Privacy Policy
1. Controller
Simon Kappelmeir – Dienstleistung Weiherbachweg 6 82216 Maisach Germany Email: support@horticum.com Phone: +49 171 9350369
2. Overview of processing activities
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects concerned.
3. Personal data collected
The following personal data is processed in the course of using the app: • Email address (for registration, login and password recovery) • Display name (for account management and logging) • Password (stored as a server-side hash, never in plain text) • Working hours, absences and time-tracking data • GPS location data (only when actively using the time clock on mobile devices, with explicit consent, only while the app is open) • First-aid entries (name of the injured person, course of the incident, first responder, company) • Plant-protection records (product, application quantities, areas, applicator name, allocation to a business or "private") • Fertilisation data (fertilisation measures, soil analyses, custom fertilisers) • Customer and supplier data (name, address, tax number, VAT ID, IBAN, contact details) • Business membership and member status • Financial data (entries, document numbers) in the accounting function • Documentation (self-created instructions, work aids, links to tasks/crops, embedded images and drawings) • Label templates (format, fields, printer settings for thermal transfer printers) • Imported/exported files (remain locally on the device, not transferred to the provider) • Payment data when subscribing via Stripe (company name, VAT ID, billing email; credit-card/bank data is processed exclusively by Stripe, not by the provider) • Device ID (randomly generated identifier for synchronisation, not linked to device data) • Last activity (timestamp of the last app start, used to detect inactive accounts)
4. Legal basis
Data is processed on the following legal bases: • Art. 6 (1)(a) GDPR: consent (GPS location) • Art. 6 (1)(b) GDPR: contract performance (account management, core functions) • Art. 6 (1)(c) GDPR: legal obligation (first-aid documentation under § 24 DGUV Rule 1; plant-protection documentation under (EC) No 1107/2009 and PflSchG; fertilisation documentation under DüV) • Art. 6 (1)(f) GDPR: legitimate interest (business organisation, customer/supplier management)
5. Data storage and hosting
Data is stored as follows: • Locally on the device (SharedPreferences, Keychain/Secure Storage) • On a self-operated Appwrite server in Germany for synchronisation between devices (access control via team permissions) • Real-time synchronisation via WebSocket connection (Appwrite Realtime) • Email delivery via the Appwrite server (for verification and password recovery) Server hosting: The Appwrite server is self-hosted on a dedicated server in Germany. Server location: Germany No data is transmitted to external services (Google, Apple, Firebase). All data processing and synchronisation runs exclusively on our own server.
6. Email processing
The email address is used for the following purposes: • Registration and account verification (confirmation link by email) • Password recovery (reset link by email) • Team invitations The email address must be verified at registration via a confirmation link. Without verification, login is not possible. Emails are sent via our own Appwrite server. No newsletters or promotional emails are sent.
7. Data security
All data transmission between app and server uses HTTPS with TLS 1.2 or higher. Access to business data is secured via Appwrite team permissions: only signed-in members of a business can read or modify the associated data. The server is self-hosted in Germany. Database and file system are protected via OS-level access control, firewall and regular security updates. Backups are transferred encrypted to a separate location. No credentials, API keys or secrets are contained in the app code — authentication is handled via secure Appwrite sessions.
8. GPS location data
GPS location data is collected exclusively: • When actively using the GPS time clock on mobile devices (iOS/Android) • After explicit consent via the operating system permission prompt • Only when the app is opened ("While Using the App" permission is sufficient) • To check whether the user is at a configured work location Location is checked at single points in time when the app starts or on manual trigger. No background tracking takes place, no foreground service is operated. Location data is not permanently stored; only the resulting timestamp (time-clock entry) is persisted. Consent can be revoked at any time in the device settings. On desktop devices (macOS, Windows, Linux, web) this function is not available.
9. First-aid book
First-aid measures are documented in accordance with § 24 (6) DGUV Rule 1. Data is protected with an integrity hash (SHA-256) and stored for the legally required retention period of 5 years. Subsequent additions are logged with timestamp and user name. Original data remains immutable. After the retention period, entries can be deleted.
10. Plant-protection documentation
Plant-protection measures are documented in accordance with (EC) No 1107/2009 and PflSchG. The following is recorded: date, product (name and registration number), crop, area, application rate, water volume, application type, harmful organism and applicator name. Data is protected with an integrity hash (SHA-256). Changes are fully logged (old and new value, timestamp, user). A statutory retention obligation of 3 years applies. Plant-protection measures performed by the user are additionally stored in the personal account and remain available even after leaving a business. The applicator name is taken automatically from the logged-in account.
11. Fertilisation documentation
Fertilisation measures are documented in accordance with the German Fertiliser Ordinance (DüV). The following is recorded: date, fertiliser, application rate, treated area, crop and bed. Soil analyses (pH, phosphorus, potassium, magnesium, humus content) are stored for nutrient planning. Custom fertilisers can be created with individual nutrient contents. Data is stored on the server and synchronised with the business.
12. Customer and supplier data
The contact management can store customer and supplier data, including: name/company, contact person, address, phone, email, website, tax number, VAT ID, IBAN, BIC, bank name and payment term. This data is stored on the server and accessible only to authorised members of the respective business.
13. Real-time synchronisation
Synchronisation between devices uses a WebSocket connection to our own Appwrite server (Appwrite Realtime). No data is transmitted to third parties. Synchronisation is performed in real time as soon as changes are made. No push notifications are sent via external services (Google, Apple). To avoid duplicate synchronisation, a randomly generated device ID is sent as a sender identifier. It cannot be linked to the device or the person.
14. Data import and export
The app supports importing crops, beds and tasks from user files (Excel, CSV, JSON, SQLite) and exporting all business data as Excel or JSON. In the free version (including the trial phase), imported data is only kept temporarily for 15 minutes and then deleted automatically. In the paid plans (Basic, Pro, Pro+) imports are permanent. If the user takes out a subscription during the trial phase, the temporarily imported data is retained. Data export is available exclusively in the paid plans. The right to data portability under Art. 20 GDPR remains unaffected and can be exercised at any time by email to support@horticum.com. Imported and exported files remain exclusively on the user's device and are not transmitted to the provider or third parties. The user is responsible for ensuring that imported data does not infringe any third-party rights.
15. Label printing, local network and Bluetooth
The Pro+ plan includes a label editor and direct printing to thermal transfer label printers (Zebra, Bixolon, TSC, Godex, CAB and others). Connection is established via: • the local network (TCP on port 9100 with ZPL/TSPL/EPL/JScript) • Bluetooth Low Energy (BLE) to printers in range Printer discovery: in the network via mDNS/Bonjour or subnet scan; via Bluetooth via a BLE scan of reachable devices. No personal data is collected or transmitted to third parties. Print job content is sent exclusively from the device directly to the printer, without passing through external servers. On iOS and macOS the "Local Network" permission is required for network printer discovery; for Bluetooth printers the Bluetooth permission is required. Both can be revoked at any time in the system settings.
16. Camera and photo library
In the documentation feature, you can select your own images from the photo library or capture new ones with the camera (iOS/Android only). Drawings can be created directly in the app. Access to camera and photo library is granted exclusively after explicit consent via the operating system permission prompt and only at the moment of selection/capture. The app does not read the photo library automatically. Before storing, selected/captured images are locally scaled in the app to a maximum edge length of 1200 px, compressed as JPEG and synchronised as part of the documentation to our own server (like all other documentation content). Original files remain unchanged in the photo library.
17. Payment processing via Stripe
For billing Pro and Pro+ subscriptions we use the payment service provider Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA). When taking out a subscription, the following data is transmitted to Stripe: • Email address • Company name and VAT ID (if provided) Credit-card and bank data is processed exclusively by Stripe and not stored on our servers. Processing is based on Art. 6 (1)(b) GDPR (contract performance). Stripe privacy policy: https://stripe.com/privacy
18. Disclosure of data to third parties
Personal data is not disclosed to third parties, with the exception of payment processing via Stripe (see section 17) and the optional bank/company look-ups (see section 18a). All other data is processed exclusively on our own server. Within a business, data may be viewed by other members of the same business if the owner has granted the corresponding permissions. Working hours and absences are only shown in the team if the respective user has enabled this in their settings.
18a. Bank and company look-up (IBAN, VAT ID)
When creating or editing a customer or supplier contact, entered IBANs and VAT identification numbers are automatically transmitted to external services in order to determine BIC, bank name or company name and address and pre-fill the input field. Recipients: • openiban.com (fintectura GmbH, Berlin) — IBAN validation and BIC/bank name look-up. Privacy policy: https://openiban.com • EU-VIES (European Commission, DG TAXUD) — VAT ID validation including official company data. Privacy notice: https://ec.europa.eu/taxation_customs/vies/ The VIES request is technically routed through our own server proxy (horticum.com/app/api/vies-check.php) because EU-VIES does not allow browser-side requests. On this proxy the European Commission responses are cached for a maximum of 30 minutes (file-based cache) to avoid repeated look-ups of the same VAT ID and to improve availability. After 30 minutes the cache entry is automatically overwritten or deleted. Only the respective IBAN or VAT ID is transmitted. The providers do not persistently store this data; the look-ups serve solely for plausibility checks. Processing is based on Art. 6 (1)(f) GDPR (legitimate interest in efficient master-data maintenance).
18b. Address autocomplete (postcode → city, street suggestions)
When creating or editing a contact, address entries are automatically supplemented with city, country and street suggestions to speed up data entry. Recipients: • zippopotam.us — free postcode database. When a postcode is entered, it is transmitted with a country prefix; city and country are returned. Privacy: https://zippopotam.us • Photon (komoot.io, Karlsruhe) — street autocomplete based on OpenStreetMap data. From 3 characters in the street field, the search term is transmitted; matching streets, postcode, city and district are returned. Privacy: https://www.komoot.com/privacy Only the respective search components (postcode or street name) are transmitted. The provider does not store this data persistently. Processing is based on Art. 6 (1)(f) GDPR (legitimate interest in efficient master-data maintenance).
19. Retention period and deletion
• Account data: until the account is deleted by the user • Business data: until deleted by the owner • First-aid entries: 5 years (statutory retention period, DGUV) • Plant-protection entries: 3 years (statutory retention period, PflSchG) • Fertilisation data: until deleted by the user • Customer/supplier data: until deleted by the user • Invitation codes: expire after 48 hours • Temporary imports (free version): automatic deletion after 15 minutes • Trial phase: start time is stored server-side per account (30 days) • Stripe payment data: in accordance with Stripe's privacy policy When the account is deleted, all personal data is irrevocably removed from the server. Deletion is immediate and complete. Free accounts without an active subscription are automatically deleted after 2 years of inactivity. A warning email is sent 30 days before deletion. Signing into the app resets the period. Businesses that exceed the limit of the current subscription plan are locked. Data is retained, access is restricted until upgrade or downgrade. While locked, personal data (time tracking, plant protection, first-aid book) remains available.
20. Rights of data subjects
You have the following rights: • Right of access (Art. 15 GDPR) • Right to rectification (Art. 16 GDPR) • Right to erasure (Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object (Art. 21 GDPR) • Right to withdraw consent (Art. 7 (3) GDPR) To exercise your rights, contact: support@horticum.com You can delete your account at any time in the app settings. All personal data will be irrevocably removed.
21. Right to lodge a complaint
You have the right to lodge a complaint with a data-protection supervisory authority. Competent supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach Germany https://www.lda.bayern.de
22. Changes
This privacy policy may be updated as required. The current version is available in the app at any time.