Privacy Policy

• Provide the Service: Process plant, weed, and pest identification; generate care guides, treatment plans, and product recommendations.
• Improve accuracy: Analyze anonymized scan data to improve our AI identification models and recommendation quality.
• Manage your account: Authenticate you, manage subscriptions, and provide customer support.
• Communicate with you: Send service-related messages such as OTP verification codes, subscription confirmations, and important updates about the Service.
• Security: Detect fraud, abuse, and unauthorized access; enforce rate limits; and maintain the integrity of the Service.

We do not sell or share your personal information for cross-context behavioral advertising. We disclose data only to the following categories of service providers, each of which processes data on our behalf under a data processing agreement:

• AI service providers: Photos and scan context are sent to Anthropic (Claude AI) and Plant.id for species identification and diagnosis. These providers process data under contract and do not use your photos for their own training purposes.
• Payment processor: Stripe, Inc. processes subscription payments and, for users who enable client invoicing, operates as a Stripe Connect platform to route payments from your clients to your connected Stripe account. See Stripe's Privacy Policy.
• Product analytics: PostHog receives pseudonymous event data — device type, pages viewed, features used, scan counts, subscription events, and referral activity — to help us understand how the Service is used and improve it. Photos, job site addresses, and client contact information are never sent to PostHog.
• Infrastructure providers: Supabase (database, authentication, and SMS verification — Supabase delegates SMS delivery to Twilio) and Vercel (hosting) process data on our behalf.
• Team members: If you belong to a company team, team administrators can see shared job sites and scan data associated with the team.
• Legal requirements: We may disclose information when required by law, court order, or to protect the rights, safety, or property of ProScaper or others.

Your data is stored on Supabase (powered by Amazon Web Services) servers in the United States. We use industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest
• Row-level security (RLS) policies ensuring users can only access their own data
• Timing-safe comparison for access codes to prevent timing attacks
• Rate limiting on authentication endpoints to prevent brute-force attacks
• Nonce-based Content Security Policy to prevent cross-site scripting

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Breach notification: If we become aware of a breach of unencrypted personal information, we will notify affected users without unreasonable delay and in accordance with applicable US state breach notification laws.

• Account data: Retained while your account is active. When you request deletion (see Section 6), we permanently remove your profile, scan history, and associated data within 30 days.
• Scan history and photos: Retained while your account is active. You can archive or delete individual scans at any time.
• Payment records: Retained as required by financial regulations (typically 7 years).
• Server logs: Retained for 90 days for security and debugging purposes.

• Access and portability: You can view and export your scan history and account data at any time within the app.
• Correction: You can update your profile information in the Account section of the app.
• Deletion: You can delete your account directly from the Account settings page. This immediately removes your profile, scan history, photos, job sites, estimates, invoices, and associated data, and cancels any active Stripe subscription. You may also email privacy@proscaper.com if you prefer an assisted deletion or cannot access your account. Certain records (e.g., payment records) may be retained longer where required by law.
• Location permissions: You can revoke location access through your device settings at any time. You can still use the app by setting your USDA zone manually.
• Camera permissions: You can revoke camera access through your device settings, though the scanning feature requires camera access to function.

California residents (CCPA/CPRA): California residents have additional rights under the California Consumer Privacy Act, including the right to know, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising. To exercise your rights, email privacy@proscaper.com from the address associated with your account. We will verify your identity by matching the requesting email to the one on file and respond within 45 days. You may also designate an authorized agent to submit requests on your behalf; we may require written authorization and verification of the agent's identity.

Residents of other US states: Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Delaware (DPDPA), Iowa (ICDPA), New Hampshire (NHDPA), New Jersey (NJDPA), Tennessee (TIPA), Minnesota (MCDPA), Maryland (MODPA), Rhode Island (DTPPA), Indiana (CDPA), Montana (MCDPA), and other states with comprehensive consumer privacy laws have rights substantially similar to those described above — including the rights to know, access, correct, delete, and opt out of targeted advertising, sale of personal data, or certain profiling. To exercise any of these rights, email the address above using the same process. We will respond within the timeframe required by your state's law (typically 45 days, extendable by 45 days for complex requests).

Right to appeal: If we deny your privacy rights request, you may appeal our decision by replying to our denial email within 60 days. We will review your appeal and respond with a written explanation within 45 days. If your appeal is denied, you may contact your state Attorney General.

Global Privacy Control (GPC): We recognize Global Privacy Control browser signals. Because we do not sell or share personal information for cross-context behavioral advertising, GPC signals require no additional action from us — your data is already not used for those purposes.

No automated significant decisions: ProScaper uses AI to identify plants, pests, and weeds and to suggest care products and treatments. These are not automated decisions about you as a person and do not produce legal or similarly significant effects on you.

ProScaper is designed for professional use and is not intended for children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will promptly delete it.

The Service may contain links to third-party websites, including product pages on SiteOne Landscape Supply (siteone.com). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

ProScaper is operated from the United States and is offered exclusively to users located in the United States. We do not target, market, or knowingly provide the Service to users outside the US, and the Service is not designed to comply with the GDPR, UK-GDPR, PIPEDA, or other non-US data protection frameworks. If you are accessing the Service from outside the United States, please discontinue use.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and updating the effective date above. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at:

privacy@proscaper.com