Go to Dashboard

Privacy Policy

Last updated: 19th March 2026

This Privacy Policy explains how ACLT Limited (trading as Garden Glow) ("we", "us", "our") collects and uses personal data when you use www.gardenglow.app (the "Service").

It should be read alongside our Terms of Service and Cookie Policy.

1. Who we are (data controller)

  • Controller: ACLT Limited (trading as Garden Glow)
  • Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • Info/legal/privacy email: info@gardenglow.app
  • Support email: support@gardenglow.app
  • Company number: 17056885
  • ICO registration: C1887858

2. What this policy covers

2.1 This policy applies to personal data we process when you: create an account and log in; upload photos and prompts; generate images and PDFs; use paid subscriptions, trials and billing; contact us.

2.2 "Personal data" means information relating to an identified or identifiable individual.

3. Personal data we collect

3.1 Account and identity data

  • Name (if provided)
  • Email address
  • Profile image (if provided)
  • Authentication tokens/identifiers (via Clerk)

3.2 Content you provide

  • Uploaded photos of outdoor spaces
  • Text prompts describing renovations
  • Generated images
  • Project data (including PDFs you generate)

Note: Photos may incidentally include personal data (e.g., faces, car registrations, house numbers). Please avoid uploading images you do not have the right to use.

3.3 Usage and technical data

  • Generation counts, PDF counts, project counts
  • Device/browser information
  • Log data and approximate location derived from IP address (where applicable)

3.4 Fraud prevention data

  • IP address (collected automatically as part of standard web server logs)

3.5 Billing data (via Stripe)

We receive limited billing-related information (e.g., subscription status, invoice IDs, payment status, last 4 digits, billing country). Stripe processes and stores full payment card details.

4. How we use your data and lawful bases

4.1 Performance of a contract

To provide the Service, including: account access and authentication; generating images and PDFs from your inputs; maintaining your projects; providing customer support; administering subscriptions and entitlements.

4.2 Legitimate interests

Where necessary for our legitimate interests, such as: preventing fraud and abuse (including trial card fingerprint checks); improving reliability, safety and performance of the Service; monitoring usage to enforce limits and prevent misuse. We balance our interests against your rights and expectations.

4.3 Consent

Where required, for example: non-essential cookies/analytics (see Cookie Policy); marketing emails (if introduced in future).

4.4 Legal obligation

Where we must comply with legal requirements (e.g., accounting, tax, responding to lawful requests).

5. AI processing (image generation)

5.1 When you submit an image and prompt, we process your inputs to generate AI outputs.

5.2 Google Gemini AI is used for AI processing (via automation). Your uploaded photo(s) and prompt(s) are transmitted to Google's APIs for processing, and Google may process this data in accordance with its API terms and policies.

5.3 We do not use your content to send you advertising. We may use aggregated and/or de-identified usage information to improve the Service.

6. Street View/address-based processing

6.1 Address-based image fetching uses Google Maps/Street View APIs to retrieve publicly available street-level imagery (where available).

6.2 If you enter address data that relates to an identifiable individual, that may be personal data. If you use these features for client work, you are responsible for ensuring you have a lawful basis to do so.

7. Sharing your data (processors and recipients)

We use trusted third parties ("processors") to run the Service. These may process personal data on our behalf under contractual obligations.

7.1 Key processors/sub-processors

  • Clerk – authentication and user management
  • Stripe – payment processing and billing portal
  • Supabase – database and storage
  • n8n – workflow automation
  • Google Gemini AI – AI processing
  • Google Maps/Street View – address-based imagery fetching
  • Vercel – hosting and delivery

7.2 Other disclosures

We may disclose personal data: to comply with law or respond to lawful requests; to protect our rights, users, and the public; in connection with a business transfer (e.g., merger/acquisition), subject to appropriate safeguards.

8. International transfers

8.1 Some providers process data outside the UK (including in the United States).

8.2 Where personal data is transferred internationally, we use appropriate safeguards as required by UK GDPR, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and we assess transfer risks where required.

8.3 You can contact us to request more information about the safeguards used for specific transfers.

9. Data retention

9.1 We retain personal data for as long as needed to provide the Service and for legitimate business purposes.

  • Account and project data: retained while your account is active, and for a reasonable period after closure.
  • Billing records: retained as required for accounting/tax and as handled by Stripe.
  • Fraud prevention data: card fingerprints (a hashed identifier, not your card number) are retained indefinitely for fraud prevention, unless no longer necessary. Full card details are stored by Stripe only; we do not store card numbers on our servers.

9.3 You can request deletion (see section 11). Some data may be retained where we have a legal obligation or overriding legitimate interest.

10. Security

We implement appropriate technical and organisational measures designed to protect personal data, such as access controls, encryption in transit, and operational security practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your rights under UK GDPR

Depending on your circumstances, you may have the right to: access your data; correct inaccurate data; request deletion; restrict processing; object to processing; data portability; withdraw consent (where processing is based on consent).

To exercise your rights, email info@gardenglow.app. We may need to verify your identity.

12. Marketing communications

12.1 We send transactional and service emails related to your account, including welcome emails, payment confirmations, payment failure notices, and subscription updates.

12.2 If you abandon a checkout without completing payment, we may send a limited number of follow-up emails to help you complete your purchase. These may include time-limited discount codes. These are transactional service emails related to an action you initiated and do not require separate marketing consent.

12.3 If we introduce broader marketing communications, we will do so in line with UK GDPR and PECR rules, and you will be able to opt out at any time.

13. Children's data

The Service is not intended for children, and we do not knowingly collect data from anyone under 18.

14. Automated decision-making

AI generation involves automated processing of your inputs to produce outputs. We do not use AI to make legal or similarly significant decisions about you.

15. Complaints (ICO)

If you are unhappy with how we handle your data, please contact us first at info@gardenglow.app. You also have the right to complain to the Information Commissioner's Office (ICO).

16. Changes and contact

We may update this Privacy Policy from time to time. The latest version will be posted on our website with the "Last updated" date.

  • Privacy/legal contact: info@gardenglow.app
  • Support contact: support@gardenglow.app
Terms & ConditionsCookie PolicyAcceptable Use PolicyRefund & Cancellation Policy