Seedtojar
fr es it pl
Sign in Register

Privacy Policy

Last updated: April 2026

We appreciate your interest in our homesteading application Seedtojar. The protection of your personal data is of great importance to us. Below, we inform you about the processing of your data in accordance with the GDPR.

I. Definitions

  1. Personal data means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).
  2. Processing means any operation performed on personal data, such as collection, recording, storage, use, or erasure (Art. 4(2) GDPR).
  3. Controller means the natural or legal person who determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).

II. Controller

Zerocom GmbH
Nelkenstr. 9
52134 Herzogenrath
Email: [email protected]
Data protection: [email protected]

III. Legal Bases for Processing

  • Consent (Art. 6(1)(a) GDPR) — e.g. for optional features
  • Performance of a contract (Art. 6(1)(b) GDPR) — for providing the app's functionality
  • Legal obligation (Art. 6(1)(c) GDPR) — e.g. tax record retention requirements
  • Legitimate interest (Art. 6(1)(f) GDPR) — e.g. IT security, abuse prevention

IV. Your Rights

You have the right at any time to:

  • Access your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw a given consent (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact us at [email protected].

V. Individual Processing Operations

1. Hosting

Our application is hosted on servers operated by Hetzner Online GmbH in Germany. Each time you access the service, server log files are collected (IP address, timestamp, page accessed, browser). These are deleted after 14 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure service provision).

2. Registration and User Account

During registration, we collect:

  • First name and last name
  • Email address
  • Password (stored as a bcrypt hash, not in plain text)
  • Selected climate zone

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3. Garden and Inventory Data

In the course of using the app, we process the data you enter:

  • Gardens, beds, and plantings
  • Harvest records (plant, quantity, date)
  • Preservation logs (method, ingredients, temperature, duration)
  • Stock items (name, quantity, best-before date, storage location, QR code)
  • Seed inventory
  • Consumption logs
  • Photos of harvests and stock items

This data is processed exclusively for the purpose of providing the contractually agreed service and is not shared with third parties.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

4. Payment Processing (Stripe)

For paid subscriptions, we use Stripe, Inc. as our payment processor. The following data is transmitted to Stripe:

  • Email address
  • Selected plan
  • Payment details (processed directly by Stripe, not stored on our servers)

Stripe is PCI DSS Level 1 certified. For more information: Stripe Privacy Policy

Legal basis: Art. 6(1)(b) GDPR.

5. Offline Storage (PWA)

Our app functions as a Progressive Web App (PWA). Data is stored locally on your device in an IndexedDB to enable offline use in the garden and cellar. This data does not leave your device until synchronisation with our servers occurs.

6. Email Communication

We send transactional emails (registration confirmation, password reset, best-before date reminders) via an email service provider. The following data is transmitted to the provider:

  • Recipient's email address
  • First name (for personalised greetings)
  • Email content

No marketing emails are sent without your explicit consent.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

7. Error Monitoring (Sentry)

For the detection and resolution of application errors, we use Sentry. Technical data such as error messages, browser version, and anonymised IP addresses may be transmitted. No personal usage data is sent to Sentry.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in error resolution).

VI. Cookies

We use only technically necessary cookies:

  • Session cookie — for authentication, deleted when the browser is closed
  • Remember-me cookie — only if you select "Stay logged in", valid for 7 days
  • CSRF cookie — for protection against cross-site request forgery

We do not use tracking cookies, Google Analytics, or advertising cookies.

VII. Data Security

  • All data transfers are encrypted via TLS/HTTPS
  • Passwords are stored exclusively as bcrypt hashes
  • Servers are located in data centres in Germany (Hetzner, Falkenstein)
  • Regular encrypted backups
  • UUIDs instead of database IDs in all URLs

VIII. Retention Period and Deletion

Your data is retained for as long as your user account exists. Upon deletion of your account, all personal data will be erased within 30 days, unless statutory retention obligations apply.

IX. No Disclosure to Third Parties

We do not share your data with third parties. Data is only transmitted:

  • To Stripe for payment processing (see Section V.4)
  • To the email service provider for transactional emails (see Section V.6)
  • To Sentry for error monitoring (see Section V.7)
  • When you export data yourself (PDF/CSV export)
  • When required by law (court order)

Last updated: April 2026