1. Information We Collect
We collect information you provide directly to us when you create an account, including:
- Name, username, and email address
- Profile information (avatar, bio, banner image)
- Plant collections, care reminders, and preferences
- Forum posts, comments, and marketplace listings
- Payment information (processed securely by Stripe)
- Location data (GPS coordinates) for community observations and marketplace distance calculations
- Device information and push notification tokens
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Send you care reminders and notifications you've requested
- Process transactions and send related information
- Respond to your comments, questions, and support requests
- Send you technical notices, updates, and security alerts
- Monitor and analyze trends, usage, and activities
- Process plant photos and text queries through AI services (OpenAI) for plant identification, care guide generation, and medicinal plant queries
- Provide location-based features such as marketplace distance calculations and community observations
3. Information Sharing
We do not sell your personal information. We may share information in the following circumstances:
- With your consent: When you choose to make your profile or collections public
- Service providers: With vendors who help us operate our platform, including:
- Cloudinary — image storage and delivery
- Stripe — payment processing
- Resend — transactional email delivery (verification emails, care reminders, notifications)
- OpenAI — AI-powered plant identification, care guide generation, and medicinal plant queries. Only botanical/plant data is sent to OpenAI, not personal user information.
- Google Places API — location autocomplete for marketplace listings and observations
- Google Firebase — analytics and app performance monitoring
- Expo — push notification delivery. Push notification tokens are sent to Expo's servers.
- Legal requirements: When required by law or to protect our rights
- Business transfers: In connection with a merger, acquisition, or sale of assets
4. Data Security
We take reasonable measures to protect your information from unauthorized access, including:
- Encryption of passwords using industry-standard bcrypt hashing
- Secure HTTPS connections for all data transmission
- Regular security audits and monitoring
- Restricted access to personal information
5. Your Rights
You have the right to:
- Access, update, or delete your personal information
- Export your data in a portable format
- Opt out of marketing communications
- Control the privacy of your collections and profile
- Request deletion of your account
6. Cookies and Consent
We use cookies and similar technologies in two categories:
- Strictly necessary — authentication, session, and security. These are always active and cannot be disabled.
- Analytics — Google Analytics 4, which collects page views and approximate device and browser information.
- A consent banner asks you to make a choice before analytics is enabled. You can change your preferences at any time via the "Cookie settings" link in the footer.
- Your consent choice is stored in your browser (localStorage), including a timestamp and your region.
Regional defaults: We use your IP-derived country (which is not stored for this purpose) to apply regional defaults. In the EU and UK, analytics stays off until you accept; elsewhere, analytics may run until you make a choice.
Google Ads: We use the Google Ads conversion tag for advertising measurement. This tag is not controlled by the analytics toggle.
7. Location Data
We may collect GPS coordinates for the following purposes:
- Community observations — to record where plants are found in the wild. Users may enable geoprivacy to obscure precise coordinates.
- Marketplace listings — to calculate distances between buyers and sellers.
When geoprivacy is enabled, precise coordinates are never shared publicly. Location data collection is optional and requires your permission.
8. Local Storage
The app stores authentication tokens, language preferences, and shopping cart data on your device using secure storage and local storage mechanisms. This data remains on your device and is not transmitted to our servers unless required for authentication or service functionality.
9. Data Retention
Personal data is retained while your account is active. You may request deletion of your account and personal data at any time. Anonymized botanical data (species information, growing conditions, care data) may be retained for service improvement even after account deletion.
10. International Data Transfers
Your data may be transferred to and processed in the United States, where our service providers (Cloudinary, Stripe, OpenAI, Google, Expo, Resend) operate. By using our services, you consent to the transfer of your data to these providers.
11. Children's Privacy
Our services are not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.
13. Contact Us
If you have questions about this privacy policy, please contact us at:
Email: privacy@myfloralvault.com
Support: Visit our support center
14. Payments and Shipping
Marketplace and auction payments are processed by Stripe. We store the order shipping details you provide at checkout so that orders can be fulfilled. Stripe's privacy policy applies to card data — we never see or store your card numbers.
15. Security and Moderation
IP addresses may be logged for security, rate-limiting, and moderation purposes.