1. What we collect
We collect information you provide when you create an account, configure entities, connect bank or custodian feeds, issue invoices, or pair signer devices. We collect operational telemetry when Garden services run on your behalf — request logs, error traces, and audit-chain entries.
2. What we don’t do
We do not sell your data. We do not train models on your data. We do not access your customers’ books unless you explicitly grant us a support session. We never custody your assets — Greenhouse uses FROST threshold signatures so we are at most one of n signers.
3. Sub-processors
We use sub-processors for banking connectivity (Plaid, MX, Teller), KYC (Persona, Alloy), sanctions screening (ComplyAdvantage), and infrastructure (Hetzner, OVH, Vultr). The full list is at compliance/subprocessors, individually opted into.
4. Your rights
You may export your data at any time, in JSON and CSV. You may delete your account and request erasure subject to regulatory retention obligations. Data residency is available in US, EU, and AP regions for Estate accounts.
5. Contact
Privacy questions: privacy@gardens.ml. Security disclosures: security@gardens.ml.