Privacy Policy

Effective date: April 1, 2026  ·  Last updated: April 5, 2026

1. Who We Are and How to Contact Us

The data controller for the purposes of GDPR and applicable privacy laws is:

• Company: TreeCodex
• Privacy contact: hello@treecodex.com
• In-app: Profile → Settings → Contact Support

For all data access requests, deletion requests, or privacy complaints, email us at the address above. We will respond within 30 days.

2. Information We Collect

2.1 Information You Provide Directly

• Account details: full name, email address, and password (stored as a one-way bcrypt hash — we cannot read it)
• Profile information: avatar photo, chosen display name, and the role you select (User, Farmer/Planter, NGO, Enterprise, or Ambassador)
• Carbon tracking data: flight routes (origin/destination airports, cabin class), vehicle trips (distance, vehicle type, fuel type), and food/diet activities you voluntarily enter to calculate your carbon footprint
• GPS coordinates for tree planting proof: when acting as a Planter, you submit precise GPS latitude/longitude coordinates and photos as proof that a tree has been physically planted. This data becomes part of the permanent public environmental record attached to that tree
• Payment information: all card and payment details are entered directly into Stripe's secure form. We never see, store, or process your full card number, CVV, or bank account details on our servers. We retain only a Stripe customer ID and the last 4 digits of a card for display purposes
• Role-specific information:
  • Planter (Farmer): government-issued ID for identity verification, bank account details submitted to Stripe for payouts, proof-of-planting photos
  • NGO: organisation name, registration number, project descriptions, project GPS boundaries
  • Enterprise: company name, billing address, team member emails, ESG reporting preferences
  • Ambassador: referral campaign details, payment/payout preferences via Stripe
• Social content: posts, comments, photos, and reactions you publish on the in-app social feed
• Support communications: messages you send us via in-app support or email

2.2 Information Collected Automatically

• Device and app data: device type, operating system version, app version, and unique installation identifiers
• Usage analytics: screens visited, features used, session duration, and in-app events. This data is aggregated and pseudonymised
• Push notification tokens: a device token used to deliver push notifications about tree updates, payment confirmations, and account activity. You can revoke this at any time in your device settings
• Crash and error data (Sentry): anonymised stack traces and error logs to maintain app stability. No personal identifying information is included in crash reports
• Approximate location: only when you explicitly grant location permission. Precise GPS is requested only during Planter proof-submission flows

2.3 Information Processed by AI Features

TreeCodex uses an AI chat assistant powered by Anthropic's Claude API to help you calculate your carbon footprint, find tree planting projects, and navigate the app. When you use the AI chat feature:

• The text of your chat messages is sent to Anthropic's API to generate a response
• Relevant context (your current carbon activity, selected flight route, or role) may be included in the API call to produce an accurate answer
• We do not send your name, email, payment data, or account credentials to Anthropic
• Anthropic does not use API inputs to train its models by default. See Anthropic's Privacy Policy for details
• Chat history is stored in our database (Supabase) under your account so you can review past conversations

2.4 What We Do NOT Collect

• We do not collect precise location data in the background — only when you are actively using a GPS-dependent feature and have granted permission
• We do not access your contacts, microphone, or camera roll without explicit in-context permission for a specific feature
• We do not collect biometric data
• We do not use advertising cookies or third-party tracking pixels
• We do not sell, rent, or trade your personal information to third parties for marketing purposes
• We do not use your data for targeted advertising

3. How We Use Your Information

Purpose	Data Used	Legal Basis (GDPR)
Create and manage your account	Name, email, password, role	Contract performance
Calculate your carbon footprint	Flight routes, vehicle trips, food data	Contract performance
Process tree planting purchases	Stripe payment token, order details	Contract performance
Verify GPS tree planting proof	GPS coordinates, photos (Planters)	Contract performance / Legitimate interest
Pay Planters and Ambassadors	Stripe payout account (Connect)	Contract performance
Deliver push notifications	Device push token	Consent
Power AI chat responses	Chat message text, relevant context	Contract performance / Legitimate interest
Run in-app analytics and improve the Service	Usage events (pseudonymised)	Legitimate interest
Maintain app stability (crash monitoring)	Anonymised error logs	Legitimate interest
Send transactional emails (receipts, OTP, verification)	Email address	Contract performance
Build the public environmental tree record	GPS coordinates, species, CO₂ data (no personal name unless you opt in)	Legitimate interest / Public interest
Comply with financial and legal obligations	Payment and identity records	Legal obligation

4. Data Sharing and Third-Party Services

We share your information only where strictly necessary to operate the Service or comply with the law. We do not sell your personal data.

Third Party	Purpose	Data Shared	Privacy Policy
Stripe	Payment processing and Planter/Ambassador payouts (Stripe Connect)	Payment token, payout bank details (Planters/Ambassadors)	stripe.com/privacy
Supabase	Database, authentication, and file storage (hosted on AWS)	All account and app data	supabase.com/privacy
Anthropic (Claude)	AI chat assistant	Chat message text + contextual app data (no name/email/payment)	anthropic.com/privacy
Sentry	Crash and error monitoring	Anonymised stack traces (no personal data)	sentry.io/privacy
Netlify	Website and API hosting	Server logs (IP address, request metadata)	netlify.com/privacy

Additionally, the following limited disclosures may occur:

• Public tree pages: when you fund or plant a tree, your display name (not your email) may appear on the public tree page (treecodex.app/tree/TC-XXXXX) as a contributor. You can opt out in your profile settings
• NGO project listings: NGO organisation names and project descriptions are public on the platform
• Legal requirements: we may disclose your information if required by law, court order, or a valid governmental authority request
• Business transfers: if TreeCodex is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before this occurs and your rights under this policy will continue to apply

5. Data Storage and Security

• All data is stored on Supabase's cloud infrastructure, which runs on AWS data centres with encryption at rest (AES-256)
• All data in transit is encrypted using TLS 1.2 or higher
• Passwords are hashed with bcrypt and salted — we cannot retrieve or read your password
• Payment card data is processed and stored exclusively by Stripe (PCI DSS Level 1 certified). Card details never pass through or touch our servers
• Row-level security (RLS) policies in Supabase ensure each user can access only their own data
• Access to production systems is restricted to authorised personnel and protected by multi-factor authentication
• We conduct regular security reviews and promptly patch known vulnerabilities

No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you become aware of a security issue, please contact us immediately at hello@treecodex.com.

6. Data Retention

• Active accounts: data is retained for as long as your account is active and for a reasonable period thereafter to resolve disputes and enforce agreements
• Deleted accounts: personal identifying information (name, email, avatar, carbon logs, chat history) is permanently deleted within 30 days of account deletion. Anonymised tree planting records (GPS coordinates, species, CO₂ sequestration data) are retained permanently as part of the public environmental record and cannot be deleted
• Payment and financial records: retained for 7 years to comply with financial regulations, even after account deletion
• Planter identity verification documents: retained for 5 years after the last transaction per anti-money-laundering (AML) obligations, then securely deleted
• Push notification tokens: deleted when you disable notifications or delete your account
• Crash logs (Sentry): automatically purged after 90 days
• Usage analytics data: retained for up to 14 months

7. Your Privacy Rights

We respect your rights over your personal data. Depending on your location, you have the following rights:

7.1 Rights Available to All Users

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: correct inaccurate or incomplete data
• Right to deletion (erasure): request that we delete your account and personal data. You can do this directly in the app: Profile → Settings → Delete Account. Deletion is processed within 30 days. Anonymised environmental records and legally required financial records are retained as described in Section 6
• Right to data portability: receive your personal data in a structured, machine-readable format (JSON or CSV)
• Right to withdraw consent: where processing is based on consent (e.g., push notifications, AI chat), you may withdraw consent at any time without affecting the lawfulness of prior processing

7.2 European Economic Area, UK, and Switzerland (GDPR / UK GDPR)

In addition to the rights above:

• Right to restrict processing: ask us to pause processing of your data while a dispute is resolved
• Right to object: object to processing based on legitimate interest (including profiling). We will stop unless we can demonstrate compelling legitimate grounds
• Right to lodge a complaint: you have the right to file a complaint with your local Data Protection Authority (DPA). For EU residents, find your DPA at edpb.europa.eu. For UK residents, contact the ICO

7.3 California Residents (CCPA / CPRA)

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom it is shared
• Right to delete: request deletion of personal information we have collected from you (subject to certain exceptions)
• Right to correct: request correction of inaccurate personal information
• Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioural advertising. This right is therefore satisfied by default
• Right to limit use of sensitive personal information: we use sensitive personal information (e.g., precise GPS location, government ID for Planters) only to provide the specific feature requiring it
• Right to non-discrimination: we will not discriminate against you for exercising any of these rights

California residents may submit a verifiable consumer request by emailing hello@treecodex.com with the subject line "CCPA Request." We will respond within 45 days.

7.4 How to Exercise Your Rights

For all privacy rights requests:

• Delete account in-app: Profile → Settings → Delete Account (fastest method)
• Email: hello@treecodex.com — include your name, the email associated with your account, and describe your request
• We will verify your identity before processing any request and respond within 30 days (45 days for CCPA requests)

8. International Data Transfers

TreeCodex is an international operation. Your data may be processed in countries outside your country of residence, including the United States, where our infrastructure providers (Supabase/AWS, Anthropic, Stripe) operate.

For transfers of personal data from the EEA, UK, or Switzerland to countries that do not provide an equivalent level of data protection, we rely on appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Agreement (IDTA) where applicable
• Adequacy decisions where available

9. Children's Privacy

TreeCodex is not directed at children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children below these ages. If you are a parent or guardian and believe your child has created an account or provided us with personal data, please contact us immediately at hello@treecodex.com and we will delete the information promptly.

10. Push Notifications

With your consent, we send push notifications for:

• Tree planting updates (funding milestones, planting confirmation, proof verification)
• Payment receipts and payout confirmations
• Account activity alerts (login from new device, OTP codes)
• Optional: social feed activity and impact milestones

You can disable push notifications at any time in your device settings (iOS: Settings → Notifications → TreeCodex; Android: Settings → Apps → TreeCodex → Notifications). Disabling notifications does not affect your ability to use any other feature of the Service.

11. GPS and Location Data

Precise GPS location is only requested in the following specific circumstances:

• Planters submitting proof: GPS coordinates are captured at the moment of photo submission to verify the physical location of a planted tree. These coordinates are attached permanently to the tree record and are part of the public environmental dataset
• Map features: if you browse tree locations on the map, approximate location may be used to centre the map. This is not stored

We never collect location data in the background. The app requests location permission only when you initiate a GPS-dependent feature, and you can deny or revoke location permission at any time in your device settings.

12. AI Chat and Carbon Calculator

The AI chat assistant and carbon calculator are powered by Anthropic's Claude API. To provide accurate, contextual responses:

• Your chat messages and relevant activity context are transmitted to Anthropic's API servers over encrypted connections
• We minimise data sent — only what is necessary to answer your question is included
• Anthropic processes this data as a data processor acting on our instructions and does not use API data to train its models by default
• Emission factors used in carbon calculations are drawn from official datasets (ICAO, DEFRA) loaded as data packages — not hardcoded values

13. Cookies and Web Tracking

Our website (treecodex.app) uses only essential, functional cookies necessary for the site to operate (e.g., session management). We do not use:

• Advertising or retargeting cookies
• Third-party tracking pixels or social media trackers
• Cross-site behavioural profiling

The mobile app does not use browser cookies. Usage analytics in the app uses pseudonymised device identifiers, not cookies.

14. Third-Party Links

The Service may contain links to third-party websites, NGO profiles, or external resources. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, applicable law, or our practices. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send an in-app notification and/or email to registered users at least 14 days before the changes take effect

Continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree with any changes, you may delete your account before the effective date.

16. Contact Us

For privacy questions, data requests, or concerns, contact us at:

• Email: hello@treecodex.com
• Subject line for data requests: "Privacy Request — [your account email]"
• In-app: Profile → Settings → Contact Support
• Response time: within 30 days (45 days for CCPA requests)