Privacy Policy
Last updated: March 1, 2026
1. Introduction
BonsaiHub ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform.
2. Information We Collect
We collect the following categories of personal data:
- Account information: Your name, email address, and username when you register for an account.
- Authentication data: Passwords (stored as secure hashes) and OAuth provider identifiers if you sign in via Google or GitHub.
- User-generated content: Photos, journal entries, tree records, gallery descriptions, and other content you create on the platform.
- Technical data: IP addresses, browser type, device information, and access timestamps collected automatically when you use the service.
- Preferences: Your display preferences, notification settings, and feature flag assignments.
3. How We Use Your Information
We use your personal data to:
- Provide, maintain, and improve the BonsaiHub platform.
- Authenticate your identity and manage your account.
- Send transactional emails (e.g., email verification, password resets).
- Enable community features such as clubs, events, and photo galleries.
- Monitor and protect the security and integrity of the platform.
- Comply with legal obligations and enforce our Terms of Service.
4. IP Address Storage
We store IP addresses in session records and admin audit logs for security purposes. IP addresses are used to detect unauthorized access, prevent abuse, and investigate security incidents. IP addresses in logs are automatically redacted in application-level logging output but retained in database records for the duration described in the retention section below.
5. Third-Party Services
We share your data with the following third-party service providers, solely for the purposes of operating the platform:
- Resend: Transactional email delivery (receives your email address for sending verification and notification emails).
- Amazon S3 (or S3-compatible storage): Storage of uploaded photos and media files.
- Google & GitHub (OAuth): If you choose to sign in via a social provider, we receive your name, email, and profile identifier from that provider.
- Neon (PostgreSQL): Cloud database hosting in production environments. Your data is stored in Neon-managed PostgreSQL databases.
We do not sell your personal data to third parties. We do not use your data for advertising or marketing purposes beyond our own service communications.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:
- Account data: Retained until you delete your account.
- Session data: Active sessions expire and are cleaned up periodically. IP addresses in sessions are retained for the session lifetime.
- Audit logs: Retained for up to 12 months for security and compliance purposes.
- User content: Retained until you delete it or your account is terminated.
Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to certain processing of your data.
To exercise any of these rights, please contact us at the email address listed below.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (HTTPS/TLS), secure password hashing, PII redaction in application logs, and access controls. However, no method of transmission over the internet is 100% secure.
9. Children's Privacy
BonsaiHub is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are between 13 and 16, you must have parental consent to use this service. If we become aware that we have collected data from a child under 13, we will take steps to delete that information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of BonsaiHub after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us via our GitHub Issues page.
See also: Terms of Service | Community Guidelines