Security & Bug Reporting
Your security is our priority
Reporting Security Vulnerabilities
If you've discovered a security vulnerability in the Potter app, we appreciate your help in keeping our users safe. Please report it responsibly.
Security Contact
Email: support@potterapp.com
Subject Line: "Security Vulnerability Report"
Response Time: Within 3-5 business days
What to Include in Your Report
Help us understand and fix the issue quickly by including:
- Description: What is the vulnerability?
- Steps to Reproduce: How can we replicate the issue?
- Impact: What could an attacker do with this vulnerability?
- Your Contact Info: How can we reach you for follow-up questions?
- Suggestions (Optional): If you have ideas for fixing it, we'd love to hear them
Please do not:
- Share the vulnerability publicly before we've had time to fix it
- Access other users' data or disrupt the service
- Test on production systems if it could harm users
Our Commitment
- We will acknowledge your report within 3-5 business days
- We will prioritize and address critical issues as quickly as possible
- We will keep you updated on our progress
- We will credit you for the discovery (if you'd like)
Safe Harbor: We will not pursue legal action against security researchers who:
- Follow our responsible disclosure guidelines
- Make a good faith effort to avoid data destruction or privacy violations
- Do not exploit the vulnerability for personal gain
Reporting Bugs & Issues
Found a bug that's not a security issue? We want to hear about it too!
Bug Report Contact
Email: support@potterapp.com
Subject Line: "Bug Report: [Brief Description]"
Response Time: Within 7 business days
Note: Complex bugs may take longer to fully resolve, but we'll keep you updated on progress.
Helpful Information to Include
- What happened: Describe the bug you encountered
- Expected behavior: What did you expect to happen instead?
- Steps to reproduce: How can we see the bug ourselves?
- Device & version: iPhone or Android? What OS version? What Potter app version?
- Screenshots: If applicable, screenshots help tremendously
Your Data Security
We take your privacy and security seriously. Here's how we protect your information:
What We Collect
- Account Information: Your name and email from Google or Apple Sign-In
- Plant Data: Information about your plants, watering schedules, and photos
- Optional AI Keys: If you provide your own OpenAI or Anthropic API keys, they're encrypted and stored securely on your device
- Purchase Records: In-app purchase history (processed securely through Apple)
How We Protect It
- Local Storage: Your plant data is stored locally on your device in a secure database
- Encrypted Connections: When using AI features with your own API keys, all data is transmitted using HTTPS encryption directly to OpenAI or Anthropic
- Secure Authentication: We use Google and Apple's secure OAuth 2.0 sign-in systems with Firebase
- Encrypted API Keys: Your optional OpenAI or Anthropic API keys are stored in your device's secure encrypted storage (iOS Keychain / Android Keystore)
- Your Control: You can delete your account and all associated data at any time from Settings → Account → Delete Account
What We Don't Do
- We don't sell your data to third parties
- We don't use tracking or analytics services
- We don't share your plant photos with third parties. When you use AI identification with your own API keys, photos are sent directly from your device to OpenAI or Anthropic according to their respective privacy policies
- We don't access your API keys or use them for our purposes
Want more details? Read our full Privacy Policy and Terms of Service.
Additional Resources
- Privacy Policy: Read our privacy policy
- Terms of Service: Read our terms
- Support: support@potterapp.com
- Website: potterapp.com