Privacy Policy

Last updated: May 18, 2026

Florio ("we", "us", or "our") operates the Florio mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our App, in accordance with the General Data Protection Regulation (GDPR) and other applicable Dutch and European privacy laws.

1. Data Controller

The data controller responsible for your personal data is:

2. What Data We Collect

We collect the following categories of personal data:

Account Information

• Email address
• Display name
• Profile information you provide

App Usage Data

• Plants you add and their care schedules
• Watering history and care actions
• In-app progress (streaks, levels, quests)
• App preferences and settings

Technical Data

• Device type and operating system
• App version
• Push notification tokens (if you enable notifications)
• Anonymous usage analytics

Plant Scan Photos

• Photos you take when scanning plants (stored for plant identification and AI model improvement)

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing the service: To create and manage your account, store your plant collection, and deliver personalized care reminders.
• Notifications: To send you watering reminders and care alerts (only if you opt in).
• Improving the App: To understand how the App is used and improve its features and performance.
• AI training: Plant scan photos may be used to improve our plant recognition models. Photos are stored without personal identifiers and are only used for this purpose.
• Support: To respond to your questions and provide customer support.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide you with the App and its features.
• Legitimate interest (Art. 6(1)(f)): Processing for analytics and App improvement, where our interests do not override your rights.
• Consent (Art. 6(1)(a)): For push notifications and optional data processing. You can withdraw consent at any time.

5. Third-Party Services

We use the following third-party services to operate the App:

• Google Firebase: For authentication, database storage, and cloud functions. Firebase processes data in accordance with Google's privacy policies and GDPR compliance measures. Data may be stored on servers in the EU and/or the United States.
• Expo: For push notification delivery. Expo processes push notification tokens to deliver notifications to your device.
• Replicate: Plant scan photos may be processed by Replicate's CLIP model to generate image embeddings for plant recognition. Photos are processed in real-time.

We do not sell your personal data to third parties. We do not share your data with third parties for their marketing purposes.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the App. If you delete your account, we will delete your personal data within 30 days, unless we are required by law to retain it longer.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of your personal data.
• Right to rectification: You can request correction of inaccurate data.
• Right to erasure: You can request deletion of your personal data.
• Right to restrict processing: You can request that we limit how we use your data.
• Right to data portability: You can request your data in a structured, machine-readable format.
• Right to object: You can object to processing based on legitimate interest.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at Info@florioapp.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure authentication, and access controls.

9. Children's Privacy

The App is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us and we will promptly delete it.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States, through our use of Firebase services. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy in the App or on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: