← Back

Privacy Policy

Last updated: April 30, 2026

Greenhouse is a productivity tool for solo founders and small teams. We collect only what we need to make the product work, we don't sell your data, and we never use your content to train AI models. This policy explains what we collect and why, in plain language.

Who we are

Greenhouse ("we," "us") is operated by Victoria Farias. Contact: vfariasbu@gmail.com.

What we collect

  • Account data: name, email, password (hashed) when you sign up.
  • Workspace content: projects, tasks, notes, journal entries, garden plants, mood check-ins, broadcasts and broadcast recipient lists you upload.
  • Connected services: when you link Google Calendar or Spotify, we store an access token. Scope is read-only event/track data; we don't post or modify anything in those services.
  • AI conversation history: messages between you and the AI agents (Maya, Cora, Theo, etc.) so the agents can have context across sessions.
  • Operational logs: server logs (timestamps, IP addresses, request paths) for debugging and abuse prevention. Retained ~30 days.

What we don't do

  • We don't sell, rent, or share your personal data with anyone.
  • We don't use your content (journal, tasks, broadcasts, agent chats) to train AI models. Your data is yours.
  • We don't run third-party advertising or behavioral tracking.
  • We don't read your email inbox. The Calendar integration only fetches event metadata.

Sub-processors we share with

To run the product, your data flows through these vendors. Each has their own privacy policy:

  • Vercel — hosting and serverless infrastructure
  • Supabase — database, authentication, file storage (encrypted at rest)
  • Anthropic — AI model provider for the agents (Claude). Anthropic's API explicitly does not train on inputs.
  • Resend — transactional and broadcast email delivery
  • Google — Calendar API, only when you connect it
  • Spotify — Web API, only when you connect it

Email broadcasts

When you send a broadcast through Greenhouse, the recipient list you upload is stored in your workspace. We don't share that list with anyone. Recipients can unsubscribe via the link in every broadcast email, and we maintain a workspace-level unsubscribe list that's honored on every send.

Your rights

You can access, export, or delete your data at any time. To request a full export or account deletion, email us at vfariasbu@gmail.com. We respond within 30 days.

If you're in the EU/UK, GDPR rights apply (access, rectification, erasure, portability, objection). If you're in California, CCPA rights apply.

Security

All traffic is encrypted in transit (TLS). Data at rest is encrypted by Supabase using AES-256. Authentication tokens for Google and Spotify are stored encrypted. We don't have access to your password.

Cookies

We use cookies only for authentication (keeping you logged in) and basic preference storage (theme, view settings). No third-party tracking cookies, no advertising pixels.

Children

Greenhouse isn't intended for users under 13. We don't knowingly collect data from minors.

Changes to this policy

We'll update this page when something material changes. The "Last updated" date at the top tells you when. For significant changes, we'll email active users.

Contact

Questions, requests, or concerns: vfariasbu@gmail.com.