Nature Lost Vault App Privacy Policy
1. Who we are
Nature Lost Vault (the "App") is published by Galaxy Media Productions SL, a company registered in Spain ("we," "our," or "us").
Contact: hello at naturelostvault dot com.
This policy covers the Nature Lost Vault iOS app only. The website at naturelostvault.com has its own privacy policy.
2. What we collect
We only collect the data we need to operate the App. We do not sell your data, ever.
| Data | Source | Why we need it |
|---|---|---|
| Email address | You, when you sign up or sign in | Identify your account, sync your saved plants and scan history across devices, send essential service emails (password resets, subscription receipts). |
| Apple / Google account ID (if you use Sign in with Apple or Google) | Apple or Google, when you choose social sign-in | Authenticate you without a password. We never receive your Apple/Google password. |
| Plant photos you submit to the scanner | Your camera or photo library, only when you tap Scan | Sent in real time to our plant-identification provider (Plant.id by Kindwise) to identify the species. Photos are not stored on our servers. |
| Scan results (scientific name, common name, match status, timestamp) | Generated when you scan | Build your scan history, enforce monthly fair-use limits, and identify which plants users want us to add next. |
| Saved plants list | You, when you tap "Save to Vault" | Populate your "My Vault" tab and sync it across your devices. |
| Subscription status (Pro / Free) | Apple App Store + RevenueCat | Unlock Pro content for paying subscribers. We never see your payment details. Apple processes the purchase. |
| Anonymous app user ID | Generated on first launch | Linked to your subscription so it persists if you reinstall the App. |
We do not collect your location, contacts, health data, advertising identifier, or browsing history outside the App.
3. Camera and photo library
The App asks for camera and photo library access only when you open the Scanner. The image is uploaded over a secure connection to Plant.id for identification and is not retained on our servers after the response is returned. Plant.id's own retention policy applies to the image while in transit through their service. See the Plant.id Privacy Policy.
4. Who we share data with
We use a small number of trusted service providers ("processors") that handle data on our behalf and are contractually bound to keep it confidential:
- Supabase (Frankfurt, EU): database and authentication. Stores your account, saved plants, and scan log.
- Plant.id by Kindwise (Czech Republic, EU): plant identification. Processes scan images in real time; does not retain them on our behalf.
- RevenueCat (USA): subscription state. Receives an anonymous user ID and your Apple receipt to verify Pro status.
- Apple: App Store payments and Sign in with Apple. Apple's privacy policy applies to anything that happens on their side.
- Google: only if you choose Sign in with Google. Google's privacy policy applies.
We never sell or rent your data, and we never share it with advertisers.
5. Where data is stored
Account data is stored in the EU (Frankfurt) by Supabase. Subscription state is stored in the USA by RevenueCat under standard contractual clauses for international transfers.
6. How long we keep it
- Your account, saved plants, and scan log: as long as your account exists.
- Subscription receipts: as long as Apple's and our tax-record obligations require (typically 7 years in Spain).
- Scan images: not retained. Discarded after identification.
If you delete your account, we delete your account data within 30 days, except records we are legally required to keep (e.g. tax invoices for purchases).
7. Your rights (GDPR)
If you are in the EU, UK, or another jurisdiction with comparable rights, you can:
- Request a copy of the data we hold about you.
- Correct inaccurate data.
- Delete your account and personal data ("right to be forgotten").
- Withdraw consent or object to processing.
- Lodge a complaint with your local data-protection authority. In Spain that is the Agencia Española de Protección de Datos (aepd.es).
To exercise any of these, email hello at naturelostvault dot com. We respond within 30 days.
8. Children
The App is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
9. Security
All connections between the App and our servers use TLS 1.2 or higher. Passwords are hashed by Supabase using industry-standard algorithms. We do not store payment card details. Apple handles all payments. No system is perfectly secure, but we take reasonable measures to protect your data and we will notify you and the relevant authorities if a breach affecting your data occurs.
10. Changes to this policy
We may update this policy when we change how we handle data. The "Last updated" date at the top reflects the latest version. For material changes we will notify you in-App or by email before they take effect.
11. Contact
Questions about this policy or your data: hello at naturelostvault dot com.
Galaxy Media Productions SL
Calle Amigo, 40 - Pta. 2
08021 Barcelona, España