT on iOS) / Legitimate Interest
Payment processing and subscription management	Transaction data, subscription status	Contract Performance / Legal Obligation
Fraud prevention, security, and legal compliance	Account data, device data, IP address	Legal Obligation / Legitimate Interest
Aggregated research: anonymized, non-identifiable insights about gardening patterns	Anonymized data	Legitimate Interest

3. Third-Party Services & Data Processors
We work with trusted third-party service providers to operate the Service. Each provider acts as a data processor under a Data Processing Agreement (DPA) and may only use your data for the specific purposes listed below.
The following table lists all third-party services currently integrated or planned for integration into the Service:

Service	Provider	Purpose	Data Received
Firebase Analytics	Google LLC	App event analytics and funnel tracking	Device ID, events, session metadata
Firebase Crashlytics	Google LLC	Crash and error reporting	Device info, OS version, crash stack traces
Firebase Cloud Messaging (FCM)	Google LLC	Delivery of push notifications	Push notification token
Firebase Remote Config	Google LLC	A/B testing and feature flags	Device ID, app version
Firebase Authentication	Google LLC	User account authentication	Email address, auth tokens
Google Analytics	Google LLC	Web analytics (website visitors)	IP address (anonymized), browser, behavior
Amplitude Analytics	Amplitude Inc.	Behavioral analytics: events, funnels, retention	User ID, device ID, events, session data
Amplitude Session Replay	Amplitude Inc.	UX research: masked screen recordings (see Section 5)	Masked interaction sequences, screen flow data
AppsFlyer	AppsFlyer Ltd.	Mobile attribution: attributing installs to ad campaigns (when paid ads are active)	Device ID (IDFA/GAID), install event data
Customer.io	Peaberry Software Inc.	Email & in-app messaging: transactional, onboarding, product, marketing, weather alerts	Email address, user ID, behavioral events
OpenWeatherMap	OpenWeather Ltd. (UK)	Real-time weather data, forecasts, and frost/freeze alerts for your garden location	ZIP code (always); GPS coordinates (only when location permission is granted). No personal identifiers are transmitted.
Stripe	Stripe Inc.	Payment processing (web / direct purchases)	Payment card data (handled entirely by Stripe; easyDacha does not receive card details)
Apple In-App Purchase	Apple Inc.	Payment processing (iOS subscriptions)	Transaction data (handled by Apple)
Google Play Billing	Google LLC	Payment processing (Android subscriptions)	Transaction data (handled by Google)

We may add new service providers over time. When we do, we will update this Privacy Policy and, where required by law, notify you before the new provider begins processing your data.
All third-party providers are required to: process your data only for the specified purposes; maintain appropriate security measures; comply with applicable data protection laws, including GDPR and CCPA; and enter into a Data Processing Agreement with us.
Third-Party Links: Our app and website may contain links to third-party websites or services not listed in the table above. This Privacy Policy does not govern those third-party services or websites. We encourage you to review the privacy policies of any third-party service before providing personal information.

4. Advertising, Attribution & Apple App Tracking Transparency4.1 Mobile Attribution
We use AppsFlyer to understand which marketing channels (e.g., social media ads, search ads) lead users to download and install the easyDacha app. This is called “mobile attribution.” When we run paid advertising campaigns, AppsFlyer may receive your device advertising identifier (IDFA on iOS or GAID on Android) to match your install to a campaign.
We do not run personalized advertising within the easyDacha app itself. We do not sell your data to advertising networks or data brokers.

4.2 Apple App Tracking Transparency (ATT) — iOS
On iOS devices, Apple’s App Tracking Transparency framework requires us to ask your permission before accessing your IDFA for cross-app tracking purposes. When you first open the app, you may see a system prompt asking whether to allow tracking.

If you allow tracking: your IDFA may be shared with AppsFlyer for attribution when we run ad campaigns.
If you deny tracking: we will not access your IDFA. Analytics will be based on anonymized, aggregate data only.
You can change this permission at any time in iOS Settings → Privacy & Security → Tracking.

4.3 Android Advertising ID (GAID)
On Android devices, you can opt out of ad personalization in Google Settings → Ads → Delete advertising ID or opt out of ads personalization. If you opt out, we will not use your GAID for attribution.

4.4 California — Right to Opt Out of “Sharing” (CPRA)
Under the California Privacy Rights Act (CPRA, effective January 2023), sharing personal data with third parties for cross-context behavioral advertising — even without payment — is treated similarly to selling. When we run advertising campaigns using AppsFlyer, this may constitute “sharing” under CPRA.
California residents have the right to opt out of the sharing of their personal information. To exercise this right, email us at [email protected] with the subject line “Do Not Share My Personal Information — [Your Name].” You may also opt out through your device settings (ATT on iOS; GAID opt-out on Android).
Global Privacy Control (GPC): We also honor Global Privacy Control signals. If your web browser transmits a GPC signal when you visit easydacha.com, we will treat it as a request to opt out of the sharing of your personal information for cross-context behavioral advertising. Note: GPC operates at the browser level and applies to website visits only; it does not automatically apply to in-app data. To opt out of app-level sharing, use the device settings described in Sections 4.2 and 4.3 above.

5. Session Replay & UX Research (Amplitude)
We use Amplitude’s Session Replay feature to analyze how users navigate the easyDacha app. This helps our product and UX team identify usability issues, understand where users encounter difficulties, and improve the app experience.

How Session Replay Works

Session Replay records the sequence of screens and interactions (taps, scrolls, navigation) a user takes during an app session. It does NOT capture:

The actual text you type (all input fields are masked / replaced with ■■■)

Your email address, username, passwords, or any credentials

Content from other apps or outside our Service

The following screens are excluded from Session Replay recording entirely:

Payment and subscription screens

Account settings and profile screens

Any screen containing personal data fields

What IS recorded:

Which screens you visit and in what click

Tap locations (shown as dots, no content captured)

Scroll depth and navigation patterns

Additional safeguards we apply:

High masking level enabled in the Amplitude SDK: all visible text and input fields are replaced with placeholder blocks before any data leaves your device.
Access to Session Replay recordings is restricted to a limited number of product and UX team members.
Recordings are automatically deleted from Amplitude’s servers after 90 days.
Session Replay data is processed by Amplitude as our data processor under a signed DPA, which includes Standard Contractual Clauses (SCCs) for international transfers.

Legal basis for Session Replay: Legitimate Interest. We have conducted a Legitimate Interest Assessment (LIA) and determined that UX improvement through masked, privacy-preserving session recording is proportionate and does not override users’ privacy rights, given the strong masking measures applied.
Opt-out: If you wish to opt out of Session Replay, email [email protected] with the subject “Session Replay Opt-Out — [Your Name].” We will configure your account to exclude it from recording.

6. Email & In-App Communications (Customer.io)
We use Customer.io to manage and send several types of communications:

Type	Examples	Consent Required?	How to Opt Out
Transactional	Registration confirmation, password reset, subscription receipts	No — required for Service	Cannot opt out (required for account function)
Product / Onboarding	Getting started tips, feature announcements, care plan reminders	No — Legitimate Interest	Unsubscribe link in email or contact support
Weather Alerts	Frost warnings, extreme heat alerts affecting your plants	No — Legitimate Interest	Unsubscribe link in email or contact support
Marketing	Promotions, discounts, seasonal campaigns, re-engagement	Yes — explicit consent required	Unsubscribe link in email or contact support
In-App Messages	Feature tips, announcements, survey prompts within the app	No — Legitimate Interest	Contact support to disable in-app messaging

Customer.io receives your email address, user ID, and behavioral events (e.g., “user has not opened the app in 7 days”) to power automated messaging. Customer.io does not use your data for their own advertising purposes.
You can manage your email preferences at any time by clicking “Unsubscribe” in any email or by contacting [email protected]. Opting out of marketing emails does not affect transactional communications.

7. Data Sharing & Disclosure
7.1 What We Do Not Do

We Do Not Sell Your Personal Data

easyDacha does not sell your personal information to third parties for money.

We do not sell data to data brokers, advertising exchanges, or lead generation companies.

We do not share personal information with third parties for their own direct marketing

purposes. (California residents: this is our disclosure under Cal. Civ. Code §1798.83

— the “Shine the Light” law.)

When we run advertising campaigns, we may “share” limited device identifiers with AppsFlyer

(see Section 4). California residents have the right to opt out of this sharing (see Section 11.2).

Nevada residents: we do not sell your covered information. To submit a Nevada opt-out

request (NRS 603A), contact [email protected] — Subject: “Nevada Privacy Request.”

7.2 When We Do Share Data
We share data only in the following circumstances:

Service Providers: with the third-party processors listed in Section 3, under written DPAs, solely for the purposes described.
Legal Requirements: when required by law, court order, subpoena, or government regulation, or when necessary to protect the rights, property, or safety of easyDacha, our users, or the public.
Business Transfers: in the event of a merger, acquisition, sale of assets, or reorganization, your data may be transferred to the successor entity. We will notify you before your data is subject to a different privacy policy.
With Your Consent: for any other purpose, only with your explicit prior consent.

7.3 Aggregated & Anonymized Data
We may share aggregated, anonymized data (data that cannot reasonably identify any individual) for research, industry analysis, or product improvement purposes. This data does not constitute personal information under applicable law.

8. Cookies & Tracking Technologies
Cookies and similar technologies are primarily used on our website (easydacha.com). Our mobile app does not use browser cookies but uses equivalent technologies such as device identifiers and local storage.

Technology	Used In	Purpose	Can You Opt Out?
Session cookies	Website	Maintain your login session	Yes — browser settings
Analytics cookies (Google Analytics)	Website	Understand visitor behavior on the website	Yes — browser settings / Google opt-out
Device identifiers (IDFA, GAID, IDFV)	Mobile App	Analytics, attribution, personalization	Yes — device settings (see Section 4)
Firebase Installation ID	Mobile App	App instance identification for analytics and FCM	Limited — tied to app installation
Local storage	Mobile App	Store app preferences and cached data locally on device	No — cleared by uninstalling app

Global Privacy Control (GPC): Our website responds to GPC signals as described in Section 4.4. We also honor browser-based “Do Not Track” (DNT) signals for our website where technically feasible. Our mobile app does not respond to DNT or GPC signals, as no standardized mobile protocol currently exists; however, you can manage tracking through your device’s operating system settings as described in Section 4.

9. Data Retention
We retain personal data only as long as necessary for the purposes described in this Privacy Policy, or as required by law. The following retention periods apply:

Data Category	Retention Period	Reason
Account & profile data	For the duration of your account; deleted within 30 days of account deletion request	Service provision
Garden plans, plant data, care notes	For the duration of your account; deleted within 30 days of account deletion	Service provision
User-Added Plant photos selected for Shared Library	Indefinitely (post-deletion, if selected — see Terms §5.2)	License rights granted by user
Analytics events (Firebase, Amplitude)	13 months from collection (Firebase default); 12 months (Amplitude)	Product improvement
Session Replay recordings (Amplitude)	90 days from recording date	UX research
Crash & error logs (Crashlytics)	90 days from collection	Bug resolution
Email engagement data (Customer.io)	Duration of account; deleted within 60 days of account deletion	Communication management
Payment & transaction records	7 years from transaction (U.S. tax law requirements)	Legal obligation
Communication records (support emails)	3 years from last interaction	Legal compliance / dispute resolution
Inactive account data	24 months of inactivity, then deletion per our Terms §14	Data minimization

When data is deleted, we use secure deletion methods. Some data may be retained in anonymized, aggregated form after deletion; this data cannot be used to identify you.

10. Security
We implement technical and organizational measures to protect your personal data, including:

Encryption in transit (HTTPS/TLS for all data transfers between your device and our servers)
Encryption at rest for sensitive data
Access controls: employee access to personal data is role-based and limited to those who need it
Regular security assessments of our systems and third-party providers
Incident response procedures for detecting and responding to data breaches

No system is completely secure. If we become aware of a security breach affecting your personal data, we will notify you and applicable authorities as required by law (within 72 hours under GDPR; as required by applicable U.S. state breach notification laws).

11. Your Privacy Rights11.1 All U.S. Users
Regardless of your state of residence, you may:

Request access to the personal information we hold about you
Request correction of inaccurate personal information
Request deletion of your account and associated personal data
Opt out of marketing communications (unsubscribe link in emails or contact support)
Opt out of Session Replay (contact [email protected])

11.2 California Residents (CCPA / CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and share.
Right to Delete: request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, completed transactions).
Right to Correct: request correction of inaccurate personal information.
Right to Opt Out of Sharing: opt out of the sharing of your personal information for cross-context behavioral advertising (see Section 4.4). You may also use a Global Privacy Control signal when visiting our website.
Right to Limit Use of Sensitive Personal Information: limit our use of your precise GPS location data to the purposes described in Section 1.4 (real-time weather only). We do not use sensitive personal information for any other purpose.
Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights.

Sensitive Personal Information We Collect
Under CPRA, the following data we collect is classified as Sensitive Personal Information:

Precise geolocation (GPS coordinates) — collected only when you grant location permission; used only for real-time weather data via OpenWeatherMap.

We do not collect other CPRA sensitive categories (e.g., Social Security numbers, financial account data, biometric data, health data, or contents of messages).
To submit a request: email [email protected] with subject line “California Privacy Request — [Request Type].”

Response Timelines

Acknowledgment of request: within 10 business days

Substantive response: within 45 calendar days

Extension (if needed): additional 45 days with prior notice to you

Identity Verification: We will verify your identity before fulfilling a request. For access or deletion requests, we will match the email address in your request against your registered account. We use a proportionate verification standard based on the sensitivity of the data requested.
Authorized Agent Requests
You may designate an authorized agent to submit a CCPA/CPRA request on your behalf. To use an authorized agent:

Provide the agent with written, signed permission to submit privacy requests on your behalf (email authorization is acceptable).
The agent must include a copy of your signed authorization when submitting the request to [email protected].
We may contact you directly to verify your identity and confirm the authorization, even when an authorized agent is acting on your behalf.
We will not penalize you for using an authorized agent.

California Shine the Light (Cal. Civ. Code §1798.83): We do not share personal information with third parties for their own direct marketing purposes. California residents therefore do not need to submit a Shine the Light request, but may contact us at [email protected] with any questions.

11.3 EU / EEA / UK Residents (GDPR / UK GDPR)
If you are located in the EU, EEA, or UK, you have the following rights under GDPR / UK GDPR:

Right of Access: obtain a copy of your personal data and information about how it is processed.
Right to Rectification: have inaccurate personal data corrected.
Right to Erasure (“Right to be Forgotten”): request deletion of your data where there is no legitimate reason to continue processing it.
Right to Restriction: request that we restrict processing of your data in certain circumstances.
Right to Data Portability: receive your data in a structured, machine-readable format and transfer it to another controller.
Right to Object: object to processing based on legitimate interests or for direct marketing purposes.
Right Not to be Subject to Automated Decisions: where we use automated processing that significantly affects you, you have the right to human review. Note: our AI features are used only to generate general plant and gardening content — they do not make individualized decisions about you.
Right to Withdraw Consent: withdraw consent at any time where processing is based on consent (withdrawal does not affect prior lawful processing).

To exercise these rights, contact [email protected]. We will respond within 30 days (extendable by 60 days for complex requests, with notice). You also have the right to lodge a complaint with your national supervisory authority.
easyDacha primarily serves users in the United States. As we expand to EU/EEA markets, we will maintain full GDPR compliance and will appoint an EU representative as required under GDPR Article 27.

11.4 Other U.S. State Residents
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and a growing number of other states have enacted comprehensive consumer privacy legislation. If you are a resident of one of these states, you may have rights that include some or all of the following:

Right to access and obtain a copy of your personal data
Right to correct inaccurate personal data
Right to delete personal data you have provided or that we have collected
Right to data portability (receive your data in a portable format)
Right to opt out of the sale of your personal data — we do not sell personal data (see Section 7.1)
Right to opt out of personal data processing for targeted advertising — see Sections 4 and 7 for our sharing practices and how to opt out
Right to opt out of profiling used for decisions with significant legal or similarly significant effects — we do not engage in such profiling; our AI is used only for content generation, not for individual user decision-making

To exercise any of these rights, email [email protected]. We will acknowledge your request within 10 business days and respond within 45 days.

11.5 International Residents — Brazil, Canada, and Australia
Brazil (LGPD — Lei Geral de Proteção de Dados)
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados Pessoais (LGPD) including the right to: confirm whether we process your personal data; access your data; correct incomplete or inaccurate data; request anonymization, blocking, or deletion of unnecessary or excessive data; request data portability; and revoke consent at any time.
Brazil's data protection authority (ANPD) may be contacted at gov.br/anpd if you believe we have not addressed your request adequately. To submit a request, email [email protected] with subject line "Brazil Privacy Request — [Request Type]."
Canada (PIPEDA and Quebec Law 25)
If you are located in Canada, you have rights under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) to access personal information we hold about you, to challenge its accuracy, and to withdraw consent to its use. We will respond to access requests within 30 days.
If you are a resident of Quebec, you have additional rights under Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), including the right to be informed of any cross-border transfers of your personal information and the right to request that we cease using your data for certain purposes. To submit a request, email [email protected] with subject line "Canada Privacy Request — [Request Type]."
Australia (Privacy Act 1988)
If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the right to access personal information we hold about you and to request its correction. If you believe we have breached the APPs, you may first contact us directly; if unresolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. To submit a request, email [email protected] with subject line "Australia Privacy Request — [Request Type]."

Right to Appeal

If we decline your privacy rights request, you may appeal our decision.

To appeal: reply to our denial email with the subject “Privacy Request Appeal — [Your Name]” and explain why you believe your request should be granted.

We will review your appeal and respond within 60 days. If your appeal is denied, you may contact your state’s Attorney General or applicable supervisory authority.

This appeal right applies to residents of Virginia, Colorado, Connecticut, Texas, and other states whose privacy laws require it.

12. International Data Transfers
easyDacha is based in the United States. Your personal data is primarily processed and stored in the United States. If you use the Service from the EU, EEA, UK, or other regions with data protection laws that differ from U.S. law, your data will be transferred to and processed in the U.S.
For transfers of personal data from the EU/EEA/UK to the U.S., we rely on the following transfer mechanisms:

Standard Contractual Clauses (SCCs) approved by the European Commission (June 2021 version) in our agreements with third-party processors;
UK International Data Transfer Addendum (IDTA) for transfers of UK personal data;
Adequacy decisions where applicable.

All third-party processors listed in Section 3 who process EU/UK personal data have signed DPAs incorporating appropriate SCCs or equivalent safeguards. Where we transfer personal data from Brazil, Canada, or Australia to the United States, we rely on contractual safeguards, user consent, or other mechanisms available under applicable local law to ensure your data remains protected.

13. Children’s Privacy
The Service is not directed to children under 13 years of age (or under 16 in the EU/EEA, where member state law requires). We do not knowingly collect personal information from children under 13.
If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe we have inadvertently collected such information, please contact us at [email protected].
Users aged 13–17 may use the Service with parental consent. If you are a parent and have questions about your child’s use of the Service, please contact us.

14. Do Not Track
Some browsers offer a “Do Not Track” (DNT) feature that signals websites that the user does not want to be tracked. Our website attempts to honor DNT signals where technically feasible. However, no uniform technical standard for DNT currently exists, and we cannot guarantee full DNT compliance across all circumstances.
Our mobile app does not process DNT signals, as no standardized mobile equivalent exists. You can manage tracking preferences through your device’s operating system settings (see Sections 4 and 8).

15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make changes:

We will update the “Last Updated” date at the top of this page.
For material changes, we will notify you through the App or by email to your registered address at least 14 days before the change takes effect.
Your continued use of the Service after the effective date of any change constitutes your acceptance of the updated Privacy Policy.

If you do not agree with a material change, you may delete your account before the effective date.

16. Contact & Privacy Requests

easyDacha C-Corp — Privacy Contact

General Privacy Questions: [email protected]

California Privacy Requests (CCPA/CPRA): [email protected]

Subject: “California Privacy Request — [Request Type]”

Other State Privacy Requests: [email protected]

Subject: “Privacy Request — [State] — [Request Type]”

Privacy Request Appeals: [email protected]

Subject: “Privacy Request Appeal — [Your Name]”

Session Replay Opt-Out: [email protected]

Subject: “Session Replay Opt-Out — [Your Name]”

Do Not Share (CPRA / GPC): [email protected]

Subject: “Do Not Share My Personal Information — [Your Name]”

Nevada Privacy Request (NRS 603A): [email protected]

Subject: “Nevada Privacy Request”

DMCA Copyright Notices: [email protected] (DMCA-1065270)

Brazil Privacy Request (LGPD) [email protected]

"Brazil Privacy Request — [Request Type]"

Canada Privacy Request (PIPEDA / Quebec) [email protected]

"Canada Privacy Request — [Request Type]"

Australia Privacy Request (Privacy Act) [email protected]

"Australia Privacy Request — [Request Type]"

Mailing Address:

easyDacha C-Corp

23253 E Ida Pl, Aurora, CO 80015

United States