Get Back

Help Center

Support
Privacy
Terms

Privacy Policy

GROVE PRIVACY POLICY
Effective Date: 10/31/2025
Last Updated: 10/31/2025

1. Introduction

Grove Regeneration, a DBA of DreamLabsCA, LLC (“Grove,” “we,” “us,” or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Grove mobile application, website, and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We reserve the right to make changes to this Privacy Policy at any time. We will notify you of any material changes by updating the “Last Updated” date and sending notice to the email address associated with your account. Your continued use of the Service following the posting of changes constitutes your acceptance of such changes.

2. Information We Collect

We collect information you provide directly to us, information we collect automatically when you use the Service, and information from third-party sources.

2.1 Information You Provide to Us

Account Information:

  • Full legal name
  • Date of birth
  • Phone number
  • Email address (optional, for communications)
  • Referral codes (used and generated)

Financial Information:

  • Plaid connection tokens (we do NOT store your actual bank account numbers or payment card details)
  • Transaction data accessed through Plaid (merchant names, amounts, dates)
  • Round-up calculations and accumulated amounts
  • Donation history and payment status

Preferences and Selections:

  • Reforestation project preferences
  • Communication preferences
  • Round-up settings (active/paused status)

User Content:

  • Photos, reviews, or testimonials you choose to share
  • Social media posts about your impact
  • Feedback and correspondence with our support team

2.2 Information We Collect Automatically

Device and Usage Information:

  • Device type, model, and operating system
  • Unique device identifiers
  • Mobile network information
  • App version and performance data
  • Features used and interaction patterns
  • Crash reports and error logs

Analytics Information:

  • Session duration and frequency
  • Screen views and navigation paths
  • Feature adoption and usage patterns
  • Referral sources

Location Information:

  • IP address-based general location
  • Time zone

2.3 Information From Third Parties

Financial Service Providers:

  • Transaction data from Plaid (with your authorization)
  • Payment processing status from Stripe

Analytics Providers:

  • Usage analytics from Google Analytics and Mixpanel
  • App performance data from Firebase

Reforestation Partners:

  • Tree planting confirmations and impact metrics

3. Cookies and Tracking Technologies

3.1 Technologies We Use

We use cookies, pixel tags, and similar technologies on our website to:

  • Remember your preferences and settings
  • Analyze site traffic and usage patterns
  • Measure the effectiveness of our marketing campaigns
  • Improve Service functionality and user experience

3.2 Types of Cookies

  • Essential Cookies: Required for basic site functionality and security
  • Analytics Cookies: Help us understand how users interact with our Service
  • Preference Cookies: Remember your settings and choices
  • Marketing Cookies: Track marketing campaign effectiveness

3.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of our Service. For more information about cookies and how to manage them, visit www.aboutcookies.org.

3.4 Do Not Track

We do not currently respond to Do Not Track browser signals. However, we do not sell your personal information to third parties.

4. How We Use Your Information

We use the information we collect to:

4.1 Provide and Maintain the Service

  • Create and manage your account
  • Process round-up calculations
  • Execute donation transactions
  • Track and display your environmental impact
  • Send transaction confirmations and receipts

4.2 Improve and Develop the Service

  • Analyze usage patterns and trends
  • Develop new features and functionality
  • Optimize user experience
  • Conduct research and analysis

4.3 Communicate With You

  • Send Service-related notifications
  • Respond to your inquiries and support requests
  • Provide updates about your impact
  • Send marketing communications (with your consent)

4.4 Ensure Safety and Security

  • Detect and prevent fraud
  • Verify your identity
  • Investigate suspicious activity
  • Enforce our Terms of Service

4.5 Legal and Compliance

  • Comply with legal obligations
  • Respond to legal requests and prevent harm
  • Protect our rights and property
  • Maintain records for tax and regulatory purposes

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf.

Payment Processing:

  • Plaid Inc.: Securely connects your bank accounts and accesses transaction data
  • Stripe, Inc.: Processes ACH transfers (receives only payment amounts, not personal details)

Infrastructure and Operations:

  • Google Cloud Platform (Firebase): Hosts our Service and provides authentication
  • Google Analytics: Provides usage analytics
  • Mixpanel: Provides product analytics
  • Gmail (Google Workspace): Sends transactional and marketing emails

Reforestation Partners:

  • GreenSpark/Veritree: Receives aggregated donation amounts and impact tracking data (no personal information)

5.2 Affiliate Program

Affiliates who refer you can see:

  • Total trees planted by their referred users (aggregated)
  • Overall performance metrics (not individual user data)

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Requests from law enforcement or government agencies
  • Situations involving potential threats to physical safety

5.4 Business Transfers

If Grove is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot reasonably identify you for research, marketing, or other business purposes.

5.6 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

6.1 Technical Safeguards

  • 256-bit SSL/TLS encryption for data transmission
  • Encryption at rest for sensitive data
  • Secure API integrations with banking partners
  • Regular security updates and patches

6.2 Operational Safeguards

  • Limited employee access on a need-to-know basis
  • Confidentiality agreements with employees and contractors
  • Regular security training for our team
  • Incident response procedures

6.3 Infrastructure Security

  • Google Cloud Platform’s security infrastructure
  • Firebase Authentication with multi-factor authentication support
  • PCI DSS compliance through our payment processors
  • Regular security audits and assessments

6.4 Important Notes

  • We never store your full payment card numbers or banking credentials
  • Plaid tokens are used instead of actual account numbers
  • All payment processing is handled by PCI-compliant partners

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

7.1 Retention Periods

  • Transaction Records: 7 years for legal and tax compliance
  • Account Information: Duration of account plus 90 days after termination
  • Communication Records: 2 years from last interaction
  • Analytics Data: 26 months (Google Analytics default)
  • Anonymized Data: Indefinitely for research and analysis

7.2 Deletion Upon Request

Subject to legal requirements, you may request deletion of your personal information. Note that we may retain certain information as required by law or for legitimate business purposes.

8. Your Privacy Rights

8.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Receive a copy of your data in a portable format
  • Review your transaction and impact history

8.2 Correction and Update

You can update your account information through the app or by contacting us. We encourage you to keep your information current.

8.3 Deletion

You may request deletion of your account and personal information, subject to legal retention requirements.

8.4 Communication Preferences

You can opt out of marketing communications at any time through:

  • Unsubscribe links in emails
  • App notification settings
  • Contacting our support team

8.5 Account Controls

Through the Service, you can:

  • Pause or resume round-ups
  • Change your reforestation project preference
  • Manage connected payment methods
  • Download your impact reports

9. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA).

9.1 Right to Know

You have the right to know:

  • The categories of personal information we collect
  • The sources of personal information
  • Our purposes for collecting information
  • The categories of third parties with whom we share information
  • The specific pieces of personal information we have about you

9.2 Categories of Personal Information Collected

In the past 12 months, we have collected:

  • Identifiers: Name, phone number, email, device IDs
  • Personal Information: Name, date of birth, financial account tokens
  • Commercial Information: Transaction records, purchase history
  • Internet Activity: App usage, interaction data
  • Geolocation Data: General location from IP address
  • Inferences: Preferences and behavior patterns

9.3 Right to Delete

You may request deletion of your personal information, subject to certain exceptions.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

9.5 Sale of Personal Information

We do not sell your personal information. We have not sold personal information in the past 12 months and do not intend to sell personal information in the future.

9.6 How to Exercise Your Rights

California residents may exercise their rights by:

We will verify your identity before processing your request.

10. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@trygrove.app.

11. Biometric Information

11.1 Current Practices

We do not currently collect biometric information.

11.2 Future Implementation

We may implement biometric authentication (Face ID, Touch ID) in the future for enhanced security. If we do:

  • Biometric data will be stored locally on your device only
  • We will not have access to your actual biometric data
  • You will have the option to use alternative authentication methods
  • We will update this Privacy Policy before implementing such features

12. User-Generated Content

12.1 Public Sharing

Content you choose to share publicly (impact photos, testimonials, social media posts) may be visible to other users and the general public.

12.2 Future Social Features

We may introduce social features allowing users to share their impact with each other. You will have control over what information you share and with whom.

12.3 License Grant

By sharing content through the Service, you grant us a non-exclusive, worldwide, royalty-free license to use, display, and distribute such content for Service-related purposes.

13. Data Breach Notification

13.1 Our Commitment

In the event of a data breach that compromises your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide information about what data was affected
  • Outline steps we’re taking to address the breach
  • Offer guidance on protecting yourself

13.2 Notification Methods

We will notify you via:

  • Email to your registered email address
  • Push notification through the app
  • Notice on our website

14. International Data Transfers

The Service is currently available only in the United States. Your information is processed and stored in the United States. By using the Service, you consent to the transfer and processing of your information in the United States.

15. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the “Last Updated” date at the top of this policy
  • Sending an email to your registered email address
  • Providing a prominent notice in the app

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Grove Regeneration
A DBA of DreamLabsCA, LLC
14016 Armstrong Woods Rd #16216F
Guerneville, CA 95446
Email: hello@trygrove.app
Phone: 415-484-2569

Privacy Rights Requests

For privacy rights requests (access, deletion, etc.), please email hello@trygrove.app with “Privacy Request” in the subject line.

Data Protection Officer

For privacy-related inquiries, you may contact our Data Protection Officer at hello@trygrove.app.

18. Legal Bases for Processing (Transparency)

We process your personal information under the following legal bases:

  • Consent: For marketing communications and optional features
  • Contract: To provide the Service you’ve requested
  • Legal Obligation: To comply with laws and regulations
  • Legitimate Interests: For fraud prevention, security, and Service improvement

19. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us at hello@trygrove.app.

20. Governing Law

This Privacy Policy is governed by the laws of the State of California, without regard to its conflict of law provisions.

By using the Grove Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.