Privacy Policy
Last updated: April 24, 2026
Nifty Norbot ("we", "us", or "our") operates the niftynorbot.com website and the Nifty Norbot mobile application (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Account Information
We use Clerk to handle authentication. When you create an account, Clerk stores your email address, name (if provided), and any social identity tokens you authorize (for example, Sign in with Apple or Google). Passwords are never stored by us directly.
Garden and Plant Data
To provide the Service, we store information you add about your garden, including but not limited to: plant names and species, watering schedules, notes you write, hardiness zone, watering preferences, and reminder configurations.
Plant Photos
If you upload or capture photos of your plants, those images are stored on our servers so we can display them in your garden and, where relevant, send them to our AI service (see "Third-Party Services" below) to help identify plants or provide gardening advice. You can delete photos from the app at any time.
Device and Push Notification Tokens
When you enable push notifications, we store an anonymous Expo push token that lets us deliver watering reminders and gardening advice notifications to your device. We also collect basic device information (device type, OS version) required for push delivery.
Usage and Diagnostic Data
We may collect logs of API requests (such as timestamps, endpoints accessed, and error messages) to operate, secure, and debug the Service. This data is retained only as long as needed for these purposes.
2. How We Use Your Information
- To provide, maintain, and improve the Service.
- To authenticate you and secure your account.
- To generate personalized gardening advice and identify plants.
- To send watering reminders and advice notifications you enable.
- To diagnose technical issues and prevent abuse.
- To communicate with you about important account or Service changes.
We do not sell your personal information, and we do not use your data for advertising.
3. Third-Party Services
We rely on the following trusted third-party processors to operate the Service. Each has its own privacy practices:
- Clerk — authentication and user identity management. Clerk Privacy Policy
- Microsoft Azure — cloud hosting for our backend services and database. Microsoft Privacy Statement
- Anthropic — AI provider (Claude) used to generate gardening advice and analyze plant photos. Plant data and images may be sent to Anthropic when you request AI features. Anthropic Privacy Policy
- Expo / Apple Push Notification Service / Firebase Cloud Messaging — delivery of push notifications to your device. Expo Privacy Policy
4. Data Retention
We retain your account information and garden data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law (for example, basic transaction logs for security and fraud prevention).
5. Your Rights
You have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Request deletion of your account and associated data.
- Export a copy of your garden data.
- Withdraw consent for push notifications at any time via your device settings.
To exercise any of these rights, contact us using the details in Section 10. If you are located in the European Economic Area, the United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or the CCPA/CPRA respectively, including the right to lodge a complaint with a supervisory authority.
6. Children’s Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.
7. Security
We use industry-standard measures to protect your information, including encrypted connections (HTTPS/TLS), encrypted storage of sensitive tokens on your device via the operating system secure storage (Keychain on iOS, Keystore on Android), and access controls on our backend. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.
8. International Data Transfers
Our servers and third-party processors are primarily located in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries. By using the Service, you consent to these transfers.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you through the Service. Continued use of the Service after a change indicates acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Email:
maxkpat@gmail.com
Website:
niftynorbot.com