Grove Regeneration, a DBA of DreamLabsCA, LLC ("Grove," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Grove mobile application, website, and related services (collectively, the "Service").By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.We reserve the right to make changes to this Privacy Policy at any time. We will notify you of any material changes by updating the "Last Updated" date and sending notice to the email address associated with your account. Your continued use of the Service following the posting of changes constitutes your acceptance of such changes.2. Information We CollectWe collect information you provide directly to us, information we collect automatically when you use the Service, and information from third-party sources.2.1 Information You Provide to UsAccount Information:Full legal nameDate of birthPhone numberEmail address (optional, for communications)Referral codes (used and generated)Financial Information:Plaid connection tokens (we do NOT store your actual bank account numbers or payment card details)Transaction data accessed through Plaid (merchant names, amounts, dates)Round-up calculations and accumulated amountsDonation history and payment statusPreferences and Selections:Reforestation project preferencesCommunication preferencesRound-up settings (active/paused status)User Content:Photos, reviews, or testimonials you choose to shareSocial media posts about your impactFeedback and correspondence with our support team2.2 Information We Collect AutomaticallyDevice and Usage Information:Device type, model, and operating systemUnique device identifiersMobile network informationApp version and performance dataFeatures used and interaction patternsCrash reports and error logsAnalytics Information:Session duration and frequencyScreen views and navigation pathsFeature adoption and usage patternsReferral sourcesLocation Information:IP address-based general locationTime zone2.3 Information From Third PartiesFinancial Service Providers:Transaction data from Plaid (with your authorization)Payment processing status from StripeAnalytics Providers:Usage analytics from Google Analytics and MixpanelApp performance data from FirebaseReforestation Partners:Tree planting confirmations and impact metrics3. Cookies and Tracking Technologies3.1 Technologies We UseWe use cookies, pixel tags, and similar technologies on our website to:Remember your preferences and settingsAnalyze site traffic and usage patternsMeasure the effectiveness of our marketing campaignsImprove Service functionality and user experience3.2 Types of CookiesEssential Cookies: Required for basic site functionality and securityAnalytics Cookies: Help us understand how users interact with our ServicePreference Cookies: Remember your settings and choicesMarketing Cookies: Track marketing campaign effectiveness3.3 Managing CookiesYou can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of our Service. For more information about cookies and how to manage them, visit www.aboutcookies.org.3.4 Do Not TrackWe do not currently respond to Do Not Track browser signals. However, we do not sell your personal information to third parties.4. How We Use Your InformationWe use the information we collect to:4.1 Provide and Maintain the ServiceCreate and manage your accountProcess round-up calculationsExecute donation transactionsTrack and display your environmental impactSend transaction confirmations and receipts4.2 Improve and Develop the ServiceAnalyze usage patterns and trendsDevelop new features and functionalityOptimize user experienceConduct research and analysis4.3 Communicate With YouSend Service-related notificationsRespond to your inquiries and support requestsProvide updates about your impactSend marketing communications (with your consent)4.4 Ensure Safety and SecurityDetect and prevent fraudVerify your identityInvestigate suspicious activityEnforce our Terms of Service4.5 Legal and ComplianceComply with legal obligationsRespond to legal requests and prevent harmProtect our rights and propertyMaintain records for tax and regulatory purposes5. How We Share Your InformationWe do not sell, rent, or trade your personal information. We share your information only in the following circumstances:5.1 Service ProvidersWe share information with third-party vendors who perform services on our behalf.Payment Processing:Plaid Inc.: Securely connects your bank accounts and accesses transaction dataStripe, Inc.: Processes ACH transfers (receives only payment amounts, not personal details)Infrastructure and Operations:Google Cloud Platform (Firebase): Hosts our Service and provides authenticationGoogle Analytics: Provides usage analyticsMixpanel: Provides product analyticsGmail (Google Workspace): Sends transactional and marketing emailsReforestation Partners:GreenSpark/Veritree: Receives aggregated donation amounts and impact tracking data (no personal information)5.2 Affiliate ProgramAffiliates who refer you can see:Total trees planted by their referred users (aggregated)Overall performance metrics (not individual user data)5.3 Legal RequirementsWe may disclose your information if required to do so by law or in response to:Court orders, subpoenas, or other legal processesRequests from law enforcement or government agenciesSituations involving potential threats to physical safety5.4 Business TransfersIf Grove is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.5.5 Aggregated and Anonymized DataWe may share aggregated or anonymized information that cannot reasonably identify you for research, marketing, or other business purposes.5.6 With Your ConsentWe may share your information for other purposes with your explicit consent.6. Data SecurityWe implement appropriate technical and organizational security measures to protect your personal information, including:6.1 Technical Safeguards256-bit SSL/TLS encryption for data transmissionEncryption at rest for sensitive dataSecure API integrations with banking partnersRegular security updates and patches6.2 Operational SafeguardsLimited employee access on a need-to-know basisConfidentiality agreements with employees and contractorsRegular security training for our teamIncident response procedures6.3 Infrastructure SecurityGoogle Cloud Platform's security infrastructureFirebase Authentication with multi-factor authentication supportPCI DSS compliance through our payment processorsRegular security audits and assessments6.4 Important NotesWe never store your full payment card numbers or banking credentialsPlaid tokens are used instead of actual account numbersAll payment processing is handled by PCI-compliant partnersWhile we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.7. Data RetentionWe retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.7.1 Retention PeriodsTransaction Records: 7 years for legal and tax complianceAccount Information: Duration of account plus 90 days after terminationCommunication Records: 2 years from last interactionAnalytics Data: 26 months (Google Analytics default)Anonymized Data: Indefinitely for research and analysis7.2 Deletion Upon RequestSubject to legal requirements, you may request deletion of your personal information. Note that we may retain certain information as required by law or for legitimate business purposes.8. Your Privacy Rights8.1 Access and PortabilityYou have the right to:Access the personal information we hold about youReceive a copy of your data in a portable formatReview your transaction and impact history8.2 Correction and UpdateYou can update your account information through the app or by contacting us. We encourage you to keep your information current.8.3 DeletionYou may request deletion of your account and personal information, subject to legal retention requirements.8.4 Communication PreferencesYou can opt out of marketing communications at any time through:Unsubscribe links in emailsApp notification settingsContacting our support team8.5 Account ControlsThrough the Service, you can:Pause or resume round-upsChange your reforestation project preferenceManage connected payment methodsDownload your impact reports9. California Privacy Rights (CCPA)California residents have additional rights under the California Consumer Privacy Act (CCPA).9.1 Right to KnowYou have the right to know:The categories of personal information we collectThe sources of personal informationOur purposes for collecting informationThe categories of third parties with whom we share informationThe specific pieces of personal information we have about you9.2 Categories of Personal Information CollectedIn the past 12 months, we have collected:Identifiers: Name, phone number, email, device IDsPersonal Information: Name, date of birth, financial account tokensCommercial Information: Transaction records, purchase historyInternet Activity: App usage, interaction dataGeolocation Data: General location from IP addressInferences: Preferences and behavior patterns9.3 Right to DeleteYou may request deletion of your personal information, subject to certain exceptions.9.4 Right to Non-DiscriminationWe will not discriminate against you for exercising your privacy rights.9.5 Sale of Personal InformationWe do not sell your personal information. We have not sold personal information in the past 12 months and do not intend to sell personal information in the future.9.6 How to Exercise Your RightsCalifornia residents may exercise their rights by:Email: hello@trygrove.appIn-app request through account settingsWe will verify your identity before processing your request.10. Children's PrivacyThe Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@trygrove.app.11. Biometric Information11.1 Current PracticesWe do not currently collect biometric information.11.2 Future ImplementationWe may implement biometric authentication (Face ID, Touch ID) in the future for enhanced security. If we do:Biometric data will be stored locally on your device onlyWe will not have access to your actual biometric dataYou will have the option to use alternative authentication methodsWe will update this Privacy Policy before implementing such features12. User-Generated Content12.1 Public SharingContent you choose to share publicly (impact photos, testimonials, social media posts) may be visible to other users and the general public.12.2 Future Social FeaturesWe may introduce social features allowing users to share their impact with each other. You will have control over what information you share and with whom.12.3 License GrantBy sharing content through the Service, you grant us a non-exclusive, worldwide, royalty-free license to use, display, and distribute such content for Service-related purposes.13. Data Breach Notification13.1 Our CommitmentIn the event of a data breach that compromises your personal information, we will:Notify affected users within 72 hours of discoveryProvide information about what data was affectedOutline steps we're taking to address the breachOffer guidance on protecting yourself13.2 Notification MethodsWe will notify you via:Email to your registered email addressPush notification through the appNotice on our website14. International Data TransfersThe Service is currently available only in the United States. Your information is processed and stored in the United States. By using the Service, you consent to the transfer and processing of your information in the United States.15. Third-Party LinksThe Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.16. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time. We will notify you of material changes by:Updating the "Last Updated" date at the top of this policySending an email to your registered email addressProviding a prominent notice in the appYour continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.17. Contact UsIf you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:Grove RegenerationA DBA of DreamLabsCA, LLC14016 Armstrong Woods Rd #16216FGuerneville, CA 95446Email: hello@trygrove.appPhone: 415-484-2569Privacy Rights RequestsFor privacy rights requests (access, deletion, etc.), please email: hello@trygrove.app with "Privacy Request" in the subject line.Data Protection OfficerFor privacy-related inquiries, you may contact our Data Protection Officer at: hello@trygrove.app18. Legal Bases for Processing (Transparency)We process your personal information under the following legal bases:Consent: For marketing communications and optional featuresContract: To provide the Service you've requestedLegal Obligation: To comply with laws and regulationsLegitimate Interests: For fraud prevention, security, and Service improvement19. AccessibilityWe are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us at hello@trygrove.app.20. Governing LawThis Privacy Policy is governed by the laws of the State of California, without regard to its conflict of law provisions.By using the Grove Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.