Privacy Policy
Last updated: 19 April 2026
This Privacy Policy explains how tended ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the tended web application at tended.green (the "Service"). We are committed to handling your data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
tended is a UK-based garden management service. If you have any questions about this policy or how we handle your data, please contact us at [email protected].
2. What data we collect
| Category | Examples | Why we collect it |
|---|---|---|
| Account data | Name, email address, login method | To create and manage your account |
| Garden data | Garden name, location, soil type, sun exposure | To generate personalised monthly tasks and care advice |
| Plant data | Plants you add, care notes, task completions | To power your plant catalogue and task list |
| Usage data | Pages visited, features used, session duration | To understand how the app is used and improve it |
| Device data | Browser type, operating system, IP address | For security, fraud prevention, and analytics |
| Communications | Emails you send us, waitlist submissions | To respond to enquiries and manage the waitlist |
| Push notification tokens | Browser push subscription endpoint | To send you optional garden reminders |
We do not collect payment card data at this time.
3. How we use your data
We use your data to:
- Provide and personalise the Service, including generating monthly garden tasks based on your location and plant list.
- Send transactional emails (account confirmation, password reset, invite code notifications).
- Send optional push notifications for garden reminders (only if you have opted in).
- Analyse usage patterns to improve the Service, using aggregated and anonymised data where possible.
- Comply with legal obligations.
We do not sell your personal data to third parties, and we do not use it for automated decision-making that produces legal or similarly significant effects.
4. Legal basis for processing
| Purpose | Legal basis |
|---|---|
| Providing the Service | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Analytics and improvement | Legitimate interests (UK GDPR Art. 6(1)(f)), subject to your cookie consent |
| Marketing communications | Consent (UK GDPR Art. 6(1)(a)) |
| Legal compliance | Legal obligation (UK GDPR Art. 6(1)(c)) |
5. Cookies and tracking
We use cookies and similar technologies. Please see our Cookie Policy for full details. You can manage your preferences at any time from your account settings.
6. Third-party services
| Service | Purpose | Privacy policy |
|---|---|---|
| Google (OAuth) | Sign-in with Google | google.com/privacy |
| Google Tag Manager | Tag and analytics management | google.com/privacy |
| Google Analytics (via GTM) | Usage analytics | google.com/privacy |
| Resend | Transactional email delivery | resend.com/privacy |
| Manus (hosting) | Application hosting and infrastructure | manus.im |
7. Data retention
We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons.
Usage logs and analytics data are retained in aggregated, anonymised form indefinitely.
8. Data transfers
Your data may be processed outside the UK by the third-party services listed above. Where this occurs, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or adequacy decisions.
9. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten"), subject to legal retention obligations.
- Restrict processing in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interests.
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at [email protected]. We will respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
10. Security
We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and access controls. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
11. Children
tended is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by email or via an in-app notice. The "last updated" date at the top of this page will always reflect the most recent version.