PlantGuard Privacy Policy

What Data We Collect

PlantGuard collects the minimum data necessary to provide plant shipping compliance validation for your Shopify store:

  • Your Shopify store domain (to associate your settings and product tags)
  • Product IDs and titles (to link your products to plant species in our database)
  • Shipping destination state codes (two-letter codes like "CA" or "FL") from checkout events, used to check compliance
  • Compliance event logs (which products were blocked, warned, or allowed by state — no customer names, emails, or addresses)

How We Use Your Data

  • To validate whether live plant products can be shipped to a customer's state based on agricultural regulations
  • To display compliance analytics on your dashboard (blocked orders by state and species)
  • To maintain an audit trail of compliance events for your records

We do not sell, share, or use your data for marketing or advertising purposes. Your data is used solely to provide the PlantGuard compliance service.

Data Retention and Deletion

Your data is retained as long as PlantGuard is installed on your store. When you uninstall the app:

  • Authentication sessions are deleted immediately upon uninstall
  • All remaining shop-specific data (product tags, compliance logs, and settings) is permanently deleted within 48 hours via Shopify's mandatory data redaction process

Your Rights (GDPR)

PlantGuard supports the following data rights through Shopify's built-in GDPR webhook system:

  • Right to access: Request a copy of data we store about your customers (PlantGuard stores no customer personal information — only anonymized state codes)
  • Right to deletion: Customer data deletion requests are acknowledged automatically. Shop data is fully purged within 48 hours of uninstalling
  • Right to portability: All compliance data is available in your PlantGuard dashboard while the app is installed

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. PlantGuard does not sell personal information to third parties. We do not collect personal information from end consumers — only merchant store data (shop domain, product IDs) and anonymized two-letter state codes from checkout events. California merchants may request deletion of their data by uninstalling the app, which triggers automatic data purging within 48 hours.

Data Processing Role

PlantGuard acts as a data processor on behalf of merchants (data controllers) as defined under GDPR. We process data solely for the purpose of providing the compliance validation service as instructed by the merchant through their app configuration. We do not independently determine the purposes or means of processing merchant or customer data.

Customer Data

PlantGuard does not collect or store any customer personal information. The checkout validation function runs entirely on Shopify's infrastructure and only reads product metafields and the shipping address state code. No customer names, email addresses, phone numbers, or full addresses are ever sent to or stored by PlantGuard.

Contact

For questions about this privacy policy or your data, contact us at: plantguard.support@gmail.com

For our full Terms of Service, visit: plantguard.app/terms

Last updated: April 2026