Plant Identifier

Privacy Policy

Developer / Data Controller: Habib Yagiz Demir

Contact: h.yagizdemir@icloud.com

Effective Date: Feb 28, 2026

Last Updated: Feb 28, 2026

This Privacy Policy explains how the Plant Identifier mobile application (the “App”) collects, uses, stores, and shares information when you use the App and related services (collectively, the “Service”).

This Policy is written in plain English for transparency. If you have questions, email us at h.yagizdemir@icloud.com.

1) Summary (TL;DR)

  • You can use the App to identify plants from photos and chat with an AI botanist.
  • When you use identification or chat, your photo and/or messages are sent to our backend (Firebase) and then to an AI model provider to generate a result.
  • If you save identifications, we store plant profiles locally on your device (SwiftData) and may sync some records via iCloud/CloudKit if you have iCloud enabled.
  • We may use analytics to understand usage and improve the App.
  • You can delete saved plants inside the App, and you can remove the App to delete local data.

2) Information We Collect & Sources

A. Information you provide (directly)

Depending on how you use the App, you may provide:

  • Photos/images you capture with the camera or select from your photo library (used for plant identification).
  • Chat messages you type (used to generate AI replies about plants).
  • Optional label/name you may assign to a saved plant (if you use that feature).
  • Support communications if you email us (your email address and message content).

B. Information collected automatically (from your device / our providers)

When you use the App, certain information may be processed automatically:

  • Anonymous authentication identifier (Firebase Authentication). The App uses anonymous sign-in to authenticate requests to our backend. This creates an online identifier (a “UID”).
  • Push notification token (Firebase Cloud Messaging), if push notifications are enabled on your device. (We may receive or access a device token/registration token.)
  • Usage/interaction data (analytics events) such as which features are used (e.g., opening screens, tapping actions). This may include a device/app identifier depending on the analytics provider.
  • Purchase/subscription status if you purchase Paid Features through the App Store and our paywall/subscription provider.

C. Information generated by the App

The Service may generate and store:

  • Plant identification profiles returned by the AI model (e.g., plant name, confidence score, care guidance, etc.).
  • Timestamps (e.g., when a plant was saved).

D. Information we do *not* collect (based on current codebase)

We do not request or intentionally collect:

  • Precise location data (GPS).
  • Contacts, calendars, or microphone recordings.
  • Health data.

3) Device Permissions We Request (and Why)

The App may ask for the following permissions, depending on your actions:

  • Camera access (to take a plant photo for identification).
  • Photo library access / photo picker (to select a photo for identification).
  • Add-only photo library access (optional): if you enable an “auto-save photos” setting, the App may request permission to save newly taken camera photos to your photo library.
  • Notifications (optional): the App may request permission to send notifications (for example, onboarding may ask for notification permissions). You can deny or revoke this in iOS Settings.
  • iCloud/CloudKit (optional): if you have iCloud enabled for the App in iOS, certain saved records may sync through iCloud/CloudKit.

You can manage permissions anytime in iOS Settings.

4) How We Use Information

We use the information described above to:

  • Provide core functionality
  • Identify plants from the photos you submit.
  • Provide AI chat responses based on your messages.
  • Save and display your plant collection and profiles.
  • Maintain and improve the Service
  • Diagnose errors and performance issues.
  • Understand which features are used (analytics) to improve usability.
  • Manage subscriptions and paywalls (if applicable)
  • Determine access to paid features and restore purchases.
  • Support and communications
  • Respond to your support emails or inquiries.
  • Security and abuse prevention
  • Authenticate requests (anonymous sign-in) and protect our backend from misuse.

5) Local Storage vs. Cloud / Server Processing

A. Stored on your device (local)

The App stores certain information locally, including:

  • Saved plant records (e.g., names, confidence score, profile JSON, timestamps).
  • Local image files associated with saved plants (stored within the App’s sandbox).
  • App preferences stored in iOS AppStorage/UserDefaults (e.g., theme, onboarding completion, whether you enabled auto-save photos, whether you’ve seen snap tips).

B. iCloud/CloudKit (optional sync)

If you have iCloud enabled for the App:

  • Some saved records may sync across your devices via Apple iCloud/CloudKit.
  • Sync behavior depends on your Apple ID settings and iOS configuration.

C. Our backend (Firebase) + AI model processing (cloud)

When you use certain features, data is transmitted to our backend:

Plant identification

  • The App uploads a JPEG to Firebase Storage under a path scoped to your anonymous user (e.g., uploads/{uid}/{uuid}.jpg).
  • The App then calls a Firebase Cloud Function to process the image.
  • Our backend sends the image (base64) and a plant-identification prompt to an AI model provider (Google Gemini API) to generate a JSON profile.
  • Our backend is designed to delete the uploaded image after processing (best-effort deletion, including on errors).

AI Chat

  • The App calls a Firebase Cloud Function with your messages and a system instruction.
  • Our backend sends that text to the AI model provider (Google Gemini API) to generate a response.
  • Based on the current code, we do not intentionally store your chat conversation in our database; however, the content is processed by our providers and may be subject to their logging/retention policies.

6) Third-Party Services & Sharing

We use third-party services to operate the App. Depending on your usage, we may share certain data with:

  • Google Firebase
  • Authentication (anonymous sign-in / UID)
  • Cloud Functions (backend processing)
  • Cloud Storage (temporary image upload for identification)
  • Cloud Messaging (push notification token/transport)
  • Server logs and diagnostics (e.g., request metadata, error logs)
  • Google Gemini API (AI model provider)
  • Plant photos (for identification)
  • Chat messages and system instructions (for AI chat)
  • Apple
  • App Store purchases/subscriptions and related billing information (handled by Apple)
  • iCloud/CloudKit sync (if enabled)
  • Device permission systems (camera, photos, notifications)
  • Superwall
  • Paywall and subscription/entitlement handling (if you interact with paywalls or paid features)
  • Mixpanel
  • Analytics (usage events), if analytics is enabled in your build/release configuration

Third-party privacy policies (links)

For convenience, here are common privacy policy links for providers used in this codebase:

Apple Privacy: https://www.apple.com/legal/privacy/
Firebase Privacy & Security: https://firebase.google.com/support/privacy
Google Privacy Policy: https://policies.google.com/privacy
Gemini API (Google AI): https://ai.google.dev/gemini-api
Superwall Privacy: https://www.superwall.com/privacy
Mixpanel Privacy: https://mixpanel.com/legal/privacy-policy/

We do not “sell” personal information in the traditional sense. Some third-party SDKs may use device identifiers for analytics or paywall attribution; see Section 12 for your rights.

7) Data Retention & Deletion

A. Saved plants and local data

  • Saved plant records remain on your device until you delete them in the App or remove the App from your device.
  • If iCloud/CloudKit sync is enabled, deletion may need to sync across devices and may take time.

B. Plant identification uploads (cloud)

  • Identification images uploaded for processing are intended to be deleted from our Firebase Storage after processing (including on errors), but deletion is best-effort and may fail in rare cases (e.g., network or service issues).

C. Chat content (cloud)

  • The App does not currently store chat history on our servers by design; chat messages are transmitted for processing to our backend and AI provider.
  • Providers may retain data per their policies and for limited periods for security, reliability, and abuse prevention.

D. How to delete your data

You can:

  • Delete individual plants from your collection inside the App.
  • Remove the App to delete local data.
  • For additional requests (where applicable), contact us at h.yagizdemir@icloud.com with enough detail for us to locate your data (note: we may not have a direct user account identifier beyond anonymous IDs).

8) Your Rights (GDPR, CCPA/CPRA, KVKK)

Depending on where you live, you may have rights regarding your personal data.

A. GDPR (EEA/UK) rights

You may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (where processing is based on consent)
  • Lodge a complaint with your local supervisory authority

B. CCPA/CPRA (California) rights

You may have the right to:

  • Know what personal information is collected, used, and disclosed
  • Request deletion of personal information (with exceptions)
  • Correct inaccurate personal information
  • Opt out of “sale” or “sharing” (as defined by California law)
  • Limit the use/disclosure of sensitive personal information (if applicable)
  • Not be discriminated against for exercising your rights

C. KVKK (Türkiye) rights

You may have the right to:

  • Learn whether your personal data is processed
  • Request information if processed
  • Learn the purpose of processing and whether it is used accordingly
  • Know third parties to whom data is transferred (domestic/abroad)
  • Request correction, deletion, or destruction under KVKK conditions
  • Object to a result against you due to analysis exclusively by automated means
  • Request compensation if you suffer damages due to unlawful processing

To exercise rights, contact h.yagizdemir@icloud.com. We may ask for reasonable verification to protect your privacy and prevent fraud.

9) Legal Bases for Processing (GDPR/KVKK)

Where applicable, we rely on these legal bases:

  • Performance of a contract / providing the Service: processing photos/messages to identify plants and provide chat responses.
  • Legitimate interests: improving and securing the Service, preventing abuse, and understanding feature usage (analytics), balanced against your rights.
  • Consent: where required for certain processing (e.g., notifications permissions, certain analytics configurations) and where you can withdraw consent through device settings.

10) International Data Transfers

Our providers (e.g., Firebase, Google AI) may process data on servers located outside your country (for example, in the United States or other regions). Where required, we rely on appropriate safeguards (such as contractual protections) offered by providers.

11) Data Security

We use reasonable administrative, technical, and organizational measures to protect information, including:

  • Using platform security features on iOS
  • Using HTTPS/TLS for network communications to our backend/providers
  • Relying on security controls provided by Apple iCloud/CloudKit and Firebase

No system can be 100% secure. Please keep your device secure and up to date.

12) Analytics, Tracking, and Advertising

The App may collect usage analytics events (e.g., screen opens, feature taps) to improve the Service. Analytics is implemented using an analytics SDK (Mixpanel) and may be enabled only in certain builds/release configurations.

We do not show third-party ads in the current codebase. If this changes, we will update this Policy.

13) Children’s Privacy

The App is not intended for children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided personal data, contact us at h.yagizdemir@icloud.com and we will take reasonable steps to delete it.

14) Changes to This Privacy Policy

We may update this Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as:

  • Updating the “Last Updated” date; and/or
  • Providing an in-app notice where feasible.

Your continued use of the App after an update means you accept the updated Policy.

15) Contact Us

For privacy questions or requests, contact:

  • Habib Yagiz Demir (Data Controller)
  • Email: h.yagizdemir@icloud.com

---

16) Apple App Privacy “Nutrition Label” Summary (Informational)

This section is a practical summary to help categorize data for App Store Connect. Your official App Store disclosure must reflect your final implementation and third-party SDK configurations.

Data Used to Track You (may apply depending on SDK configuration)

  • Identifiers (e.g., device/app identifiers) used by analytics or paywall providers for attribution/tracking (if enabled).

Data Linked to You (or your device/account)

  • User Content
  • Photos/images submitted for plant identification (processed via backend/AI provider).
  • Chat messages submitted to the AI chat feature.
  • Identifiers
  • Anonymous Firebase UID (online identifier).
  • Push notification token (FCM/APNs), if push notifications are enabled.
  • Purchases
  • Subscription/purchase status and related transaction information (handled primarily by Apple; entitlement handling by paywall provider).
  • Usage Data
  • Feature interaction analytics (events), if enabled.

Data Not Linked to You (may apply depending on implementation)

  • Diagnostics
  • Aggregated or de-identified technical logs (e.g., error categories, request counts). Some server logs include metadata such as model name and message count.