Privacy, in brief.

Last updated: 2026-05-30. Working draft — review with a lawyer before relying on it.

The Garden is a quiet place to be known by a few people, slowly. Everything below is about what that means for your data.

What we store

• The email address you sign up with (and, if you choose Google sign-in, the basic profile Google gives us: name, profile picture URL, Google ID).
• Your date of birth (collected once, to verify you're 18 or older — never shown to anyone else).
• The answers you choose to plant in your windowsill.
• The leaves you add — text leaves (poems, songs, words) and any portrait image you upload.
• The threads you grow with other people, and every message inside them.
• Timestamps for when these things happened.

Anonymous usage signals

We use Firebase Analytics (Google) to count anonymous events — how many people complete onboarding, how often the slot cap kicks in, which leaf kinds get added most. These help us understand whether the product is working and improve the flow. The events do not contain anything you've written, no advertising identifier, no location, no fingerprint.

What we never store

• Advertising identifiers.
• Your location.
• Your contacts.
• Tracking across other sites or apps.
• Numeric scores or rankings of you.

Who sees what

Other people in the garden can see only what you choose to make visible:

• Your display name and one optional line about yourself.
• The one answer you chose to surface as your public seed.
• The kind of each leaf you've planted (poem, song, art, work, portrait) — never their content, until you unfurl that specific leaf to that specific person.

Contents are unlocked one person at a time, only by you, through the unfurl action. There is no admin override, no "feature" account that gets to see more, no shadow profile of you for anyone.

Who else has the data, technically

Your data lives in Google Firebase (Firestore, Storage, Authentication, Cloud Functions). Google is a sub-processor under our control — they hold the data on our behalf and don't use it for their own purposes. We don't share your data with anyone else.

What we don't do

• We don't sell your data.
• We don't run advertising on you, ever.
• We don't score, rank, or measure you against anyone else.
• We don't push notifications you didn't ask for.

Your rights

You can, at any time, in the app:

• Edit your display name, line, and any answer.
• Remove any leaf you've added — it disappears for you and is retracted from anyone you'd opened it to.
• Delete your entire account — under You → delete the garden. This cascade-deletes every doc, message, leaf, image and your authentication record, irreversibly, within seconds.

If you'd rather request these in writing, email support@silentgarden.in. We respond within 30 days. Under GDPR / UK GDPR / CCPA you also have rights of access (a copy of your data), rectification, and to lodge a complaint with your local data-protection authority.

Children

The Garden is only for people aged 18 and over. The age gate is enforced at sign-up via the date of birth you provide. If we learn an account belongs to a minor, we delete it without notice.

Storage and cookies

We use local storage in your browser to remember which conversations you've already read (so the unread badge can disappear when you've seen a message), and Firebase Authentication uses IndexedDB to keep you signed in across reloads. Neither contains your written content; both are cleared when you sign out.

Security

All traffic to and from The Garden is encrypted (HTTPS). Server-side, Firebase Security Rules enforce that no one can read your private content (answers, leaf contents, messages, threads, grants) except you and the specific people you've opened a specific leaf to. Cloud Functions handle the few server-side privileged operations (matching, slot-cap transactions, leaf grant creation, account deletion) under Admin SDK, which bypasses client rules but is subject to its own access controls.

Changes to this policy

If we ever change anything meaningful about how we handle your data, we'll show you the new policy at next sign-in and ask you to accept it before continuing.

Who to contact

For anything privacy-related: support@silentgarden.in. For everything else: support@silentgarden.in.

This document is a working draft. It reflects how the product is built today, but it has not been reviewed by a lawyer. Before depending on it for compliance, please have a privacy lawyer in your jurisdiction review and adapt it.