Privacy Policy

Effective Date: May 12, 2026

1. Developer Information

App Name: MyPlantBook (我的植物收集册)
Developer: Individual Developer
Contact Email: myplantbook@163.com

2. Data We Collect

2.1 Data You Provide

Data Type	Purpose	Storage Location
Plant Photos	Plant identification	Uploaded to our backend server, then stored on Qiniu Cloud (both compressed and original); during identification, images are forwarded to Pl@ntNet (France) for real-time identification only. Pl@ntNet does not retain your images long-term or use them for AI model training
Location Data	1. Record photo location for map display 2. Real-time location for Trail feature (path recording and navigation)	Photo location: Associated with identification records Trail location: Used only on-device in real-time, never uploaded to any server, cleared immediately after the feature closes
User Identifier	Supabase-generated UUID for data association	Supabase database
Email Address	Identity verification and account recovery for email login	Supabase authentication system (if registered via email)

2.2 Technical Data Automatically Collected

Operations Logs: Our backend servers (Google Cloud Run) automatically record request logs for application stability monitoring, error troubleshooting, and operational maintenance. Logs do not contain user-identifying information (such as user ID, IP address, precise location, or plant photo content).
No advertising identifiers
No third-party analytics tools

3. Data Storage and Processing

3.1 Server Locations

Service	Location
Application Server	Google Cloud Platform — asia-east2 region (Hong Kong SAR, China)
Authentication & Database	Supabase
Plant Identification Database	NeonDB
Image Storage	Qiniu Cloud
Plant Identification Processing	Pl@ntNet servers (France)

3.2 Cross-Border Data Transfer

Your personal information may be stored outside mainland China, including:

Hong Kong SAR, China: Main application server (Google Cloud asia-east2)
France: During plant identification, images are transmitted to Pl@ntNet servers for processing

We have implemented security measures compliant with applicable data protection laws, including encrypted transmission and storage. Before using features that involve cross-border data transfer (such as plant identification), we will request your explicit authorization through an in-app dialog. If you do not agree to cross-border transfers, you may choose not to use such features.

3.3 Data Retention

Data Type	Retention Policy
Plant Photos	Retained after identification for displaying user history
Identification Results	Retained and associated with photos
Location Data	Photo location: Retained and associated with identification records Trail real-time location: Used only on-device in real-time, never uploaded to any server, cleared immediately after the feature closes
Account Information	Retained while account is active
Operations Logs	Automatically deleted after 30 days

4. Account Deletion and Data Rights

4.1 Your Rights

Right to Access: View all your uploaded plant records
Right to Deletion: Delete your account and associated data
Right to Export: Your data is primarily stored in cloud databases (Supabase / NeonDB), accessible through the in-app account management. Core Data on your device serves as a cache layer for offline access only. You can also export local cached data via device backup.

4.2 Account Deletion Process

Initiate deletion from the [Account Management] page:

Three-layer confirmation to prevent accidental deletion
Secondary identity verification (password or Apple ID verification, depending on login method)
Soft deletion (user_id set to 'USER_DELETED')
Supabase user identity deletion
Audit log records the deletion operation (for security auditing)
Local data cleanup

Note: After soft deletion, your identification records will be permanently disassociated from your identity (anonymized) and physically deleted from servers in a subsequent cycle. Local data is also synchronously cleaned to ensure consistent deletion across cloud and local storage.

5. Third-Party Services

We use the following third-party services:

Service	Purpose	Privacy Policy
Pl@ntNet	Plant identification and reference images	https://plantnet.org/en/privacy/
Wikipedia	Plant knowledge information (names, descriptions, etc.)	https://foundation.wikimedia.org/wiki/Policy:Privacy_policy
Mapbox Maps	Map display and location marking	https://www.mapbox.com/legal/privacy
Supabase	User authentication, database	https://supabase.com/privacy
Qiniu Cloud	Image storage (compressed and original)	https://www.qiniu.com/privacy
Sign in with Apple	User login authentication	https://www.apple.com/legal/privacy/
Apple App Store	In-app purchase (subscription) processing	https://www.apple.com/legal/privacy/

            About Image Data Sources: Reference images displayed in the app are sourced from the Pl@ntNet community, subject to Creative Commons and other open-source license agreements. These images are displayed in-app only and are not redistributed for commercial purposes. We provide detailed source attribution and licensing information within the app.
        

Data Processing Responsibility: Pl@ntNet acts solely as an independent Data Processor for plant identification purposes. We (the app developer) remain the Data Controller of your personal data. Pl@ntNet does not use your images for its own purposes or share them with other parties.

Third-Party Service Usage Principles: We do not use any third-party services for user tracking, advertising targeting, or user profiling. All third-party services are used solely to implement the core functionality of the app.

6. User Rights and Permission Control

6.1 All Permissions Are Optional

All system permissions are optional. You can choose to allow or deny at first use, and can change them anytime in iOS Settings:

Permission	If Denied	Alternative
Camera	Cannot take photos for identification	Select existing photos from library
Photo Library	Cannot select existing photos	Use camera to take photos
Location (Photos)	Photos won't record location	Normal identification, no map marker
Location (Trail)	Cannot record path and navigation	Trail feature limited, other features work
Network	Cannot upload for identification	Connect to network to use

6.2 Change Permissions Anytime

Settings Path: iOS Settings → MyPlantBook → Permissions

You can enable or disable any permission at any time without affecting saved data.

7. In-App Purchases

This app offers in-app subscription services, processed by Apple App Store. We do not directly collect, store, or process your payment information (such as credit card numbers or billing addresses). All subscription management, payment processing, and refund matters are handled by Apple.

You can view, modify, or cancel your subscriptions at: iOS Settings → Apple ID → Subscriptions.

8. Data Security

All data transmission uses HTTPS/TLS encryption
User passwords are encrypted with bcrypt (handled by Supabase)
Backend APIs use JWT authentication
Sensitive operations (e.g., account deletion) require secondary identity verification

9. Children's Privacy

This app is not intended for children under 13. We do not knowingly collect personal information from children.

10. Policy Updates

We may update this Privacy Policy. Significant changes will be notified through in-app notifications or email.

11. Contact Us

If you have any questions about this Privacy Policy, or wish to exercise your data rights, please contact us:

Email: myplantbook@163.com

12. Permissions

The app requires the following system permissions:

Camera: Take plant photos for identification
Photo Library: Select existing photos for identification
Location: Record photo location (optional, can be disabled in system settings)
Network: Upload photos for cloud identification