Privacy Policy
Last updated: 2 July 2026
Who we are
DemetraGarden (demetragarden.co.uk) is a garden planning tool for UK gardeners. We are a small independent project, not a large corporation. Your privacy matters to us.
What data we collect
- Account details: your name, email address, and password (stored as a bcrypt hash — we never see your plain password).
- Location: an optional UK postcode you can add to your profile, used only to show local weather and sowing guidance. Latitude/longitude coordinates are derived from your postcode via a public UK geocoding service.
- Garden plans: the garden layouts you design and save, stored in our database associated with your account.
- Journal entries and tasks: garden notes, photos, and reminders you create.
- Harvest log and seed box: records you add voluntarily.
- Session data: a session cookie keeps you logged in. It contains only a random session ID, no personal data.
What we do NOT collect
- We do not use analytics trackers (no Google Analytics, Facebook Pixel, etc.).
- We do not sell or share your data with third parties for marketing.
- We do not show you targeted ads.
- We do not store payment card details (we have no paid features at this time).
Cookies
We use one essential session cookie (PHPSESSID) that keeps you logged in. Without it, the site cannot work while you are signed in. We do not use any advertising or tracking cookies.
Third-party services
- Open-Meteo — free weather API used to show local forecasts. Your postcode coordinates are sent to their servers. See their privacy policy.
- postcodes.io — free UK geocoding. Your postcode is sent to resolve coordinates. No personal data is stored by this service.
- Google reCAPTCHA v3 — used on registration and login forms to prevent spam bots. Google may collect device data. See Google's privacy policy.
- Tailwind CSS CDN and Fabric.js CDN — frontend libraries loaded from external CDNs. These are static file requests; no personal data is included.
How long we keep your data
Your data is kept for as long as your account exists. If you delete your account, all associated data (garden plans, journal entries, tasks) is deleted. We do not keep archives of deleted accounts.
Your rights (UK GDPR)
You have the right to:
- Access your personal data — email us and we will send you a copy.
- Correct inaccurate data — update most of it yourself in your profile.
- Delete your account and all associated data.
- Portability — request an export of your garden plans and journal entries.
- Withdraw consent at any time (though note that the session cookie is essential for the service to function while logged in).
Data security
Our server uses SSL (HTTPS). Passwords are hashed with bcrypt. Database credentials are never committed to version control. We apply reasonable technical measures to protect your data, though no internet service can guarantee absolute security.
Contact
Questions about your data? Email us at hello@demetragarden.co.uk. We aim to respond within 5 working days.