This Privacy Policy applies to Soil2Bloom (soil2bloom.com) and is governed by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. About Us
Soil2Bloom ("we", "us", "our") operates the website soil2bloom.com, providing garden content, community features, and subscription-based premium gardening guides for Australian gardeners.
Contact: hello@soil2bloom.com
2. Information We Collect
Information you provide directly
- Account information: name, email address, username, password (stored as a bcrypt hash — we never store plain-text passwords)
- Profile information: location, climate zone, garden size, growing interests (optional, used to personalise your experience)
- Garden content: journal entries, plant tracker data, diary photos, and forum posts you choose to create
- Payment information: billing details when you subscribe. We use Stripe for payment processing — we never store your full card number on our servers
- Communications: messages you send to support, forum posts, and comments
Information collected automatically
- Usage data: pages visited, articles read, search queries, time on page
- Device information: browser type, operating system, screen size, IP address
- Cookies: see our Cookie Policy below
- Log data: server logs including IP address, request timestamps, and error logs
3. How We Use Your Information
- Provide and improve the Soil2Bloom service
- Process your subscription and send payment receipts
- Personalise your content feed, planting calendar, and recommendations
- Send transactional emails (account confirmation, password reset, payment receipts)
- Send our weekly digest and newsletter (you can unsubscribe at any time)
- Respond to your support requests
- Detect and prevent fraud, abuse, and security incidents
- Analyse usage to improve the platform
- Comply with our legal obligations
We never sell your personal information to third parties. We do not allow advertisers to target you based on your Soil2Bloom data.
4. Third-Party Services
We use the following services which may process your data:
- Stripe — payment processing. Stripe Privacy Policy
- Google Analytics 4 — anonymous usage analytics (only activated after cookie consent). Google Privacy Policy
- Cloudflare — content delivery and image hosting. Cloudflare Privacy Policy
- Google / Facebook — optional social login (only if you choose to use it)
- Anthropic Claude API — AI plant identification feature (images submitted are processed by Anthropic's API)
All third-party services are contractually obligated to protect your data and may not use it for their own marketing purposes.
5. Cookie Policy
Strictly necessary cookies
These are required for the site to function and cannot be disabled:
PHPSESSID — your login session (deleted when you close your browser)s2b_consent — remembers your cookie consent choice (1 year)s2b_csrf — security token to prevent cross-site request forgery
Analytics cookies (requires consent)
_ga, _ga_* — Google Analytics 4, used to understand how visitors use the site (2 years). Only set after you give consent.
You can manage your cookie preferences at any time using the cookie settings link in the footer.
6. Data Storage and Security
Your data is stored on servers located in Australia. We implement industry-standard security measures including:
- HTTPS encryption on all pages
- Bcrypt password hashing (cost factor 12)
- Optional two-factor authentication (TOTP)
- Regular encrypted database backups
- Strict access controls limiting who can access your data
No method of electronic storage is 100% secure. In the unlikely event of a data breach affecting your personal information, we will notify you within 30 days as required by the Notifiable Data Breaches scheme.
7. Your Rights
Under the Australian Privacy Act, you have the right to:
- Access your personal information — email us and we'll provide a copy within 30 days
- Correct inaccurate information — update your profile directly or contact us
- Delete your account and data — use the account deletion option in your profile settings or email us
- Opt out of marketing emails — unsubscribe link in every email or update your profile preferences
- Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we've mishandled your data
To exercise any of these rights, contact us at hello@soil2bloom.com. We will respond within 30 days.
8. Children's Privacy
Soil2Bloom is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting a notice on the site. Continued use of Soil2Bloom after changes constitutes acceptance of the updated policy.
10. Contact Us
For any privacy-related questions or requests:
Email: hello@soil2bloom.com
Website: soil2bloom.com
Response time: Within 30 days