悟る · satoru

Privacy Policy

Effective May 31, 2026

This policy explains what data Satoru collects, how we use it, and the choices you have. We collect only what we need to run the service, and we treat your cultivation data as sensitive. We do not sell your personal information.

1. Information we collect

  • Account — your email address and an encrypted password (managed by our auth provider; we never see your plaintext password).
  • Grow data you enter — plants, strains, stages, log entries (feed/water/notes), harvests, reminders, and any costs you record.
  • Photos & video frames — images you upload for diagnosis or strain reads. These are stored in your private, access-controlled storage and sent to our AI provider to produce the analysis.
  • Sensor & environment readings — values you log manually or that sync from a sensor you connect (VPD, temperature, humidity, CO₂, etc.).
  • Limited technical data — for the public no-signup demo, we record a coarse request count per IP address to prevent abuse; standard server logs may capture IP and request metadata.

We do not ask for or want government IDs, payment card numbers (those go directly to our payment processor), or any data about cannabis purchase, sale, or consumption.

2. How we use it

  • To provide the service — diagnoses, blueprints, forecasts, analytics, reminders, and grow reports.
  • To improve the service through aggregated, anonymized insights (e.g. average yields or learned setpoints for a strain across many grows). These aggregates never expose your individual grows or identify you.
  • To communicate with you — transactional email (password resets, billing) and, only if you opt in, a daily bring-back digest you can turn off any time in Settings.
  • To keep the service secure and prevent abuse.

3. Service providers

We rely on a small set of processors who handle data on our behalf under their own security and privacy commitments: cloud hosting and database, AI image analysis (for diagnoses and strain reads), transactional email delivery, and payment processing for paid plans. We share with them only what each needs to perform its function. Our AI provider processes your photos to return an analysis and, per its API terms, does not use that content to train its models. We do not sellyour personal information, and we do not “sell” or “share” it as those terms are defined under California law (CCPA/CPRA). We do not use your data for cross-context behavioral advertising.

4. Cookies & local storage

We use a session cookie to keep you signed in, a cookie to rate-limit the public demo, and your browser's local storage for preferences such as theme and one-time UI state. We do not use third-party advertising or cross-site tracking cookies.

5. Data retention

We keep your account and grow data for as long as your account is active. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain limited records to comply with law or resolve disputes. Aggregated, anonymized statistics that cannot identify you may persist.

6. Your choices & rights

You can view and edit your grow data in the app at any time, turn the email digest on or off in Settings, and download a full copy of your data (Settings → Your data → Export). You can request deletion of your account and data by contacting us. California residents have rights under the CCPA/CPRA — to know, access, correct, delete, and opt out of the sale or sharing of personal information (we do not sell or share it) — and will not be discriminated against for exercising them. We voluntarily extend the same core rights — access, correction, deletion, and portability — to residents of New York and every other U.S. state on request, and we honor rights granted by any applicable state privacy law as those laws take effect.

7. Security

Data is encrypted in transit and at rest; especially sensitive secrets, such as third-party sensor API keys, are additionally encrypted at the application layer with a key held outside the database. Photos are stored behind per-user access controls, and database access is governed by row-level security so users can only reach their own records. We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information, consistent with laws such as New York's SHIELD Act. No system is perfectly secure, but we work to protect your information and limit who can access it. In the event of a data breach affecting your personal information, we will notify affected users and any authorities as required by applicable law. If you believe you've found a security vulnerability, please see our Security & Vulnerability Disclosure page.

8. Children

Satoru is restricted to adults of legal cultivation age (at least 21). It is not directed to and may not be used by minors, and we do not knowingly collect data from anyone under that age.

9. Changes & contact

We may update this policy; material changes will be reflected in the effective date above. Questions or requests about your data can be sent to phil@growsatoru.com.

This document is a starting template and not a substitute for advice from qualified privacy counsel. Have an attorney review it before relying on it.

© 2026 Satoru. All rights reserved.

Terms of Service← Back to sign in