Project FoodProject Food

Privacy Policy

Effective date: 8 May 2025

This Privacy Policy explains how Project Food collects, uses, and protects your personal data. It applies to all users of the Project Food app and website.

1. Who We Are

Project Food is the data controller responsible for your personal data. You can reach us via our Discord community.

2. What Data We Collect

When you use Project Food, we collect the following:

  • Name and email address, provided by Google when you sign in via Google OAuth
  • Your plant logs — the plants you log and when
  • Your locale preference, stored in a functional cookie called pf_locale
  • Standard technical logs generated by our hosting and database providers

3. Legal Basis for Processing

We process your data on the following grounds under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)) — to provide the service you signed up for
  • Legitimate interest (Art. 6(1)(f)) — to maintain security and stability of the platform

4. Data Processors

We use the following trusted sub-processors to operate the service:

  • Supabase — database and authentication (EU/US, Data Processing Agreement in place)
  • Vercel — hosting and edge network (US, Standard Contractual Clauses in place)
  • Google — OAuth sign-in provider

5. Cookies

Project Food uses one cookie: pf_locale, which stores your language preference for up to one year. This is a strictly functional cookie — it does not track you and does not require your consent under GDPR. If we add analytics or advertising cookies in the future, we will update this policy and request your consent.

6. Your Rights

Under GDPR Articles 15–20, you have the right to:

  • Access — request a copy of the data we hold about you (Art. 15)
  • Rectification — correct inaccurate or incomplete data (Art. 16)
  • Erasure — request deletion of your account and all associated data (Art. 17)
  • Portability — receive your data in a structured, machine-readable format (Art. 20)
  • Restriction and objection — limit or object to how we process your data (Art. 18, 21)

To exercise any of these rights, reach us on our Discord community.

7. Data Retention

We keep your data for as long as your account is active. After you request account deletion, your personal data is permanently deleted within 30 days.

8. No Sale of Data

We do not sell, rent, or trade your personal data to any third party, ever.

9. Supervisory Authority

If you believe we have not handled your data correctly, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email before they take effect.

11. Contact

For privacy-related questions, join our Discord community.

Privacy Policy | Project Food