Privacy Policy

Gardens is built on the principle that private communication should remain private. We have designed our systems to minimize data collection, maximize encryption, and give you meaningful control over your information. This policy describes exactly what we collect, why, and what we never do.

• —Account identifiers

  A random UUID generated for your account. We do not use an email address or phone number as your account identifier.

• —Public keys

  Your MLS public key material, stored on our servers solely to enable encrypted group key exchanges. Your private keys never leave your device.

• —Device-stored credentials

  Your BEP39 recovery phrase, biometrics, and passphrase are stored on your device only and are never uploaded to Gardens servers.

• —Ciphertext

  Encrypted message payloads are transiently relayed by our servers. We cannot read them. We do not currently support guaranteed deletion tied to delivery confirmation.

• —Minimal metadata

  Approximate timestamps of connections (not message sends) and coarse device type, retained for up to 90 days for abuse prevention only.

• —Plaintext content — all messages are end-to-end encrypted with MLS
• —Contact lists or social graphs
• —Location data of any kind
• —Advertising identifiers or tracking pixels
• —Behavioral profiles or usage analytics linked to your identity
• —Data from third parties about you
• —Your biometric templates or passphrase (these remain on-device)

All messages are encrypted on your device using the IETF Message Layer Security (MLS) protocol before transmission. Gardens servers act as delivery infrastructure only — we are technically incapable of reading your messages. Group keys are managed through MLS's forward-secrecy and post-compromise security mechanisms, meaning past messages remain protected even if a device is later compromised.

We do not sell, rent, license, or broker your personal data to any third party — ever. We do not share data with advertisers. We may share the minimum necessary information with:

• —Infrastructure providers

  Cloud and network providers bound by strict data processing agreements, with access limited to encrypted infrastructure logs.

• —Law enforcement

  If we receive legal process, including a subpoena, we can only disclose data we actually possess. We cannot provide message content, decryption keys, BEP39 recovery phrases, biometrics, or passphrases because we do not have access to them in any form. In practice, our architecture leaves us with no useful message data to produce.

We retain your account UUID and public key material for as long as your account is active. Connection metadata is deleted after 90 days. Encrypted message payloads are retained only as required for relay operations, and we do not currently offer a guaranteed deletion timeline tied to delivery status. You may request full account deletion at any time; we will purge all associated data within 30 days.

• —Access — request a copy of all data we hold about you
• —Correction — update or correct inaccurate account information
• —Deletion — permanently delete your account and all associated data
• —Portability — export your data in a machine-readable format
• —Objection — object to processing in any context where we exercise discretion
• —Restriction — restrict processing while a dispute is resolved

To exercise any of these rights, visit /delete-account or contact privacy@usegardens.com. We will respond within 30 days.

We apply defense-in-depth: TLS in transit, encryption at rest for all stored data, strict access controls with hardware security keys for all engineers, regular independent security audits, and a public vulnerability disclosure program. Our MLS implementation is open-source and subject to external review.

We will notify you of material changes to this policy via in-app notification at least 30 days before they take effect. Continued use of Gardens after that period constitutes acceptance. We maintain an archived version history of this policy.

For privacy questions, data requests, or security reports: privacy@usegardens.com