Privacy Policy

Tilth Apps ("we," "our," or "us") operates the tilthapps.com website and mobile applications including GrowPlan, CharterPath CFA, Menu Grade, and ProductPath (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

1. Information We Collect

1.1 Information You Provide to Us

We may collect information that you voluntarily provide when using our Services, including:

• Account Information: When you create an account, we may collect your name, email address, and password.
• Profile Information: Information you add to your profile, such as gardening zone, location (city/region), or preferences.
• User Content: Data you enter into our apps, such as garden plans, plant selections, notes, photos, and growing logs.
• Communications: Information you provide when contacting us for support or feedback, including your email address and message content.

1.2 Information Collected Automatically

When you use our Services, we may automatically collect certain information, including:

• Device Information: Device type, operating system version, unique device identifiers, and general device settings.
• Usage Data: Information about how you interact with our Services, including features used, pages visited, actions taken, time and date of visits, and time spent on pages.
• Log Data: Server logs that may include your IP address, browser type, referring/exit pages, and crash data.
• Location Data: With your permission, we may collect general location data (city/region level) to provide location-relevant features such as growing zone recommendations. We do not collect precise GPS location data without your explicit consent.

1.3 Information from Third Parties

We may receive information about you from third-party services if you choose to link or connect your account with third-party platforms (for example, signing in with Apple ID). We only receive information that you authorise the third party to share.

1.4 Menu Grade — App-Specific Data Practices

Menu Grade has specific data practices that differ from our other apps:

• Camera and Photo Access: Menu Grade uses your device camera to photograph restaurant menus. Photos are processed on-device to extract menu text and are never uploaded to external servers. Camera access is requested only when you initiate a scan.
• AI Nutrition Analysis: When you scan a menu, the extracted menu item names (text only, not images) are sent to our secure server for AI-powered nutrition analysis. This data is processed by Google Gemini via our Cloudflare-hosted proxy and is not stored on our servers after the response is returned. No personal information is included in these requests — only dish names.
• On-Device Storage: All scan results, nutrition data, food diary entries, allergen preferences, and health scores are stored locally on your device using Apple's SwiftData framework. This data is not transmitted to our servers.
• Social Features (Optional): If you choose to participate in social features such as leaderboards or item comments, a public profile (display name and emoji avatar of your choosing) is stored in Apple's CloudKit. Leaderboard scores and comments you post are also stored in CloudKit and visible to other users. Participation in social features is entirely optional.
• No Account Required: Menu Grade does not require you to create an account. The app functions fully without providing any personal information such as a name, email address, or password.
• No Tracking or Analytics SDKs: Menu Grade does not include any third-party analytics, advertising, or tracking SDKs. We do not track your behaviour across apps or websites.
• Translation: If a menu is detected as a foreign language, Menu Grade uses Apple's on-device Translation framework to translate menu items. This processing occurs entirely on your device.

1.5 CharterPath CFA — App-Specific Data Practices

CharterPath CFA has specific data practices:

• Account Required: CharterPath requires an account to sync your study progress. You can sign up with email/password or Apple Sign In. Authentication is handled by Firebase Authentication; see Firebase's Privacy Policy.
• Study Data: Your practice question responses, flashcard progress, mock exam scores, XP, streaks, and study statistics are stored on our servers to enable cross-device sync and leaderboard features.
• AI Explanations: When you use the "Ask AI" feature, your question context (question text, answer options, and your prompt) is sent to Anthropic's Claude API for generating explanations. No personal information is included in these requests — only exam content. See Anthropic's Privacy Policy.
• Subscription Data: Subscription purchases are processed by Apple through the App Store. We do not collect or store payment card details or billing information. To manage your subscription status, we store transaction identifiers, product identifiers, purchase dates, and expiration dates on our servers. This allows us to verify your subscription tier across devices.
• Community Features: If you participate in leaderboards, your display name and XP score are visible to other users. Mnemonic votes and bookmarks are stored on our servers.

1.6 ProductPath — App-Specific Data Practices

ProductPath has specific data practices:

• Account Required: ProductPath requires an account to track your learning progress. You can sign up with email/password or Apple Sign In.
• Learning Data: Your lesson progress, simulation results, quiz scores, and learning statistics are stored on our servers to enable progress tracking and cross-device sync.
• Subscription Data: Subscription purchases are processed by Apple through the App Store. We do not collect or store payment card details or billing information.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: To operate, maintain, and improve our apps and website.
• Personalisation: To personalise your experience and deliver content and features relevant to your interests and location.
• Communication: To respond to your enquiries, send service-related announcements, and provide customer support.
• Analytics: To understand how our Services are used, identify trends, and improve functionality and user experience.
• Safety and Security: To detect, prevent, and address technical issues, fraud, and security concerns.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: We may share information with trusted third-party service providers who assist us in operating our Services (e.g., cloud hosting, analytics, crash reporting). These providers are contractually obligated to use your information only for the purposes of providing services to us and are bound by confidentiality obligations.
• Legal Requirements: We may disclose information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court order or government request).
• Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With Your Consent: We may share information with third parties when you have given us explicit consent to do so.

4. Third-Party Services

Our Services may use or integrate with the following categories of third-party services:

• AI Nutrition Analysis (Menu Grade): Menu item names are sent to Google's Gemini API via our secure Cloudflare-hosted proxy for nutrition analysis. Only dish name text is transmitted — no images, personal data, or device identifiers are included. Data is not retained by our proxy after the response is delivered. Google's data usage policies apply to the processing of this text; see Google's Privacy Policy.
• Apple CloudKit (Menu Grade): Optional social features (public profiles, leaderboards, item comments) are stored in Apple's iCloud infrastructure via CloudKit. Data stored in CloudKit is governed by Apple's Privacy Policy.
• AI Study Assistant (CharterPath CFA): Exam question context is sent to Anthropic's Claude API for generating study explanations. Only question text and answer options are transmitted — no personal data or device identifiers. See Anthropic's Privacy Policy.
• Firebase Authentication (CharterPath CFA): User authentication is handled by Google's Firebase Authentication service. See Firebase's Privacy Policy.
• Analytics: We may use analytics services to help understand usage patterns. These services may collect information about your use of our apps, including device and usage data.
• Cloud Infrastructure: We use third-party cloud services to store and process data securely.
• Authentication: We may offer sign-in through Apple ID or other authentication providers. When you use these services, their respective privacy policies also apply.
• Crash Reporting: We may use crash reporting tools to identify and fix bugs and improve app stability.

We encourage you to review the privacy policies of any third-party services that you interact with through our apps.

5. Data Storage and Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and updates
• Access controls limiting who can access personal data
• Secure cloud infrastructure with industry-standard protections

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. We may also retain certain information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When your data is no longer needed, we will delete or anonymise it in a reasonable timeframe.

7. Your Rights and Choices

7.1 All Users

Regardless of your location, you have the following rights:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete information.
• Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Data Portability: You may request a copy of your data in a structured, commonly used format.
• Opt-Out: You may opt out of non-essential communications at any time.
• Account Deletion: You may delete your account at any time through the app settings or by contacting us.

7.2 European Economic Area (EEA) — GDPR

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your personal data based on consent, contractual necessity, or our legitimate interests (such as improving our Services).
• Right to Restrict Processing: You may request that we restrict the processing of your personal data under certain circumstances.
• Right to Object: You may object to processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at privacy@tilthapps.com.

7.3 California Residents — CCPA/CPRA

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell.
• Right to Delete: You have the right to request deletion of your personal information.
• Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Information: You have the right to limit how we use sensitive personal information.

To exercise your CCPA/CPRA rights, please contact us at privacy@tilthapps.com.

8. Children's Privacy

Our Services are not directed to children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have inadvertently collected personal information from a child under the applicable age, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@tilthapps.com so that we can take appropriate action.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of Standard Contractual Clauses or other legally recognised transfer mechanisms where required.

10. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience. You can control cookies through your browser settings. Our mobile applications do not use cookies but may use similar technologies for analytics purposes. You may opt out of analytics tracking through your device settings or through the app settings where available.

11. Push Notifications

With your permission, we may send push notifications to your mobile device to provide updates, reminders, and other Service-related information. You can disable push notifications at any time through your device settings.

12. In-App Subscriptions and Payments

Some of our apps, including CharterPath CFA, Menu Grade, and ProductPath, offer optional premium features via in-app subscriptions. All payments are processed entirely by Apple through the App Store. We do not collect, store, or have access to your payment card details, billing address, or other financial information.

To manage subscription status, we may store transaction identifiers, product identifiers, purchase dates, and expiration dates on our servers. This enables us to verify your subscription tier across devices and sessions. No payment card or billing information is ever transmitted to or stored on our servers. For details on how Apple handles your payment information, see Apple's Privacy Policy.

You can manage or cancel your subscriptions at any time through your Apple ID settings.

13. Links to Other Websites

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and, where appropriate, providing notice through the app or by email. Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Tilth Apps
Email: privacy@tilthapps.com
Website: tilthapps.com