Privacy Policy
Last updated: April 2026
1. Who We Are
Simply Horticulture ("we", "us", "our") operates the website simply-horticulture.com. We are committed to protecting your privacy and handling your personal data responsibly.
For any privacy-related questions, contact us at info@simply-horticulture.com.
2. What Data We Collect
We collect the minimum data necessary to provide our services:
When you place an order
- Name
- Email address
- Shipping address
- Payment information (processed by Stripe — we never see or store your card details)
- Order details (items purchased, quantities, amounts)
When you contact us
- Name
- Email address
- Message content
- IP address (for spam prevention)
When you subscribe to notifications
- Email address
- Subscription source (newsletter or product notification)
Automatically collected
- We do not use cookies for tracking or analytics.
- We do not use Google Analytics or any third-party tracking services.
- We store a small amount of data in your browser's localStorage for site functionality (age verification consent, shopping cart contents, and display preferences). This data stays on your device and is never sent to our servers.
3. How We Use Your Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Order details & shipping address | Fulfilling your order, shipping, and customer support | Contract performance |
| Email address (orders) | Order confirmation, shipping updates, warranty support | Contract performance |
| Email address (newsletter) | Sending product updates and growing tips | Consent (you can unsubscribe at any time) |
| Contact form data | Responding to your enquiry | Legitimate interest |
| IP address | Spam prevention on the contact form | Legitimate interest |
4. Who We Share Data With
- Stripe — payment processing. Stripe's privacy policy: stripe.com/privacy
- Shipping carriers — your name and shipping address are shared with the carrier to deliver your order.
- ntfy — if you use the SH-Room controller's push notification feature with the public ntfy.sh server, notification messages pass through their infrastructure. Our self-hosted ntfy server (
ntfy.simply-horticulture.com) keeps all data on our own servers.
We do not sell, rent, or share your personal data with any other third parties for marketing purposes.
5. Data Storage & Security
- Your data is stored on our server hosted in Germany (Hetzner Online GmbH), within the EU.
- All data transmission is encrypted using TLS/SSL (HTTPS).
- Payment data is handled exclusively by Stripe and never touches our server.
- Access to personal data is restricted to authorised personnel only.
- Database credentials and API keys are stored in encrypted configuration files with restricted file permissions.
6. Data Retention
- Order data: Retained for 6 years for tax and legal compliance purposes.
- Contact form messages: Retained until the enquiry is resolved, then deleted within 12 months.
- Newsletter subscriptions: Retained until you unsubscribe.
- IP addresses (spam prevention): Retained in server logs for up to 30 days, then automatically deleted.
7. Your Rights
Under the UK GDPR and EU GDPR, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — request deletion of your data (subject to legal retention requirements).
- Right to restrict processing — request that we limit how we use your data.
- Right to data portability — request your data in a machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to withdraw consent — withdraw consent for newsletter subscriptions at any time.
To exercise any of these rights, email info@simply-horticulture.com. We will respond within 30 days.
8. Newsletter & Unsubscribing
If you subscribe to our newsletter or product notifications, you can unsubscribe at any time by:
- Emailing info@simply-horticulture.com with the subject "Unsubscribe".
- Contacting us via the contact form.
We will remove your email from our subscriber list within 48 hours.
9. The SH-Room Controller
The SH-Room is a local-first device. It runs a web dashboard on your home WiFi at sh-room.local, reachable only by devices on your own network. We have no remote access to it, no user account, no cloud sync, and no database of your grows.
Data that stays on your network
- All sensor readings (temperature, humidity, CO2, lux)
- Strain profile, schedules, PID settings, custom profiles
- Historical charts (stored on the controller's flash memory)
- Smart socket and IR puck commands (LAN only)
- Your WiFi credentials — stored on the controller, never transmitted to us
Data that does leave the controller
- Push notifications — only if you enable them. The controller sends the alert text and sensor values to our self-hosted ntfy server (
ntfy.simply-horticulture.com). Subscribers (your phone) receive it via the same server. The notification topic name acts as the access control — anyone who knows the topic URL can subscribe. Pick a non-guessable topic and don't share the URL. - Firmware update checks — the controller periodically requests the current firmware manifest from our update server. The request reveals the firmware version it is running and your public IP address (logged in our standard web-server access logs). It does not transmit any sensor or grow data.
- Time sync — the controller asks a public NTP server (e.g.
pool.ntp.org) for the current time. Standard for any networked device.
What we never do
- No user accounts, no remote login — the dashboard has no "sign in" screen
- No analytics, telemetry, or grow-data collection on our servers beyond the firmware version check above
- No remote access from us back into your controller — we cannot reach your dashboard from outside your home network
- If our servers go offline, the controller continues to manage your grow normally (only push notifications and firmware updates would be affected)
If you would prefer the controller to operate fully offline, you can disable push notifications and block its outbound internet access at your router. The dashboard, smart sockets, IR puck, and all automation continue to work on your local network alone — you would lose firmware updates and remote alerts, but no other functionality breaks.
10. Children
Our website and products are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. Our age verification gate requires users to confirm they are 18 or over before accessing the site.
11. Changes to This Policy
We may update this privacy policy from time to time. The updated version will be posted on this page with a revised "Last updated" date.
12. Contact
For privacy-related questions, data requests, or complaints:
- Email: info@simply-horticulture.com
- Contact form: simply-horticulture.com/contact
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.