Privacy Policy
Effective Date: 8 May 2025
Last Updated: 8 May 2025
1. Introduction
Banjo Tech, LLC ("Banjo Tech," "we," "our," or "us") is a Tennessee-domiciled company that owns and operates the digital products NativePlants.ai and Lingivo.ai (collectively, the "Services").
Protecting your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard information about visitors and users ("you") of our websites, mobile applications, and any related services.
If you have any questions, please contact our Data Protection Officer at privacy@banjotech.co.
2. Scope
This Policy applies to all personal data we process when you:
- visit banjotech.co, nativeplants.ai, lingivo.ai, or associated sub-domains;
- create or use an account within our mobile or web applications;
- communicate with us via email, support channels, or social media; or
- otherwise interact with any Service that links to this Policy.
3. Information We Collect
| Category | Examples | Source | Purpose | GDPR Legal Basis* |
|---|---|---|---|---|
| Account & Identity Data | Name, email, phone, postal address, username | You | Create & maintain account; customer support | Contract |
| Credentials | Passwords (stored/encrypted by Supabase & AWS Cognito; we can't read them) | You / Auth provider | Secure authentication | Contract |
| Payment & Subscription Data | Purchase tokens, subscription status, receipt IDs (from Apple, Google Play, RevenueCat; Stripe in future) | App stores / payment processors | Process payments; tax & accounting | Contract; Legal obligation |
| Usage & Device Data | IP address, device ID, OS version, browser, interaction events, crash logs | Automated (Google Analytics, Firebase) | Service delivery; analytics; fraud detection | Legitimate interests |
| Content You Provide | Landscape photos, garden images, house images (NativePlants); real-time text/voice content (Lingivo) | You | Core functionality (AI design / translation) | Contract |
| Marketing Preferences | Opt-in status for emails & notifications | You | Send promos & news | Consent |
*See §8 for full GDPR legal-basis mapping.
4. How We Use Your Information
We process personal data to:
- Provide and operate the Services (create accounts, personalize content, translate text/voice, generate plant designs).
- Process purchases and manage subscriptions via Apple, Google Play, RevenueCat, and Stripe.
- Maintain safety and security (prevent fraud, ensure availability, debug, and protect against threats).
- Improve and develop new features through analytics, aggregated statistics, and user feedback.
- Send transactional & marketing communications (service updates, newsletters, promotions) when you opt in.
- Comply with legal obligations (tax, accounting, court orders) and enforce our Terms of Service.
5. Cookies & Similar Technologies
We use first-party and third-party cookies, SDKs, and local-storage technologies for:
- authentication and session management;
- analytics (Google Analytics, Firebase Analytics);
- remembering user preferences.
You can manage cookies in your browser or device settings. Where required, we obtain your consent for non-essential cookies.
6. Sharing & Disclosure
We share data only with trusted providers that enable our business. They may process data solely on our instructions and under confidentiality agreements:
| Category | Vendors (illustrative) | Purpose |
|---|---|---|
| Cloud infrastructure | Amazon Web Services (AWS) (us-east-2, us-west-2) | Hosting, storage, databases |
| Authentication | Supabase, AWS Cognito | Account sign-in and security |
| Payments & subscriptions | Apple App Store, Google Play, RevenueCat, Stripe | Payment processing |
| Analytics & crash reporting | Google Analytics, Firebase | Usage statistics, diagnostics |
| AI & communications | OpenAI / Amazon Bedrock, LiveKit, Twilio | AI inference, real-time voice/video |
| Email messaging | SendGrid (Twilio SendGrid) | Transactional & marketing emails |
| Security & testing | Pen-test & audit partners (as needed) | Security assurance |
We do not sell or share personal data for cross-context behavioral advertising as defined by California law.
We may disclose information if required by law, to protect our rights or users, or in connection with a merger, acquisition, or asset sale.
7. International Data Transfers
We and many of our providers are located in the United States. For users in the EEA, UK, or Switzerland, transfers outside those regions are made under:
- the Standard Contractual Clauses (SCCs) approved by the European Commission (and UK Addendum), as incorporated in AWS, Google, and other vendor agreements; and/or
- vendors' participation in the EU–US Data Privacy Framework where applicable.
8. GDPR Legal Bases
| Purpose | Legal Basis |
|---|---|
| Account registration, authentication, core functionality | Contract (Art. 6 (1)(b)) |
| Payment processing | Contract |
| Security & fraud-prevention logs | Legitimate interests (Art. 6 (1)(f)) |
| Service analytics & crash logs | Legitimate interests (service improvement) |
| Marketing emails & push notifications | Consent (Art. 6 (1)(a)); you may withdraw at any time |
| Compliance with legal obligations (tax, bookkeeping) | Legal obligation (Art. 6 (1)(c)) |
9. Your Rights
Depending on where you live, you may have the right to:
- Access, correct, or delete personal data
- Object to or restrict processing
- Port data to another service
- Withdraw consent (for marketing, cookies, etc.)
- Lodge a complaint with your supervisory authority
How to exercise:Email privacy@banjotech.co from the address associated with your account. We will respond within 30 days (or the timeframe required by law).
10. Data Retention
We retain personal data for the life of your account plus 12 months, unless a longer period is required by law or necessary to resolve disputes, enforce agreements, or protect our legal rights. After the retention period, data is securely deleted or anonymized.
11. Security
We employ industry-standard safeguards:
- TLS encryption in transit; AES-256 at rest
- Network segmentation and principle-of-least-privilege access
- Multi-factor authentication for administrative systems
- Regular vulnerability scans, penetration tests, and third-party security audits
No method of transmission or storage is 100% secure, but we continuously strive to protect your data.
12. Children's Privacy
Our Services are not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, please contact privacy@banjotech.co and we will delete it.
13. Links & Third-Party Content
Our sites may link to external websites or services we do not operate. This Policy does not apply to those third parties. Please review their privacy notices.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email and/or an in-app banner at least 14 days before the new terms take effect. The "Last updated" date at the top will always reflect the latest version.
15. Contact Us
Banjo Tech, LLC
Attn: Data Protection Officer
Email: privacy@banjotech.co
Tennessee, USA
If you are in the EEA or UK and feel we have not resolved your concern, you may lodge a complaint with your local supervisory authority (e.g., the Irish Data Protection Commission or the UK ICO).
Thank you for trusting Banjo Tech with your data. We're committed to safeguarding your privacy while delivering innovative digital experiences.