Legal
Privacy Policy
Effective date: June 19, 2026 · Last updated: June 19, 2026 · Version 3.0
1. Introduction
Butler Technology Concepts, LLC d/b/a Yard Ledger ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, the sources we collect it from, how and why we use it, who we share it with, how long we keep it, and the rights you have over your personal information when you use our websites and mobile apps (the "Service").
The table in Section 4 is a summary "notice at collection": it lists the categories of personal information we collect, their sources, the purposes we use them for, the categories of recipients we disclose them to, and how long we keep each category. The sections that follow add detail.
2. Information We Collect
Categories of sources. We collect personal information from you directly; automatically from your device and browser; from connected services you authorize (such as a personal weather station); from payment platforms; and from analytics and infrastructure providers acting on our behalf.
We collect information you provide directly:
- Account information: email address, name (optional)
- Yard and property data: address, location coordinates, lawn dimensions
- Lawn care event records: dates, products applied, notes, photos
- Documents you upload: receipts, soil-test reports, and product labels, which may include vendor, cost, and product details
- Connected-service credentials: when you link a third-party service such as a personal weather station, the access keys or credentials needed to retrieve that data (stored encrypted)
- Messages, prompts, and photos you submit to the AI assistant
- Payment information: subscriptions are processed by our payment providers (Apple App Store, Google Play, RevenueCat, and Stripe). We receive subscription and transaction status — not full payment card numbers
- Usage and preference data: area unit preference, subscription status, and notification preferences
We also collect information automatically:
- Log data: IP address, browser type, pages visited, timestamps
- Device data: device type and operating system
- Mobile push tokens: if you enable notifications in our mobile apps, a device push token used to deliver reminders and alerts
- Cookies, product analytics, and similar tracking technologies (see Section 12)
Sensitive information. Some information we handle — precise geolocation (property coordinates and any GPS coordinates in photo metadata) and your account login credentials — may be treated as "sensitive" under some laws. We use it only to provide and secure the Service (for example, localized guidance, weather, and mapping). We do not sell sensitive information, use it to infer characteristics about you, or use it to profile you in furtherance of decisions that produce legal or similarly significant effects.
3. How We Use Your Information
We use your information to:
- Provide, operate, and improve the Service
- Personalize your experience and deliver relevant features
- Generate lawn care guidance and AI-powered suggestions
- Extract data from documents you upload (receipts, soil tests, and product labels)
- Provide weather context and watering guidance, including from a personal weather station you connect
- Deliver notifications, reminders, and weather-based alerts by email and mobile push
- Process payments and manage your subscription
- Send transactional emails (e.g., account confirmation, password reset)
- Maintain security, prevent abuse, and troubleshoot problems
- Comply with legal obligations and enforce our Terms of Service
- Analyze aggregate usage patterns to improve the Service
4. Categories of Information We Collect, Use, and Disclose
This table summarizes, by category, what we collect, where it comes from, why we use it, who we disclose it to, and how long we keep it. "Disclose" here means sharing with service providers that process data on our behalf under contract; it does not mean we sell your information (see Section 11).
| Category | Sources | Purposes | Categories of recipients | Retention |
|---|---|---|---|---|
| Account & profile (email, optional name, preferences, consents) | You | Create and operate your account; authentication; support | Hosting/database (Supabase); email providers | Life of your account; deleted on account deletion |
| Yard & property data (address, coordinates, dimensions, zones) | You; your device (geolocation, with permission) | Provide guidance, mapping, weather, and property/parcel context | Supabase; maps/geocoding; parcel & environmental data providers; weather providers | Life of your account; deleted on account deletion |
| Care records (events, notes, soil tests, equipment, materials, infrastructure) | You | Maintain your lawn logbook and generate guidance | Supabase; AI providers when you use AI features | Life of your account; deleted on account deletion |
| Uploaded files (event/reference photos, attachments, receipts, chat images) | You | Visual history; AI-assisted extraction when you request it | Supabase Storage; AI providers when you scan/analyze | Life of your account; deleted immediately on account deletion |
| AI assistant & chat data (messages, prompts, generated guidance) | You; generated by the Service | Provide the AI assistant and remember context within a yard | Supabase; AI providers (OpenAI, Anthropic, Perplexity) | Life of your account (no automatic purge); deleted on account deletion |
| Connected-service credentials (e.g., weather-station keys) | You | Retrieve data from a service you authorize | Supabase (stored encrypted) | Until you disconnect the service or delete your account |
| Payment & subscription status (status/entitlements only — card details stay with the processors) | Payment platforms (Apple, Google, RevenueCat, Stripe) | Manage your subscription and entitlements | Apple App Store, Google Play, RevenueCat, Stripe | Transaction records retained by the processors per their legal/tax obligations |
| Usage, device & log data (IP address, device/browser, events, analytics) | Your device/browser; analytics SDKs | Security, troubleshooting, and understanding/improving the Service | Product analytics (PostHog); hosting/edge security (Cloudflare) | Operational logs: a limited period, then deleted or aggregated. Analytics: see §13 |
| Push notification tokens | Your device (when you enable notifications) | Deliver reminders and alerts | Expo; Apple (APNs); Google (FCM) | Until you sign out or delete your account, or the token becomes invalid |
| Support communications | You | Respond to your requests and keep support records | Customer support tool (Zoho Desk); bot protection (Cloudflare Turnstile) | Retained while reasonably needed for support and record-keeping |
| Social login identifiers (if you sign in with Google or GitHub) | Google, GitHub (the provider you choose) | Authenticate you | Supabase Auth; the chosen identity provider | Life of your account; deleted on account deletion |
5. Data Storage and Security
We host your data with cloud service providers — primarily Supabase (database, auth, storage) — and apply reasonable administrative, technical, and physical safeguards designed to protect personal information. These include Row-Level Security so each user can access only their own data, encryption in transit (TLS), and encryption at rest for sensitive items such as connected-service credentials. Access to personal information is limited to personnel and service providers who need it to operate the Service.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. Service Providers and Subprocessors
We do not sell your personal information. We share it only with service providers that process it on our behalf under contract, and where required by law. By category of recipient, and the providers we currently use:
- Cloud hosting, database, auth & storage: Supabase
- Web hosting, content delivery, edge security & bot protection: Cloudflare (including Cloudflare Pages, Web Analytics, and Turnstile)
- AI providers: OpenAI and Anthropic (the assistant and document/photo extraction) and Perplexity (AI-powered web, product, and pesticide-label search)
- Product analytics: PostHog
- Payment processors: Apple App Store, Google Play, RevenueCat, and Stripe (web card payments)
- Email & push delivery: Resend and Supabase (email); Expo, Apple (APNs), and Google (FCM) for mobile push
- Customer support: Zoho Desk
- Maps & geocoding: Mapbox; web fonts via Google Fonts
- Property & environmental data: Regrid (parcel boundaries), USDA/NRCS (soil and hardiness-zone data), Open-Meteo and the U.S. National Weather Service (NOAA), plus any personal weather-station provider you connect (see Section 10)
- Connected sign-in providers: Google and GitHub, if you choose to sign in with them
The providers above are current as of the date of this policy and may change as we add or replace vendors; we will update this policy (or a linked subprocessors list) when that happens.
We may also disclose information:
- To services you connect: when you link a personal weather station or subscribe to your calendar feed, data is exchanged with the provider you chose (see Section 10)
- For legal requirements: when required by law or to protect our rights
- In business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you
7. AI Features and Data Use
Butler Technology Concepts, LLC d/b/a Yard Ledger uses AI models (including third-party AI APIs) to generate lawn care recommendations and to extract data from documents and photos you upload (such as receipts, soil-test reports, product labels, and problem-area photos). Our current AI subprocessors are OpenAI and Anthropic (the assistant and document/photo extraction) and Perplexity (web, product, and pesticide-label lookups). When you use AI features, relevant portions of your lawn data (e.g., grass type, location, recent events) and the documents or photos you submit are sent to these providers to generate a response.
We access these providers through their API/business tiers, under which your inputs and outputs are not used to train their models. Providers may retain content briefly to operate the service and to monitor for abuse or safety, as described in their own terms, and the personal information they receive remains governed by those terms. We do not use your content to train or fine-tune our own models. Before any of your data is sent to an AI provider, we ask you to agree to a disclosure naming the providers and the data shared.
8. Photos and Media
Photos you upload are stored with our cloud storage provider and protected by the safeguards described in Section 5. They are used to help you track your lawn's visual history and, when you request it, for AI-assisted analysis. As with other content, photos may be processed by our storage and AI service providers acting on our behalf (see Sections 6 and 7); we do not otherwise share your photos with third parties.
Photo metadata (EXIF). When you upload a photo on the web app, Yard Ledger may read metadata embedded in the image file by your camera or device. This can include the date and time the photo was taken, camera settings, and — if location services were enabled when the photo was taken — GPS coordinates. We use this to automatically populate event dates and to associate photos with yard locations. EXIF data is stored as part of your event record and is never sold or shared except with service providers acting on our behalf.
Your control. On the web app you can disable photo metadata extraction at any time in Settings → Preferences; when disabled, no EXIF data is read or stored. Our mobile apps do not read location metadata from the photos you capture or attach.
9. Geolocation Data
If you provide location data (address, coordinates) or use geolocation features, we use this information to provide localized lawn care guidance, local weather context, and property mapping features. Precise location is treated as sensitive information (see Section 2); it is protected by the safeguards described in Section 5 and is not sold or shared for advertising.
GPS coordinates embedded in photo EXIF metadata (see Section 8) are treated as geolocation data under this section. On the web app you may opt out of EXIF extraction in Settings → Preferences.
10. Connected Services & Integrations
YardLedger lets you connect optional third-party services. When you do, data is exchanged with the provider you choose:
- Personal weather stations: If you connect a station (Ambient Weather, Ecowitt, WeatherFlow Tempest, or Davis WeatherLink), we store the credentials needed to access it — encrypted — and retrieve weather readings for your yard. Disconnecting a station in Settings removes the stored credentials.
- Calendar feed: If you enable calendar sync, we generate a private feed link you can subscribe to from Google Calendar, Apple Calendar, Outlook, or another app. Subscribing exports your scheduled care events to that calendar provider. You can refresh or revoke the feed link at any time in Settings.
These third-party services are governed by their own privacy policies. We are not responsible for the privacy practices of services you choose to connect.
11. Your Privacy Rights
Depending on where you live, you may have some or all of the following rights — for example under the EU/UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and similar U.S. state privacy laws (such as those in Virginia, Colorado, Connecticut, and Utah):
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict certain processing
- Data portability (receive your data in a machine-readable format)
- Withdraw consent where processing is based on consent
- Opt out of the "sale" or "sharing" of personal information (see Section 12)
- Not receive discriminatory treatment for exercising your rights
Some of these rights may not be available in every jurisdiction or may be limited where an exception applies — for example, where we must keep information to comply with a legal obligation, ensure security, or detect and fix errors.
How to exercise your rights. You can delete your account and data at any time in the app (see our deletion instructions), or contact us at [email protected].
Verification. To protect your information, we verify requests using the email address associated with your account and, where needed, by asking you to confirm information we already hold. We will not use information you provide for verification for any other purpose.
Authorized agents. You may use an authorized agent to submit a request on your behalf. We may require the agent to provide proof of your written permission and may still ask you to verify your own identity directly.
Timing and appeals. We will respond within the time required by applicable law (generally 30–45 days), and we may extend that period where the law permits, with notice to you. If we decline your request, you may appeal by replying to our decision or emailing [email protected] with the subject "Privacy Appeal"; where applicable law provides, you may also contact your local data protection authority or attorney general.
12. Cookies, Analytics & "Do Not Sell or Share"
We use cookies and similar technologies in two ways:
- Strictly necessary / essential: session and security cookies needed for the Service to function (for example, to keep you signed in). These cannot be turned off through the Service.
- Analytics: we use product-analytics tools (PostHog, and Cloudflare Web Analytics) to understand how the Service is used — which features are used and where users hit errors — so we can improve it.
We do not use cookies or analytics for cross-context behavioral advertising, and we do not sell your personal information or share it for targeted advertising, as those terms are defined under California and other U.S. state privacy laws. You can control cookies through your browser settings. We do not currently offer a self-serve analytics toggle; where applicable law gives you the right to opt out of non-essential analytics, you can request it by emailing [email protected], and we honor recognized opt-out signals (such as Global Privacy Control) where we are required to. Disabling certain cookies may prevent parts of the Service from working.
13. Data Retention
We keep personal information for as long as your account is active or as needed to provide the Service, then delete it as described below. Retention by category is also summarized in the table in Section 4.
- Account and content data (profile, properties, care history, AI chats, uploaded files): kept for the life of your account. We do not automatically purge this data; when you delete your account it is deleted immediately and permanently from our live systems.
- Backups: residual copies in routine, encrypted backups are purged on our normal backup-rotation schedule, no later than 90 days after deletion.
- Operational and security logs (including IP address and rate-limit records): retained for a limited period for security and troubleshooting, then deleted or aggregated.
- Product analytics: analytics events are linked to an identifier for your account while your account is active. When you delete your account, we also ask our analytics provider to delete your analytics profile on a best-effort basis; aggregate, de-identified metrics that are not linked to you may remain. You can also ask us to delete your analytics data by emailing [email protected].
- Billing and subscription records: if you purchased a subscription, our payment processors retain transaction records as required for tax, accounting, and fraud-prevention purposes.
- Support communications: if you contacted support, the related tickets and messages held by our support tool are retained for our records and are not removed by account deletion; you can request their deletion by emailing [email protected].
- Legal holds: we may retain limited information where required to comply with a legal obligation or to resolve a dispute.
For step-by-step deletion instructions, see our account & data deletion page.
14. International Data Transfers
We are based in the United States, and our service providers may process and store your information in the United States and in other countries where they operate. These countries may have data-protection laws that differ from those in your jurisdiction. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for transfers of personal information out of your region.
15. Children's Privacy
The Service is intended for adults and you must be at least 18 years old to create an account. The Service is not directed to children, and we do not knowingly collect personal information from anyone under 18, including children under 13 as defined by the U.S. Children's Online Privacy Protection Act (COPPA). If you believe a minor has provided us with personal data, please contact us and we will delete it.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the effective date, last-updated date, and version number above. If you have an account, material changes will be communicated by requiring re-acceptance upon your next login.
17. Contact Us
If you have questions or concerns about this Privacy Policy, contact us at: [email protected].