Privacy Policy

• Photos you upload. Sent to Anthropic for identification, then discarded. We keep only the textual result Anthropic returns — never the image itself.
• Approximate location. Recorded only if you grant browser geolocation, and used to inform regional context in the identification (USDA hardiness zone, native or invasive status). Stored alongside the identification record for thirty days; not linked to your identity, because there is no account.
• IP address. Used to enforce per-IP rate limits via sliding-window counters in Upstash Redis, and stored within the identification record for thirty days. Not used to build a profile.
• Anonymous feedback. When you tap the up or down button after an identification, we store that rating against the identification’s random key for thirty days. Nothing in the record ties back to you.
• Standard analytics. Google Analytics records aggregate traffic — page views, device and browser metadata, approximate geography from IP. See Cookies below.

• Names, email addresses, or accounts — there are no accounts in this app.
• Payment information — the service is free.
• Persistent device identifiers, beyond what Google Analytics sets.
• Health, biometric, or other sensitive personal data.

• Anthropic. Receives your uploaded photo to run the identification. See Anthropic’s privacy policy.
• Upstash. Hosts the Redis instance that holds rate-limit counters and the ephemeral identification and feedback records described above.
• Vercel. Hosts the application and handles edge networking. Vercel sees standard request metadata — IP, user agent, timing.
• Google Analytics. Measures site traffic. Sets cookies — see below.

Depending on where you live — for example, the EU under GDPR or California under CCPA — you may have the right to access, correct, delete, or export personal data we hold about you, and to object to certain uses. Because Identiflora collects nothing tied to your identity, most such requests are a brief confirmation that we hold nothing linked to you. If you want a specific identification record removed before its thirty-day expiry, email us with the random key shown in the response and we’ll delete it.

Identiflora is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has submitted a photo, contact us and we’ll remove the associated record.

Google Analytics may set cookies in your browser to measure traffic. You can decline these through your browser’s cookie settings or with a content blocker. Identiflora sets no cookies of its own.

We may update this policy as the app evolves. The effective date at the top will change to reflect the most recent revision. Material changes will be noted on this page.

This policy is governed by the laws of the Commonwealth of Massachusetts, United States.

Questions or requests: hello@natickmedia.com.