Privacy Policy
Effective date: April 19, 2026
We value your ("User," "You," or "Your") privacy and recognize the sensitivity of your personal information. We are committed to protecting your personal information and using it only as appropriate to provide you with the best possible service, products, and opportunities, as described in this Privacy Policy.
This Privacy Policy explains the information practices of heysproutly Botanical Ltd. (collectively, "heysproutly," "Company," "we," "us," or "our") which operates the website at heysproutly.com and the heysproutly mobile application (collectively, the "Application"). This Privacy Policy should be read in conjunction with our Terms of Service. By accessing the Application, you acknowledge that this Privacy Policy and the Terms of Service govern your use of the Application.
I. What Information We Collect
Photos and Images
When you use the plant identification or disease diagnosis features, you may upload or capture photos through the Application. These images are transmitted to our servers solely to process your request. Images are processed in real time and discarded from server memory immediately after the response is delivered. We do not permanently store your photos on any database or file system.
Device and Internet Usage
If you download the Application, we may collect information from your device, including identifiers to help us identify your device's hardware and operating system. When you interact with the Application, our servers automatically record standard log information, which may include your IP address, device type, operating system version, request timestamps, and referring URLs. This data is used exclusively for maintaining service reliability, diagnosing technical issues, and preventing abuse.
Account and Authentication Data
heysproutly offers optional account creation so your plants, scan history, and care timeline can sync across devices. If you choose to sign in, you can do so with Sign in with Apple, Google Sign-In, or email. When you authenticate, we receive a limited set of identifiers from the identity provider, which may include: a unique user identifier, your email address (or an Apple relay-email alias if you chose to hide it), and, where you provide it, your display name. We use Firebase Authentication (operated by Google) to manage sign-in sessions and account credentials. We do not receive or store your Apple ID or Google password.
If you do not sign in, the Application can still be used in a local-only mode; in that case no account data is transmitted to our servers and your plants and scans remain on your device.
Plant and Care Data
When you add plants to your Garden, log care actions (watering, fertilizing, etc.), or save scan results, this content is associated with your account so it can sync across your devices. It is used only to provide the Service to you and is not sold or used for advertising.
Cookies and Analytics
Cookies are small files which, when placed on your device, enable our platform to provide certain features and functionality. We use Google Analytics on the Website to understand aggregate usage patterns (e.g. page views, session duration). Google Analytics may collect your IP address and data related to your device/browser using cookies. Google Analytics' data practices are governed by the Google Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. The mobile Application does not currently include any third-party advertising SDKs and does not track you across other companies' apps or websites.
Financial Data
We utilize Apple and Google to process all financial transactions. heysproutly is not provided with any personal data related to your payment transactions. All subscription billing is handled directly through the App Store or Google Play. We receive only the non-sensitive subscription status (e.g., active, expired) needed to unlock premium features.
Information We Do Not Collect
We do not collect your phone number, precise geo-location, contacts, health data, financial account numbers, or social security numbers. We do not collect information about you from data brokers. We do not use your personal information for targeted advertising.
II. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| To provide plant identification, disease diagnosis, and care recommendations | Performance of the service you requested |
| To improve the Application by understanding how it is used | Legitimate interest in maintaining and improving our services |
| To provide support and respond to your requests and inquiries | Legitimate interest in responding to inquiries for ongoing business administration |
| To detect and prevent fraudulent activity, abuse, and security incidents | Legitimate interest in protecting our services and users |
| To share data with service providers that host data and provide infrastructure for us | Legitimate interest in using vendors to provide business services |
| To comply with legal obligations, including responding to law enforcement requests | Compliance with applicable legal or regulatory obligations |
Your Right to Object — You have the right to object to processing of your personal information where that processing is carried out for our legitimate interest.
III. Third-Party Service Providers and SDKs
We work with select third-party service providers to deliver core functionality of the Application. These providers process data on our behalf under contractual obligations and are required to use your data only as necessary to provide the services we have engaged them for. We do not sell your personal information to third parties for their own business or marketing purposes.
| Provider / SDK | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Firebase (Google LLC) — Authentication, Crashlytics | Account sign-in, session management, diagnostic crash reports | User ID, email, authentication tokens, crash logs, device identifiers | firebase.google.com/support/privacy |
| Google Sign-In (Google LLC) | Allow users to sign in with their Google account | Email, name, and Google account ID (only when the user taps "Sign in with Google") | policies.google.com/privacy |
| Sign in with Apple (Apple Inc.) | Allow users to sign in with their Apple ID | Apple user identifier, and email (or Apple's private relay-email alias if you choose to hide it) | apple.com/legal/privacy |
| App Store / Google Play (Apple Inc., Google LLC) | Process subscription billing and manage in-app purchases | Transaction identifiers only; no payment card details reach heysproutly | Apple / Google |
| Google Analytics (Website only) | Aggregate website usage analytics | IP address, device/browser type, page views | policies.google.com/privacy |
| Cloud hosting (United States) | Host the backend API and serve plant identification / diagnosis requests | Uploaded images (processed in-memory, not persisted), request logs (IP, timestamp) | — |
IV. Data Retention
We retain your personal information for as long as it is necessary and relevant for our business operations. Uploaded images are processed in real time and are not persisted to disk or any database. Server log data is retained for up to 90 days for operational and security purposes, after which it is automatically purged. Aggregated analytics data (which cannot identify individual users) may be retained indefinitely to improve our services.
V. Data Security
We maintain security standards and procedures designed to prevent unauthorized access to your data by anyone, including our staff. We use commercially reasonable means such as data encryption (HTTPS for all data in transit), access controls, and server authentication to protect the security of your personal information. However, no information security defenses are impenetrable, and we cannot guarantee the absolute security of our systems.
VI. International Data Transfers
The Application is hosted in the United States. If you access the Application from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Application, you consent to this transfer and processing.
VII. Children's Privacy
We do not knowingly collect personal information from children under the age of 16. In the event that we learn that a child under the age of 16 has provided information through the Application, we will delete that information as soon as possible. If you believe that a child has provided us with personal information, please contact us using the details below.
VIII. Your Data Rights
You have the right (subject to certain limitations) to: (i) request access to personal information we hold about you; (ii) the correction of your personal information when incorrect, out of date, or incomplete; (iii) request that we delete your personal information; (iv) opt-out of any marketing communications that we may send to you; and (v) the portability of personal information, i.e., ask for a copy of your personal information to be provided to you or a third party in a digital format.
Since we do not maintain user accounts or store personal profiles, most of these rights are satisfied by default. If you have a specific request, please contact us using the details below. We will respond to your request as soon as practicable and in any event not more than within one month after receipt.
You also have the right to lodge a complaint about the handling of your personal information with a data protection authority in your jurisdiction.
California Residents (CCPA)
California residents may request certain information about our disclosure of personal data during the prior calendar year to third parties for their direct marketing purposes. We do not share your personal data with third parties or corporate affiliates for their direct marketing purposes. We do not sell personal information as defined under the California Consumer Privacy Act (CCPA).
IX. Account Deletion
You can permanently delete your heysproutly account at any time:
- Open the heysproutly app
- Go to the "Me" tab
- Tap "Delete Account"
- Confirm the deletion
This will permanently remove your account, plant records, scan history, and all associated personal data within 30 days. This action cannot be undone.
If you signed in with Apple, we also revoke your Apple authentication token as part of deletion, as required by Apple's App Store guidelines.
If you cannot access the app, email [email protected] from the email address associated with your account and we will process your deletion request within 30 days.
X. Do Not Track
Some devices and browsers may offer a "Do Not Track" feature. Our Application does not currently respond to "Do Not Track" signals, as there is no industry-standard protocol for such signals at this time.
XI. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Whenever we make changes that are important for you to know about, we will post the updated Privacy Policy at this link and update the "Effective date" at the top of this page. Where appropriate, we may provide additional notice (such as an in-app notification).
XII. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or wish to exercise your data rights, please contact us:
heysproutly Botanical Ltd.
Email: [email protected]
Website: heysproutly.com