Privacy Policy

Fyllo ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, mobile-optimized platform, and related services (collectively, the "Service"). By accessing or using the Service, you consent to the practices described in this Privacy Policy.

This Privacy Policy applies to all users of the Service, including those who browse without creating an account and registered members who participate in plant sharing, swapping, and community features.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

We collect information in several ways when you interact with our Service:

1.1 Information You Provide Directly

• Account Information: When you register, we collect your name, username, email address, phone number, and password.
• Profile Information: You may provide a profile photo, banner image, bio, plant preferences, and general location (city, state, and zip code).
• Plant Listings: Information about plants you list for sharing or swapping, including photos, descriptions, species, care requirements, and availability status.
• Communications: Messages you send to other users through our messaging system, community feed posts, comments, and reviews.
• Swap and Transaction Data: Details about swap requests, meeting arrangements, and completed exchanges.
• Newsletter Subscription: Your email address when you subscribe to our newsletter.
• Support Requests: Information you provide when contacting us for support or feedback.

1.2 Information Collected Automatically

• Device Information: Browser type, operating system, device type, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, features used, time spent on the Service, click patterns, and search queries.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookies and Tracking Technologies: We use cookies, session tokens, and similar technologies to maintain your session, remember preferences, and analyze usage patterns. See Section 8 for more details.

1.3 Location Information

• General Location: City, state, and zip code you provide during registration or profile setup.
• Approximate Location: We convert your address to a 5-mile radius approximation to protect your exact location. Your precise home address is never displayed to other users.
• Search-Based Location: When you search for plants by city or zip code, we process that location data to return relevant results.

1.4 Information from Third Parties

• Authentication Providers: If you sign in through a third-party authentication service, we may receive your name, email address, and profile information from that provider.
• Mapping Services: We use Google Maps to provide location-based features. Google's privacy policy governs their collection of data through these services.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: To create and manage your account, facilitate plant swaps, enable messaging, and deliver location-based plant discovery.
• Personalize Your Experience: To show you relevant plant listings based on your location, preferences, and search history.
• Communication: To send you notifications about swap requests, messages, wishlist alerts, care reminders, and important service updates.
• Safety and Security: To verify user identities, detect and prevent fraud, enforce our Terms of Service, and protect the safety of our community.
• Improve the Service: To analyze usage patterns, diagnose technical issues, and develop new features.
• AI-Powered Features: To provide plant identification from uploaded photos and generate care recommendations. Images uploaded for identification are processed by our AI systems and are not shared with other users.
• Community Features: To enable community feed posts, comments, likes, event listings, and user badges.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With Other Users: Your username, profile photo, approximate location (5-mile radius), plant listings, community posts, reviews, and swap badges are visible to other users. Your email address, phone number, and exact home address are never shared with other users unless you voluntarily provide them during a confirmed swap arrangement.
• Service Providers: We share information with trusted third-party service providers who assist us in operating the Service, including cloud hosting, image storage, mapping services, analytics, and email delivery. These providers are contractually obligated to protect your information.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
• With Your Consent: We may share your information for other purposes with your explicit consent.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our agreements).

Community posts, reviews, and swap history may be retained in anonymized form after account deletion to preserve the integrity of the community record.

Newsletter subscriber information is retained until you unsubscribe or request deletion.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• End-to-end encryption for private messages between users.
• Secure password hashing and session management.
• Regular security assessments and monitoring.
• Access controls limiting employee access to personal data on a need-to-know basis.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

6.1 General Rights

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may update or correct inaccurate information through your profile settings or by contacting us.
• Deletion: You may request deletion of your account and associated personal information.
• Portability: You may request your data in a structured, commonly used, machine-readable format.
• Objection: You may object to certain processing of your personal information.
• Restriction: You may request that we restrict processing of your personal information under certain circumstances.

6.2 Communication Preferences

• You may opt out of newsletter emails by clicking the "unsubscribe" link in any newsletter or by updating your notification preferences.
• You may adjust notification preferences for messages, wishlist alerts, and other communications in your profile settings.
• Service-related communications (such as account security alerts) may not be opted out of while your account is active.

6.3 Location Preferences

• You may update or remove your location information at any time through your profile settings.
• You may choose not to provide location information, though this will limit your ability to use location-based features such as nearby plant discovery.

7. Rights for Specific Jurisdictions

7.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share information.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell your personal information. If this practice changes, we will provide a "Do Not Sell My Personal Information" link.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us at [email protected] or through the contact information provided below. We will verify your identity before processing your request.

7.2 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) provides you with additional rights:

• Legal Basis for Processing: We process your personal data based on: (a) your consent, (b) the performance of a contract with you, (c) our legitimate interests, or (d) compliance with legal obligations.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.
• International Data Transfers: Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data during such transfers.

7.3 Other Jurisdictions

If you reside in a jurisdiction with specific data protection laws (such as Canada's PIPEDA, Brazil's LGPD, or Australia's Privacy Act), we will comply with applicable local requirements. Please contact us for jurisdiction-specific information.

8. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

• Essential Cookies: Required for the Service to function properly, including authentication tokens and session management. These cannot be disabled.
• Functional Cookies: Remember your preferences, such as language settings and notification preferences.
• Analytics Cookies: Help us understand how users interact with the Service, including page views, feature usage, and navigation patterns. We use this data to improve the Service.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

We do not use cookies for targeted advertising. We do not share cookie data with third-party advertisers.

9. Children's Privacy

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us immediately.

10. Third-Party Services

The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

We use the following third-party services:

• Google Maps: For location-based plant discovery and mapping features. Subject to Google's Privacy Policy.
• Cloud Storage Providers: For secure storage of uploaded images and files.
• Authentication Providers: For secure user authentication and account management.

11. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, we do not currently respond to DNT signals. However, we do not engage in cross-site tracking or targeted advertising.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Privacy Policy on this page with a revised "Last updated" date. For significant changes, we may also notify you via email or through a prominent notice on the Service.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to your request within 30 days, or sooner as required by applicable law. For GDPR-related requests, we will respond within 30 days. For CCPA-related requests, we will respond within 45 days.

14. Summary of Key Points