Gardenstead Privacy Policy

Effective Date: August 22, 2025

Gardenstead ("Gardenstead," "we," "us," or "our") operates the website at https://www.gardenstead.com and our mobile applications (together, the "Services"). We understand the importance of privacy and are committed to protecting your personal information. This Privacy Policy explains what we collect, how we use and share it, how long we keep it, and the rights and choices available to you.

At-a-glance: We don’t sell your personal information. We use trusted processors (e.g., hosting, analytics, email providers) under contract. You can delete your account and request erasure; we remove data from active systems within 30 days and from backups within 90 days (unless required by law). A 14-day grace period may apply to account deletions. You can request a portable copy of your data. We keep anonymized analytics indefinitely.

1) Who We Are & Scope

This Policy applies to all users of the Gardenstead Services worldwide. If a region‑specific rule applies (e.g., EU/UK GDPR, California CCPA/CPRA, Canada’s PIPEDA), we describe it below.

Controller / Organization: Gardenstead
Contact: support@gardenstead.com

2) Consent & Other Legal Bases

Consent. By using the Services, you consent to this Policy and to the processing of your information as described here. In some cases (e.g., optional newsletters, certain cookies), we rely on your express consent.

Other lawful bases (GDPR/UK GDPR). Depending on the activity, we may process personal data on the basis of:

• Contract (to provide the Services you request);
• Legitimate interests (e.g., to secure the Services, prevent abuse, improve features);
• Legal obligation (e.g., tax and accounting retention);
• Consent (e.g., marketing emails, certain analytics/cookies, geolocation when enabled).

You can withdraw consent at any time (this does not affect processing prior to withdrawal).

3) What Personal Data We Collect and Why

We collect information directly from you, automatically through your use of the Services, and from service providers operating on our behalf. Examples include:

• Comments: When visitors leave comments, we collect the data shown in the comment form, plus the visitor’s IP address and browser user agent string to help with spam and abuse detection.
• Media Uploads: If you upload images, avoid including embedded location data (EXIF GPS). Other users/visitors could download and extract location data from images you upload.
• Contact Forms & Newsletter Subscriptions: If you contact us or subscribe to our newsletter, we collect your name and email address to respond and send updates. You can unsubscribe at any time.
• Cookies & Similar Technologies: We use cookies to remember preferences, provide personalized content, track newsletter access, and measure usage.
• Embedded Content from Other Websites: Articles may include embedded content that behaves as if you visited the third-party site directly.
• Surveys: We may collect anonymized survey responses to improve our Services.
• Analytics: We use analytics tools (e.g., Google Analytics) to understand engagement and improve the Services.

4) How We Use Your Data

We use personal information to:

• Provide, operate, and maintain the Services;
• Personalize and improve your experience;
• Understand usage and develop new features and offerings;
• Communicate with you (support, service updates, newsletters with consent);
• Prevent fraud, spam, and abuse; ensure security;
• Comply with legal obligations.

We do not use your content to train models for third parties, and we do not make automated decisions that produce legal or similarly significant effects without human involvement.

5) Who We Share Your Data With (Processors)

We do not sell your personal information. We share limited data with trusted service providers who process it on our behalf under contracts that require confidentiality and appropriate security. Examples include hosting, analytics, email/notification services, and payment processors.

Third-party deletions: When you submit an access or deletion request, we will notify relevant processors and instruct them to act accordingly.

6) Data Retention & Deletion

We keep personal information only as long as necessary for the purposes described here or as required by law.

• Personal identifiers: Deleted within 30 days of account deletion or verified request; from backups within 90 days.
• User content: Deleted within 30 days (active systems), 90 days (backups).
• Analytics data: Deleted or anonymized within 30 days; anonymized data retained indefinitely.
• Fraud/Security logs: 6–12 months.
• Transaction & legal records: Up to 7 years.
• Backups: Overwritten within 90 days.
• Anonymized data: Retained indefinitely.

Account Deletion Workflow

1. Pending deletion grace period (14 days);
2. Deletion from active systems within 30 days;
3. Backups purged within 90 days;
4. Retention exceptions for legal/tax/security;
5. Proof of deletion maintained in anonymized records.

7) Your Privacy Rights

GDPR/UK GDPR: Rights to access, rectify, erase, restrict/object, portability, withdraw consent, complain to authorities.

CCPA/CPRA: Rights to know, delete, correct, opt-out of sale/sharing. We do not sell or share PI for cross-context advertising.

PIPEDA (Canada): Rights to access, correct, withdraw consent, and complain to the OPC.

Requests: Contact support@gardenstead.com. We respond within 30–45 days.

8) Children’s Privacy

We do not knowingly collect personal information from children under 13 in the US or under 16 in the EU/UK without parental consent.

9) Security

We use reasonable technical, administrative, and physical safeguards to protect information. No system is completely secure.

10) International Data Transfers

Your information may be processed in countries other than your own. Where required, we implement safeguards (e.g., EU Standard Contractual Clauses).

11) Your Choices

• Email marketing: Unsubscribe anytime.
• Cookies: Manage via browser/device settings or cookie controls.
• Do Not Track: We do not respond to DNT signals; manage via cookie settings.

12) Changes to This Policy

We may update this Policy. Material changes will be notified by email/in-app and the Effective Date updated.

13) Contact Us & Complaints

Gardenstead
Email: support@gardenstead.com
EU/UK users: Contact local data protection authority or ICO.
Canadian users: Contact the Office of the Privacy Commissioner of Canada (OPC).