Privacy Policy

Last updated: April 2026

The short version: your seed collection stays on your phone. We only store what's needed to run the app and what you actively choose to share with other growers.

Who we are

Frø is developed and operated by Ørjan Storås. You can reach us at contact@frø.app.

What stays on your device

The following data is stored locally on your phone only and is never sent to our servers:

Your seed inventory — cultivars, seed lots, quantities, notes
Planting records and growing events
Recipients and dispatch history (who you've sent seeds to)
Garden locations, beds, and growing notes
Photos attached to planting events

This data is yours. If you uninstall the app, it is deleted from your device. We cannot access it, recover it, or see it.

What leaves your device

The following categories of data may leave your device depending on which features you use:

1. Your account details
When you create an account, we store your email address and name. This is used only for sign-in. If you sign in with Google, we receive your Google account email and name.

2. Seeds you share with others
When you share a seed via the app, we store a snapshot of the cultivar and lot details alongside your display name and growing region (city or municipality). This lets the recipient see where the seeds came from and is part of the seed's provenance record. You choose when to share — nothing is shared automatically.

3. Anonymized growing events
When you have a garden location set up and log growing events (sowing, germination, harvest, etc.), we automatically record anonymized data about when and where varieties are grown. This includes your municipality or postal code, the variety name, the event type, and the date. Your internal user ID is stored server-side alongside this data to enable deletion requests, but it is never visible to other users. We use this data in aggregate to help growers understand when and where varieties thrive. You can prevent this by removing your garden location in Profile settings.

4. Seed packet photos (AI scanner only)
When you use the seed packet scanner, the photo you take is sent to Google's Gemini API via our server to extract growing information. The photo is not stored by us — it is processed in real time and discarded. You choose when to use the scanner; no photos leave your device otherwise.

5. Frost and location data (Norway only)
If you have a Norwegian garden location set up, your postal code is sent to MET Norway (frost.met.no) and Kartverket (ws.geonorge.no) to retrieve historical frost data and convert your postal code to coordinates. Your postal code is also sent to Nominatim (OpenStreetMap) to look up your municipality name. None of these services receive any personal identifiers — only the postal code.

How we store and protect your data

All data sent to our servers is stored on Supabase, a data platform hosted within the EU. Data is encrypted in transit (HTTPS) and at rest. We do not sell your data, share it with advertisers, or use it for any purpose other than running the app.

Third parties

Supabase — our database and authentication provider. Their privacy policy is at supabase.com/privacy.
Google (Sign-in) — optional sign-in only. Used if you choose "Sign in with Google".
Google Gemini — when you use the AI seed packet scanner or "Look up growing info", the seed packet image or variety name is sent to Google's Gemini API to extract or look up growing details. No personal data is included in these requests. Google's privacy policy is at policies.google.com/privacy.
MET Norway — receives your postal code to return historical frost data (Norwegian locations only). Privacy policy at met.no/en/privacy.
Kartverket — receives your postal code to convert it to coordinates (Norwegian locations only). Privacy policy at kartverket.no/en/privacy.
Nominatim / OpenStreetMap — receives your postal code to look up your municipality name. Privacy policy at osmfoundation.org.

Legal basis for processing

We process your data on the following legal bases under GDPR:

Contract — account details and shared seed data are processed to provide the service you signed up for.
Legitimate interest — anonymized growing events are processed to improve the app and provide regional growing insights to the community. You can opt out by removing your garden location.
Consent — if you sign in with Google, you consent to Google sharing your email and name with us at the point of sign-in.

Your rights

Under GDPR, you have the right to access, correct, and delete the data we hold about you. Specifically:

Access: Contact us and we will tell you what data we have stored.
Correction: Contact us to correct any inaccurate data we hold.
Deletion: You can request account deletion from within the app, which will remove your account details, shared seeds, and community growing events from our servers within 30 days. Your local seed collection is deleted when you uninstall the app.
Portability: Contact us if you would like a copy of your data.
Objection: You may object to processing based on legitimate interest by contacting us.

To exercise any of these rights, contact us at contact@frø.app.

You also have the right to lodge a complaint with Datatilsynet, Norway's data protection authority.

Children

Frø is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

We may update this policy as the app evolves. Significant changes will be communicated through the app. The "last updated" date at the top of this page reflects the most recent revision.

Contact

Questions or concerns? Write to us at contact@frø.app.