Verso Plant Care – Privacy Policy
Effective date: 28 May 2026
Last updated: 28 May 2026
1. Who we are
Constlet Oy ("we", "our", "us") is the data controller for the Verso Plant Care mobile application and the https://versoplantcare.com website.
2. What data we collect and why
We collect installation-specific data that helps us operate and improve the service. Most data is pseudonymous analytics data that cannot be linked to a natural person. If you choose to create an account, we also collect your email address for account access, authentication, and syncing your plant collection.
| Field | Example | Purpose |
|---|---|---|
| application | application one | Distinguishes one app from another. |
| element | home button | Identifies which UI element was used. |
| description | User pressed home button on Settings page | Human‑readable action description. |
| guid | ios-1754388…f89021 | Distinguishes one installation from another. |
| screen | settings page | Identifies which page the action occurred. |
| action | click / navigate | Interaction type. |
| type | button press | Identifies element action type. |
| error code | NullReferenceException | Code that identifies the fault; no user content. |
| error message | Null reference at Main:42 | Helps locate the fault; personal data removed. |
| timestamp | 2025‑08‑04 T09:21:33 Z | Orders events in time. |
| email@example.com | Account access (optional) |
Legal basis: Legitimate interest (GDPR Article 6 (1)(f)).
Account creation and deletion
Creating an account is optional. You can use Verso Plant Care without an account, but creating one lets you keep your plant collection available across devices. If you create an account, we collect and store your email address for account access, authentication and syncing your plant collection. You can request account and email deletion from within the app, or by emailing us at mail@constlet.com. Once your request is processed, we will delete your account data unless we are required to keep certain information for legal, security, or payment-record purposes.
3. How we use the data
- Measure feature usage and guide product decisions.
- Diagnose crashes and technical issues.
- Manage in‑app purchases and subscriptions (pseudonymous purchase data itself is handled separately by RevenueCat; see Section 5).
Analytics processing is performed on pseudonymous data only. The data is never sold, shared with advertisers, or combined with other datasets to identify you.
4. Retention and aggregation
| Stage | Retention period | What happens |
|---|---|---|
| Raw analytics logs | 90 days | Used for debugging and feature analysis. |
| Anonymous aggregated metrics | Undetermined | All identifiers removed; only daily totals retained. The resulting dataset is anonymous. |
| Deletion | Automatic | Logs are permanently deleted after the above periods. Once the App Instance ID is removed, the aggregated dataset is anonymous and therefore no longer subject to GDPR personal‑data provisions. |
5. RevenueCat (in‑app purchases)
We use RevenueCat Inc. (United States) to validate App Store / Google Play purchase receipts and manage subscription status. These receipts are pseudonymous and sent directly from the store servers to RevenueCat; they are not stored in our analytics logs. For details on what RevenueCat collects and how long it keeps that data, please see the RevenueCat Privacy Policy: https://www.revenuecat.com/privacy
6. Where the data is processed
| Service | Location | Role | Safeguard |
|---|---|---|---|
| Firebase Cloud Function | European Union | Receives pseudonymous usage events | No onward transfer outside the EU (events from all regions are sent directly to EU location). |
| Cloud Firestore | European Union | Stores pseudonymous analytics and error logs | Data remains in the EU; no onward transfer outside the EU. |
| RevenueCat Inc. | United States | Processes purchase receipts & subscription status | Standard contractual clauses with pseudonymous data. |
| Google LLC | European Union | Infrastructure provider | Standard contractual clauses; IPs discarded at EU ingress edge. |
Regardless of where you use the app, pseudonymous usage‑analytics events are transmitted directly to EU‑hosted servers and remain in the European Economic Area. No personal data is transferred outside the EEA except the pseudonymous purchase‑related data handled by RevenueCat, as described above.
7. Security
- Encryption in transit and at rest.
- Role‑based access controls.
- Automated log deletion.
- Continuous monitoring.
8. Your GDPR rights
The data we hold cannot, on its own, identify any individual. GDPR Article 11 therefore applies. If you exercise a right of access, rectification or erasure we will first request additional technical information to locate your data (such as guid). If such information cannot be provided, we may lawfully decline the request.
If you would like a fresh guid that cannot be linked to previous events, simply uninstall and reinstall the app. Uninstalling (or no longer using) the app also stops any further analytics collection.
9. Children
Our applications are not directed to children under 13 years of age.
10. Changes to this policy
We may update this notice from time to time. The "Last updated" date shows the current revision.
11. Your Consent
By using our applications, you hereby consent to this privacy policy and agree to its terms.
12. Contact
If you have any further questions about this privacy policy or our data practices, please email mail@constlet.com.