Legal

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy explains what information Inscape collects when you use our website at inscapeapp.com, how we use it, and the choices you have. We try to keep things plain-English here — if anything is unclear, email hello@inscapeapp.com.

1. Who we are

Inscape is operated by Jesus Torres, based in the Chicago area, Illinois, United States. You can reach us at hello@inscapeapp.com.

2. What we collect

Type of information	Examples	Why
Account info	Email, password (hashed), role (homeowner or landscaper)	Sign in, identify you
Profile info (landscapers)	Company name, bio, services, service area	So homeowners can find you in the marketplace
Plan data	Yard photos you upload, dimensions, sun condition, budget, zip code, plants you place	To save and display your designs
Contact info on quote requests	Name, phone, optional note	So landscapers can reach you
Payment info	Card details (handled by Stripe — we never see your full card number)	Process subscriptions
Usage data	Pages visited, anonymized IP, browser type, referrer	Improve the site, measure traffic
Emails you send us	Whatever you write to hello@inscapeapp.com	Reply to you and improve support

3. How we use it

To run the service: authenticate you, save your plans, deliver lead requests to landscapers, process payments, send transactional emails (account confirmation, lead notifications, receipts).
To improve the service: understand which features are used, fix bugs, decide what to build next.
To communicate with you: respond to support emails, send important account or service updates. We won't send marketing emails without your consent.
To enforce our terms: detect fraud, prevent abuse, comply with the law.

4. Who we share it with

We don't sell your data, ever. We share it only with the service providers that make Inscape work:

Supabase — stores account info and plan data (database + auth provider).
Vercel — hosts the website and serverless functions; collects basic analytics (page views, referrer, country) without third-party cookies.
Stripe — processes subscription payments. Stripe handles your card data directly; we never see or store the full card number.
Resend — delivers transactional emails (signup confirmation, lead notifications).
Replicate (when enabled) — processes uploaded yard photos for the AI-clearing feature. Images are sent to Replicate, processed, and the result is sent back to you. We don't retain the processed image beyond your session unless you save it.

If we're legally required to share information (e.g., a valid court order), we will — but we'll push back on overbroad requests and notify you when possible.

5. Cookies and tracking

We use a single first-party cookie to keep you signed in (set by Supabase Auth). We don't use third-party advertising cookies. Vercel's analytics is cookieless — it tracks pageviews without identifying individuals.

6. How long we keep it

Account data: until you delete your account.
Plans, saved plants, saved inspiration: until you delete them or your account.
Lead requests: 24 months from creation (so we can resolve disputes).
Payment records: as required by law (typically 7 years for tax reasons).
Analytics: aggregated and rotated by Vercel; no personal data retained.

7. Your choices and rights

You can:

Access or download your data — email us, we'll send it within 30 days.
Correct your data — most fields are editable in your account; for the rest, email us.
Delete your account — from settings, or email us. We'll delete your data within 30 days except where we're required to keep records (payment / tax).
Opt out of non-essential emails — every marketing email has an unsubscribe link (currently we don't send any).

If you're in California (CCPA) or Europe (GDPR), you have additional rights — including the right to a copy of your data, the right to be forgotten, and the right to file a complaint with a regulator. Email us to exercise these.

8. Security

We use industry-standard practices: HTTPS everywhere, hashed passwords, row-level security on our database, and limited access keys. No system is perfectly secure, though — if you spot a vulnerability, please report it to hello@inscapeapp.com before disclosing publicly.

9. Children's privacy

Inscape isn't designed for children under 13. We don't knowingly collect data from anyone under 13. If you believe we have, contact us and we'll delete it.

10. International users

Inscape is operated from the United States. If you use it from outside the U.S., your data will be processed in the U.S., which may not offer the same privacy protections as your country.

11. Changes to this policy

If we make a material change, we'll notify you by email or with a notice on the site at least 14 days before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Questions, requests, or complaints? Email hello@inscapeapp.com. We aim to respond within 2 business days.

This policy is a starting template based on common SaaS practices. If you operate Inscape as a real business — especially if you take payments from California or European users — have an attorney review it for your specific situation.