**DRAFT — must be reviewed by a licensed attorney before launch.**

# LawnTide Privacy Policy

**Effective Date:** [PLACEHOLDER — EFFECTIVE DATE]

**Last Updated:** [PLACEHOLDER — EFFECTIVE DATE]

This Privacy Policy explains how [PLACEHOLDER — COMPANY LEGAL NAME] ("LawnTide," "we," "us," or "our") collects, uses, and shares information when you visit **lawntide.com** (the "Site") and use our free soil-temperature email alert service (the "Service").

LawnTide is a free service for **U.S.-based homeowners** that sends email alerts telling you the approximate week to apply seasonal lawn treatments (such as a spring crabgrass pre-emergent or a fall poa annua pre-emergent), based on local soil-temperature forecasts.

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not sign up.

---

## 1. Who We Are (Data Controller)

The party responsible for your information is:

- **Legal entity:** [PLACEHOLDER — COMPANY LEGAL NAME]
- **Mailing address:** [PLACEHOLDER — COMPANY MAILING ADDRESS]
- **Contact email:** [PLACEHOLDER — CONTACT EMAIL]

---

## 2. Information We Collect

We intentionally collect as little as possible. We do **not** ask for your name, your street address, your phone number, or payment information.

### 2.1 Information you give us
- **Email address** — so we can send you the alerts you sign up for and a confirmation (double opt-in) email.
- **ZIP code** — so we can determine your approximate location for local soil-temperature forecasts.

### 2.2 Information we derive
- **Approximate latitude/longitude** — we convert your ZIP code into approximate coordinates (the center of your ZIP code area) so we can request the correct local forecast. We do **not** pinpoint your home or use precise device GPS.

### 2.3 Information collected automatically
- **Email engagement data** — whether a confirmation or alert email was delivered, opened, or clicked, and bounce/complaint/unsubscribe events. This is provided by our email vendor and helps us confirm delivery, maintain list quality, and improve timing.
- **Basic technical/log data** — when you visit the Site, our hosting and infrastructure providers may automatically log standard information such as IP address, browser type, device type, referring page, and timestamps, for security, abuse prevention, and reliability.

### 2.4 Cookies and analytics
See **Section 9 (Cookies & Analytics)** below.

We do **not** knowingly collect sensitive personal information (such as health, biometric, precise geolocation, race, religion, or financial account data).

---

## 3. Why We Use Your Information (Purposes)

We use the information above to:

1. **Provide the Service** — send the double opt-in confirmation email, and send the seasonal alert(s) you requested.
2. **Determine timing and location** — convert your ZIP code to approximate coordinates and request the correct local soil-temperature forecast.
3. **Maintain deliverability and list quality** — process bounces, spam complaints, and unsubscribes, and avoid emailing people who did not confirm.
4. **Improve the Service** — understand, in aggregate, whether alerts are being delivered, opened, and found useful, and refine our timing rules.
5. **Secure the Service** — detect, prevent, and respond to fraud, abuse, spam signups, and security incidents.
6. **Comply with law** — meet legal, regulatory, and recordkeeping obligations, including proof of consent under email marketing laws.

We do **not** use your information for automated decision-making that produces legal or similarly significant effects about you.

---

## 4. Legal Bases (for users where applicable)

Where a legal basis is required (for example, under GDPR-style frameworks), we rely on:

- **Consent** — for sending you marketing/transactional alert emails (you give double opt-in consent, and may withdraw it at any time by unsubscribing).
- **Performance of a contract / provision of a requested service** — to deliver the alerts you asked for.
- **Legitimate interests** — to keep the Service secure, maintain email deliverability, and improve the Service, balanced against your rights.
- **Legal obligation** — to retain records of consent and comply with applicable law.

LawnTide is intended for U.S. residents. We do not target the Service to individuals in the EU/EEA or UK.

---

## 5. How We Share Information

**We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising**, as those terms are defined under the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"). We have not sold or shared personal information in the preceding 12 months.

We share information only with the service providers ("processors") that operate the Service on our behalf, and only as needed for them to perform their function. These providers are contractually limited in how they may use the information:

| Provider | Role | What it processes |
|---|---|---|
| **Supabase** | Database / backend hosting | Your email, ZIP, derived lat/lon, consent and subscription records |
| **Resend** | Transactional & marketing email delivery | Your email address, the alert content, and engagement events (delivery, opens, clicks, bounces, complaints, unsubscribes) |
| **Vercel** | Website and application hosting | Site traffic and standard server/log data |
| **Open-Meteo** | Weather & soil-temperature forecast data | Approximate coordinates (lat/lon) used to request a forecast; we do **not** send Open-Meteo your email address |

We may also disclose information:
- **To comply with law** — in response to a lawful subpoena, court order, or legal request, or to enforce our Terms.
- **To protect rights and safety** — to investigate or prevent fraud, abuse, or threats to security.
- **In a business transfer** — if LawnTide is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.

### Future affiliate links
The Service is free and currently contains **no** brand-specific or affiliate product recommendations. In the future we may include affiliate links to lawn-care products. **Clicking an affiliate link sends you to a third-party website governed by that third party's own privacy policy; we do not control and are not responsible for those sites.** We will update this Policy before introducing any tracking that materially changes how your data is handled.

---

## 6. Data Retention

- We retain your **email, ZIP, derived coordinates, and consent records** for as long as your subscription is active, so we can send your alerts.
- When you **unsubscribe**, we promptly stop sending you marketing alerts and **delete your subscription record**, except that we may retain a minimal **suppression record** (e.g., a hashed or plain record of your email and the fact that you opted out) to honor your unsubscribe request and to avoid emailing you again. Suppression records are retained for as long as needed to respect your choice and meet legal obligations.
- **Email engagement logs** held by our email vendor are retained per that vendor's standard retention period.
- We may retain limited records longer where required to comply with legal obligations, resolve disputes, or enforce our agreements.

---

## 7. Deletion & Your Choices

- **Unsubscribe at any time** using the link in the footer of every alert email. This stops marketing emails and triggers deletion of your subscription record (see Section 6).
- **Request deletion** of your information by emailing **[PLACEHOLDER — CONTACT EMAIL]**. We will delete your subscription data, subject to the limited exceptions in Section 6.

---

## 8. Your Privacy Rights

### 8.1 California residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- **Know / Access** — the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it.
- **Delete** — request deletion of personal information we collected from you, subject to legal exceptions.
- **Correct** — request correction of inaccurate personal information.
- **Opt out of sale/sharing** — **we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of**; we honor any Global Privacy Control (GPC) signal as a matter of practice.
- **Non-discrimination** — we will not discriminate against you for exercising these rights.

**Categories of personal information collected** (per CCPA): identifiers (email address); approximate geolocation derived from ZIP code (ZIP and approximate, non-precise lat/lon); and internet/electronic activity (email engagement and standard server logs). We collect these from you directly and automatically as described above, for the business purposes in Section 3.

**To exercise these rights**, email **[PLACEHOLDER — CONTACT EMAIL]**. We will verify your request by confirming control of the email address associated with your subscription. You may use an authorized agent, subject to verification.

### 8.2 Other U.S. state privacy rights
Depending on your state of residence (for example, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others), you may have similar rights to access, correct, delete, and opt out of certain processing. We will honor verifiable requests as required by applicable law. Contact **[PLACEHOLDER — CONTACT EMAIL]**.

---

## 9. Cookies & Analytics

LawnTide is designed to be minimal. The Site uses only the cookies strictly necessary for it to function and to keep it secure (for example, infrastructure cookies set by our hosting provider).

- We do **not** use third-party advertising cookies.
- If we add **privacy-respecting, cookieless analytics** to understand aggregate Site traffic, we will use it only in a way that does not identify you individually, and we will update this section.
- Our alert emails may include standard **open/click tracking** (a tracking pixel and wrapped links) provided by our email vendor so we can confirm delivery and measure engagement. You can limit open tracking by disabling image loading in your email client.

---

## 10. Children's Privacy

The Service is intended for adult U.S. homeowners and is **not directed to children under 13**. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact **[PLACEHOLDER — CONTACT EMAIL]** and we will delete it.

---

## 11. Data Security

We use reputable service providers (Supabase, Resend, Vercel) and rely on industry-standard safeguards such as encryption in transit. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

---

## 12. International Users

The Service is intended for users in the **United States**, and information is processed in the United States (and potentially other countries where our service providers operate). If you access the Service from outside the U.S., you do so on your own initiative.

---

## 13. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where appropriate, notify subscribers by email. Your continued use of the Service after an update constitutes acceptance of the revised Policy.

---

## 14. Contact Us

Questions or requests about this Policy or your information:

- **[PLACEHOLDER — COMPANY LEGAL NAME]**
- **[PLACEHOLDER — COMPANY MAILING ADDRESS]**
- **[PLACEHOLDER — CONTACT EMAIL]**

Weather and soil-temperature data are provided by Open-Meteo and used under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.