← Back to home

Privacy Policy

Last updated: 2026-04-17

Planted Privacy Policy

Effective Date: April 17, 2026 Last Updated: April 17, 2026

This Privacy Policy explains how Life of Adventure and Change, LLC, a Utah limited liability company with a mailing address at 2336 North Point St, San Francisco, CA 94123 ("Company," "Planted," "we," "us," or "our"), collects, uses, and protects information about you when you use our web-based product, Planted (the "Service").

This policy applies to U.S. residents only. The Service is not offered outside the United States and is not intended for anyone under 18.

1. Who We Are and How to Contact Us

Life of Adventure and Change, LLC 2336 North Point St, San Francisco, CA 94123 EIN: 87-3612741

Email: support@getplanted.health

For any privacy question, rights request, legal notice, or complaint, email us at support@getplanted.health. We respond within the timeframes required by applicable law.

2. Data We Collect and How

Information you provide directly

  • Account profile. Name, email address, and profile photo, obtained when you sign in with Google OAuth.
  • Your profile document. A user-facing profile you may edit, summarizing your context, goals, and preferences for the AI coaches.
  • Conversation content. Transcripts of your voice and text conversations with AI coaches, including any check-ins, reflections, or notes you submit.
  • Communications. Messages you send us (for example, support emails).

Information from Google OAuth

When you sign in with Google, we request the OAuth scopes openid, email, and profile. Google returns your name, email address, profile photo URL, and a stable Google account identifier. We do not request access to your Gmail, Calendar, Drive, Contacts, or any other Google service, and we have no ability to read or write data in those services.

Voice and audio

If you use voice input:

  • We do not store your raw microphone audio on our servers. Our servers receive only the text transcription of your speech.
  • Transcription is performed by your web browser's built-in speech-recognition feature (the Web Speech API, exposed as SpeechRecognition or webkitSpeechRecognition). We do not contract with a speech-to-text vendor.
  • Depending on your browser, your audio may be transmitted to a third party as part of the browser's own speech-recognition service. For example, Chrome and Microsoft Edge transmit audio to Google's speech-recognition service; Safari typically transcribes on your device. That flow is controlled by your browser vendor under its own terms and privacy policy, not by us. If you are uncomfortable with this, use text input, or use a browser that performs on-device speech recognition.
  • For text-to-speech (the coach's spoken response), the Service sends the text of the coach's response — not your voice — to a third-party text-to-speech provider (within the "text-to-speech synthesis" sub-processor category described in Section 5) to synthesize the audio played back to you.
  • We do not generate, use, or store voiceprints or other biometric identifiers derived from your voice.

Information collected automatically

  • Usage metadata. Timestamps, session identifiers, and similar operational data we generate as you use the Service.
  • Device and log data. IP address, browser type and version, operating system, and error logs, as necessary to operate and secure the Service.
  • Strictly-necessary cookies and similar technologies. We use session cookies and local storage solely to keep you signed in and to maintain basic Service state. We do not use advertising cookies, marketing pixels, cross-site tracking, or SDKs from advertising networks.
  • Error monitoring / observability. We use an error-monitoring and observability sub-processor (see Section 5) to diagnose bugs and performance issues. This tool captures error stack traces, request metadata, and limited technical context. We configure it so that it is not intended to capture the content of your conversations, your profile document, or your messages to AI coaches, and we do not intentionally send that content to this sub-processor. In rare cases, short fragments of such content could appear incidentally in an error trace (for example, if a bug occurs while preparing a message for the AI). When we identify such occurrences, we scrub or delete the affected records. We do not use error-monitoring data to profile you or to build marketing audiences.

We do not run third-party marketing, advertising, or audience-building analytics.

3. How We Use Your Data

We use your data to:

  • Operate the Service — authenticate you, present your coaches, generate responses, store and retrieve your sessions and profile, and deliver text-to-speech audio playback.
  • Manage your account — support requests, account recovery, security notifications.
  • Maintain and support the Service — diagnose errors, monitor performance, and evaluate aggregate, de-identified usage metrics (such as session counts, error rates, and feature use). We do not review, analyze, or use the content of your conversations to tune prompts, train models, improve coach responses, or develop new features, except with your separate opt-in consent.
  • Surface safety resources. The Service includes a feature that analyzes conversation content for language associated with self-harm, suicidality, or acute crisis, and surfaces crisis resources (such as 988, 911, the Crisis Text Line, and the Veterans Crisis Line) in-product. This feature is a best-effort safety aid and is not a substitute for contacting emergency services yourself.
  • Communicate with you — respond to inquiries and, if you opt in, send product announcements.
  • Support Coaching Engagement clients. If you enter into a separate Coaching Engagement contract and you separately provide an express, opt-in consent to human-coach access, your human coach is granted access to your conversation content and profile document under that consent. See Terms of Service §19 and, for Washington residents, our Consumer Health Data Privacy Notice §10.
  • Comply with law and protect rights — respond to valid legal requests, enforce our Terms of Service, prevent fraud and abuse, and protect the rights, safety, and property of Company, our users, and the public.

4. Why We Process Your Data

We process the categories of information described in Section 2 in order to provide the Service you have asked us to provide under our Terms of Service, to comply with legal obligations, and to protect the security and integrity of the Service. Where we rely on your consent (for example, for optional product-improvement review of conversation content), you may withdraw consent at any time by contacting us or by closing your account; withdrawal does not affect the lawfulness of processing carried out before withdrawal. This section is provided for transparency; the Service is offered only to U.S. residents and we do not undertake GDPR obligations.

5. Sub-Processors

We rely on a small set of trusted sub-processors to operate the Service. We share only what is necessary for each to perform its role, and each is bound by contractual confidentiality and data-protection obligations. To accommodate ordinary changes to our technology stack, we describe our sub-processors by category here; a current, dated list of the specific vendors in each category is published at /subprocessors on our website.

Sub-processor categoryRoleLocation
Cloud application hostingHosts and delivers the Service (web servers, edge delivery).United States
Database and authenticationHosts our Postgres database and handles authentication / session tokens.United States
AI language model inferenceProcesses your prompts and returns the text of coach responses. See Section 6 for retention and training commitments.United States
Text-to-speech synthesisReceives the text of coach responses and returns synthesized audio. Does not receive your voice.United States
Transactional emailSends account-related email (sign-in, security, support).United States
Error monitoring / observabilityDiagnoses bugs and performance issues.United States
DNS and content deliveryRoutes and caches web traffic.United States

Changes to sub-processors. We will give at least 14 days' advance notice on /subprocessors before adding a new sub-processor that will process your consumer health data, so you can review the change and, if you object, close your account before the new sub-processor begins processing. Routine replacements of sub-processors within an existing category (for example, switching transactional-email providers) will be reflected on /subprocessors with a revised "Last Updated" date.

Google OAuth. When you sign in with Google, Google is acting as an identity provider to authenticate you; Google receives only the sign-in information necessary to complete OAuth.

We do not use advertising networks, marketing analytics vendors, or data brokers.

6. What We Do Not Do

  • We do not sell your personal information or consumer health data.
  • We do not share your data for cross-context behavioral advertising.
  • We do not disclose your data to data brokers.
  • We do not share your data with advertisers or marketing-analytics vendors.
  • We do not use your conversation content or profile document to train AI models — ours, our sub-processors', or any third party's — except with your separate, informed, opt-in consent. We have no prompt-tuning or model-evaluation pipeline that runs on real user transcripts, and we will not introduce one without obtaining opt-in consent first.
  • AI inference sub-processor commitment. Under our AI inference sub-processor's (Anthropic, PBC) standard commercial terms of service, the sub-processor may retain the prompts we send and the responses we receive for up to 30 days for abuse-monitoring and Trust & Safety purposes, after which that data is deleted. The sub-processor does not use our or your prompts or completions to train its models. We will update this description if the sub-processor's commercial terms change in a way that affects these commitments.

7. Retention and Deletion

  • Account-level data. We retain your account profile, profile document, and session transcripts for the lifetime of your account.
  • User-initiated session deletion. You may delete individual sessions at any time from within the app. Deleting a single session removes the transcript and related conversation content, but does not retroactively unwind any entries that were added to your profile document during that session. You may edit or remove profile-document entries directly in the app.
  • User-initiated account deletion. You may delete your entire account and associated data at any time through account settings or by emailing support@getplanted.health. We will honor account-deletion requests within 30 days (or sooner where required by law). We may require you to re-authenticate (for example, by completing a Google sign-in) before processing the request, to confirm the request came from the account holder.
  • Residual data. After deletion, residual copies of your data may persist briefly in automated backups maintained by our database and authentication sub-processor. We retain those backup copies only for the length of our provider's default backup-rotation cycle, which is the minimum period necessary for disaster-recovery purposes; we do not retain backups beyond that cycle and do not restore from backup except for disaster recovery. If restoration occurs, any restored copies of previously deleted data are re-deleted in the ordinary course.
  • Inactivity deletion. If you do not sign in or interact with the Service for 24 consecutive months, we will email you at the address associated with your account and, if you do not respond within 30 days, delete your account and associated data in the ordinary course.
  • Legal holds. We may retain certain data longer when required to comply with legal obligations, resolve disputes, or enforce our agreements. Any such retained data will be limited to what is necessary for the legal purpose and handled with the same safeguards described in Section 8.
  • Coaching Engagement clients. If you are or were a Coaching Engagement client and you consented to human-coach access, session transcripts and profile-document entries created while that consent was in effect may be retained by your human coach for legitimate coaching recordkeeping per the terms of your Coaching Engagement contract. That retention is separate from, and may outlast, the account-lifetime deletion described above. Withdrawing human-coach-access consent ends prospective access but does not require your coach to delete recordkeeping already made.
  • Aggregated and de-identified analytics. Aggregated and de-identified analytics — statistics that cannot reasonably be used to identify any individual — are retained indefinitely for operational reporting and are not subject to deletion requests.

8. Security

We take reasonable administrative, technical, and organizational measures to protect your data, including:

  • Encryption in transit using TLS 1.2 or higher for all communications with the Service.
  • Encryption at rest using AES-256 (or an equivalent industry-standard cipher) for our database and backups, as provided by our database and authentication sub-processor.
  • Role-based access controls that limit access to personal data to staff and contractors with a documented need to know.
  • Documented access-control and credential-management policies.
  • Authentication via Google OAuth; we do not store passwords ourselves.
  • Logging and monitoring for anomalous activity.

No system is perfectly secure. If we learn of a security incident affecting your personal data, we will notify you and regulators as required by applicable law.

9. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information (subject to legal retention requirements).
  • Port your data in a portable format.
  • Opt out of processing based on consent.
  • Appeal our denial of a rights request, where applicable law requires an appeal procedure.
  • Lodge a complaint with a supervisory authority or state regulator.

How to exercise. Email support@getplanted.health. Include (a) the right you wish to exercise, (b) the email address associated with your Planted account, and (c) enough additional information for us to verify your request.

Verification. We verify your identity by confirming control of the account email on file. For account deletion and data-portability requests, which are high-risk if processed for the wrong person, we additionally require you to confirm the request from the email address on file — by replying from that address or by completing a fresh in-app Google sign-in at our discretion. We will not discriminate against you for exercising your rights.

Response time. We respond within the timeframe required by the applicable law (typically 45 days, extendable once by 45 days with notice where reasonably necessary).

10. California Residents (CCPA / CPRA)

This section supplements this Privacy Policy for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

Categories of personal information collected in the preceding 12 months

CCPA categoryExamplesCollected?Retention
IdentifiersName, email, Google account ID, IP addressYesLifetime of account; deleted per Section 7
Customer recordsName, emailYesLifetime of account; deleted per Section 7
Internet / network activityUsage logs, session IDs, error-monitoring dataYesTypically 30–90 days in our operational logs; lifetime of account for session metadata
InferencesNarrowly scoped: which coach and framework you chose, in-session state used to generate the next responseYes (limited)Lifetime of account; not used to build marketing profiles
Sensitive personal informationConversation content and profile-document content that may reveal mental or physical health; audio input that is transcribed to text (browser-native, not stored on our servers)YesLifetime of account; deleted per Section 7

We do not collect other CCPA categories (financial information, commercial information, precise geolocation, biometric information, employment information, education information) except insofar as incidentally present in voluntary user content; we do not request or target them.

Purposes of collection and use

To operate, secure, and support the Service; to manage your account; to surface safety resources; to diagnose and maintain performance; to comply with law. See Section 3 for details.

Sensitive personal information and the Right to Limit

Conversation content and profile-document content may contain information relating to your mental or physical health. This is sensitive personal information under CPRA.

We use sensitive PI only to provide the Service you have requested — generating coach responses, storing your sessions, retrieving your profile, surfacing safety resources, and securing the Service — and for the additional purposes permitted without a "Right to Limit" obligation under CPRA § 1798.121(a) and 11 CCR § 7027.

Right to Limit — our approach. Even though we believe our sensitive-PI uses fall within the permitted-without-opt-in purposes, as a conservative measure we offer a mechanism for California residents to limit the use of sensitive PI for cross-session personalization. If you exercise this right by emailing support@getplanted.health with the subject line "California Right to Limit," we will configure your account so that sensitive PI in your profile document and prior-session transcripts is no longer used to contextualize new sessions. You will still be able to use the Service, but each session will begin without the cross-session context that personalization normally provides. This choice does not delete any data; it restricts how existing data is used going forward.

Audio

If you use voice input, audio is transcribed by your browser's built-in speech-recognition feature. We do not store raw audio on our servers. Depending on your browser, your audio may be transmitted to a third-party speech-recognition service operated by the browser vendor (see Section 2). This flow is outside our control and is governed by your browser's own privacy policy.

No sale or share

We do not sell personal information and do not share it for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months.

Global Privacy Control ("GPC")

Because we do not sell or share personal information and do not engage in cross-context behavioral advertising, GPC signals are not applicable to our processing. We will honor GPC signals in the event we ever engage in sale or sharing within the meaning of CCPA/CPRA, which we do not currently do.

Your California rights

  • Right to know / access the categories and specific pieces of personal information we have collected.
  • Right to delete your personal information.
  • Right to correct inaccurate information.
  • Right to data portability.
  • Right to opt out of sale/share — not applicable (we do not sell or share).
  • Right to limit the use of sensitive personal information — see above.
  • Right to non-discrimination for exercising your rights.

To exercise these rights, email support@getplanted.health. Authorized agents may submit requests with written authorization signed by you and documentation sufficient to verify the agent's authority and your identity.

California "Shine the Light"

California Civil Code § 1798.83 (the "Shine the Light" law) permits California residents to request certain information about our disclosure of personal information to third parties for their direct-marketing purposes. We do not disclose personal information to third parties for their own direct-marketing purposes.

11. Children's Privacy

The Service is intended only for adults aged 18 and over. Consistent with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from anyone under 13, and under our Terms of Service we do not permit anyone under 18 to use the Service at all. If we learn that we have collected information from someone under 18, we will delete it promptly. If you believe a minor has provided us information, please contact us at support@getplanted.health.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy with a new "Last Updated" date; and
  • Provide reasonable notice, such as by email or in-app notice, at least 14 days before changes take effect when practicable.

Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. State Privacy Notices

  • Washington residents: See our Consumer Health Data Privacy Notice for rights and disclosures under the Washington My Health My Data Act.
  • Other states: We will expand state-specific notices as we approach the applicability thresholds under additional state privacy laws (including the Nevada consumer health data law and the Connecticut Data Privacy Act as amended). If you live in one of those states and want to exercise rights that may apply to you, contact support@getplanted.health and we will work with you in good faith.