Back to Cresco

Privacy Policy

Last updated: March 18, 2026

Cresco Pruning is operated by No Problem Software, based in the Netherlands. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the Dutch implementation thereof (UAVG). We act as the data controller for all personal data described in this policy.

1. Who We Are

Controller: No Problem Software
Country: Netherlands
Contact: info+cresco@noproblem.software

If you have questions about how we handle your personal data, you can reach us at the address above at any time.

2. Data We Collect

We collect the following categories of personal data when you use Cresco:

Account data

  • Email address and display name (provided at sign-up or via Google Sign-In)
  • Authentication identifiers (Firebase UID)

Garden data

  • Plant names, types, and care notes you enter
  • Photos of plants you upload for AI identification
  • Pruning history and task completion records

Location data

  • Your approximate location (city/region), if you enable weather-based advice — used solely to fetch local weather conditions

Subscription and payment data

  • Subscription status and entitlement information (managed by RevenueCat)
  • Payment processing is handled entirely by Stripe, Apple, or Google — we never receive or store your card details

Technical data

  • Device type and operating system (for crash reporting and compatibility)
  • App version and session identifiers
  • Server logs (IP address, request path, timestamp) — retained for up to 30 days

3. Legal Basis for Processing (GDPR Art. 6)

We only process your personal data when we have a lawful basis to do so:

a

Contract (Art. 6(1)(b)): Processing necessary to provide the Service you signed up for — account management, storing your garden data, generating pruning schedules.

b

Legitimate interests (Art. 6(1)(f)): Server logging for security and abuse prevention, aggregate analytics to improve the Service.

c

Consent (Art. 6(1)(a)): Location access for weather features — you can withdraw consent at any time in your device settings.

d

Legal obligation (Art. 6(1)(c)): Retaining transaction records as required by Dutch tax law (7 years).

4. How We Use Your Data

  • To create and manage your account
  • To store your garden and generate personalised pruning schedules
  • To pass plant photos and descriptions to our AI provider (Google Gemini) for identification and advice
  • To fetch local weather data based on your chosen location
  • To manage your subscription and process payments
  • To send transactional emails (account verification, subscription receipts)
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

We do not sell your personal data, use it for advertising, or share it with third parties beyond what is described in this policy.

5. Third-Party Processors

We use the following sub-processors to operate the Service. Each has been assessed for GDPR compliance and processes data only on our behalf and under our instructions:

Processor Purpose Location
Google Firebase Authentication, database, hosting EU / US
Google Gemini AI Plant identification, pruning advice US
RevenueCat Subscription management US
Stripe Payment processing US / EU
Apple / Google In-app purchases US

Where processors are located outside the EU/EEA (primarily the United States), transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, or the processor participates in an equivalent adequacy framework.

6. Data Retention

  • Account and garden data: Retained for as long as your account is active. Deleted within 30 days of account deletion.
  • Plant photos: Processed in real time by the AI and not stored beyond the session unless you explicitly save the plant.
  • Server logs: Retained for 30 days for security purposes, then automatically deleted.
  • Transaction records: Retained for 7 years as required by Dutch tax law (Belastingdienst).

7. Your Rights Under GDPR

As a data subject under the GDPR you have the following rights. To exercise any of them, contact us at info+cresco@noproblem.software. We will respond within 30 days.

Right of access (Art. 15): You can request a copy of all personal data we hold about you.

Right to rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to restriction (Art. 18): You can ask us to limit how we process your data in certain circumstances.

Right to data portability (Art. 20): You can request your data in a structured, machine-readable format. You can also export your garden data directly from the app.

Right to object (Art. 21): You can object to processing based on legitimate interests. We will stop unless we have compelling grounds that override your interests.

Right to withdraw consent (Art. 7(3)): Where processing is based on consent (e.g. location), you can withdraw at any time without affecting prior processing.

8. Right to Lodge a Complaint

If you believe we are handling your personal data unlawfully, you have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens (AP)

Website: autoriteitpersoonsgegevens.nl

Phone: +31 (0)70 888 85 00

We encourage you to contact us first so we can resolve any concern directly.

9. Cookies and Tracking

The Cresco web app uses the following browser storage:

  • Strictly necessary cookies: Firebase authentication session tokens required for the app to function. No consent required.
  • Local storage: App preferences (language, sort order) stored locally on your device — never transmitted to our servers.

We do not use advertising cookies, third-party tracking cookies, or analytics that profile individual users.

10. Children's Privacy

The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS/TLS), Firebase security rules restricting data access to authenticated users, and regular review of access permissions. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notification and update the "Last updated" date at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact

For any privacy-related questions or to exercise your rights, contact us at:
info+cresco@noproblem.software

We aim to respond to all requests within 30 days as required by GDPR.