Privacy Policy

MycoForager ("us", "we", or "our") operates the MycoForager mobile application (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

1. Information We Collect

1.1 Photo and Image Data

Our Service requires access to your device's camera and photo library to function properly:

• Camera Access: Used to capture photos of mushrooms for AI identification
• Photo Library Access: Used to select existing photos from your library for identification
• Image Processing: Photos are resized (max 1024px), compressed (under 2MB), converted to base64, and sent via OpenRouter API to Google Gemini 2.5 Flash AI for identification
• Local Storage: Images are stored ONLY on your device using SwiftData when you save them to your identification history or collections
• No Cloud Storage: We do not store your photos on our servers or in cloud storage
• AI Processing: Images sent through OpenRouter to Google's Gemini AI are processed for identification purposes only and are not retained by OpenRouter or Google for model training
• Deletion: You can delete saved images anytime by deleting them from your collections or history, or by deleting the app

Privacy Note: Photos are NOT linked to your identity. We do not collect user accounts, login information, or any identifiers with your photos. Images are processed anonymously for identification purposes only.

1.2 Subscription and Purchase Data

If you purchase a premium subscription, the following data is collected by our third-party payment processor (RevenueCat):

• User ID: A unique identifier created by RevenueCat to manage your subscription
• Purchase History: Subscription type (weekly/yearly), purchase dates, renewal status
• Subscription Status: Whether you have an active premium subscription
• Device Identifier: Used by RevenueCat to sync subscriptions across your devices

Privacy Note: This data IS linked to your identity and is necessary for subscription management. Apple processes all payments through the App Store - we never see your payment card information.

2. How We Use Your Information

MycoForager uses the collected data ONLY for the following purposes:

• Photos: To process mushroom identification requests through AI
• Subscription Data: To manage your premium subscription and unlock premium features
• Local Storage: To save your collections, history, and preferences on your device

We do NOT use your data for:

• ❌ Advertising or marketing
• ❌ Tracking you across apps or websites
• ❌ Selling or sharing with data brokers
• ❌ Analytics or user behavior profiling
• ❌ Third-party advertising networks

3. Data Storage and Security

3.1 Local Storage (SwiftData)

Almost all of your personal data is stored locally on your device using Apple's SwiftData framework:

• Collections: Your custom mushroom collections are stored locally (UserCollection model)
• Saved Mushrooms: Mushrooms you save from the database or AI identifications (FavoriteMushroom, SavedMushroom, AIFavoriteMushroom, AISavedMushroom models)
• Identification History: Complete history of all your AI scans with captured images (AIIdentificationHistory model)
• Educational Articles: Saved articles and learning content (Article model)
• App Settings: Your preferences including premium status cache (stored in UserDefaults)
• No Cloud Sync: This data is NOT automatically synced to iCloud or our servers
• Device-Only: Data remains on your device until you delete the app or manually delete items

3.2 Security

The security of your data is important to us, but no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We implement various security measures including:

• Encryption of data in transit using HTTPS/TLS
• Secure authentication through Apple Sign In and other providers
• Regular security audits and updates
• Access controls and authentication for our systems

4. Third-Party Services

We use the following third-party services. These are the ONLY external services that handle your data:

4.1 RevenueCat (Subscription Management) - Data IS Linked to You

What it does: Manages your premium subscription

What data it collects:

• User ID (unique identifier for your subscription)
• Purchase receipts and subscription status
• Device identifier (to sync subscriptions across your devices)
• Subscription type (weekly/yearly) and renewal dates

Why we use it: Required to process subscriptions through Apple's In-App Purchase system

Privacy controls:

• Your premium status is cached locally for 24 hours for offline access
• This data is necessary for subscription functionality
• NOT used for advertising or tracking

Privacy Policy: https://www.revenuecat.com/privacy

4.2 Backend API + OpenRouter + Google Gemini AI - Data NOT Linked to You

What it does: Processes your mushroom photos for AI identification

Data flow:

1. Your photo is sent from the app to our secure backend (Railway)
2. Backend forwards the image to OpenRouter (AI API gateway)
3. OpenRouter forwards to Google Gemini 2.5 Flash AI model
4. AI analyzes the image and returns identification results
5. Results sent back through the chain to your app

Privacy protections:

• No user identification: Photos sent anonymously with NO user ID, device ID, or identifiers
• No storage: Images processed in real-time and not retained by our backend, OpenRouter, or Google
• Encrypted transmission: All data sent via HTTPS/TLS encryption
• Cannot be linked back to you: Even if someone intercepted the data, they couldn't identify whose photo it is

Privacy Policies:

• OpenRouter: https://openrouter.ai
• Google Gemini: https://policies.google.com/privacy

4.3 Apple App Store

• Processes app downloads and in-app purchases
• Handles all payment processing (we NEVER see your payment information)
• Subject to Apple's Privacy Policy: https://www.apple.com/legal/privacy/

5. Data Retention

Photos: Not retained. Images are processed in real-time for AI identification and immediately discarded by our backend and third-party AI services. The only copies are the ones YOU save locally on your device.

Subscription Data: Retained by RevenueCat for as long as you have an active subscription, plus the legal retention period required for financial records (typically 7 years for tax/accounting purposes). This is standard for all subscription-based businesses.

Local Device Data: Retained on your device until you delete it (either individual items or the entire app). We have no access to this data and cannot delete it remotely - only you control it.

6. Your Data Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

• All your data (collections, history, saved mushrooms) is stored locally on your device - you always have access to it
• Since we don't collect account information or store data on servers, there is no remote data to request
• For subscription data held by RevenueCat, contact us at nareshalakuntla1234@gmail.com

6.2 Deletion

• You can delete individual items (collections, history entries, saved mushrooms) within the app at any time
• Complete Deletion: Deleting the app removes ALL locally stored data from your device, including:
  • All saved collections and mushrooms
  • Complete identification history with images
  • All app settings and preferences
• Server-Side Data: Since photos are processed anonymously and not linked to you, there is no personal photo data to delete from servers. RevenueCat retains subscription purchase history for legal/financial compliance. Contact nareshalakuntla1234@gmail.com to request subscription data deletion.
• Subscription Cancellation: Deleting the app does NOT cancel your subscription. You must cancel through App Store settings separately.

6.3 No Marketing or Tracking to Opt Out Of

• We do not send marketing emails - there is nothing to unsubscribe from
• We do not use analytics or tracking - there is nothing to opt out of
• We do not collect location data - no location permissions needed
• Your data is used solely for app functionality (AI identification and subscription management)

7. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

8. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

9. GDPR Compliance (European Users)

If you are from the European Economic Area (EEA), MycoForager's legal basis for collecting and using your personal information depends on the context:

• Contract: We need to process your data to fulfill our contract with you (provide the Service)
• Consent: You have given us permission to process your data for specific purposes
• Legitimate Interests: Processing your data is in our legitimate interests (improving our Service) and doesn't override your rights
• Legal Obligation: We need to process your data to comply with the law

You have the right to:

• Access, update, or delete your personal information
• Rectification of inaccurate data
• Object to processing of your data
• Data portability
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

10. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information:

• Right to know what personal information is collected, used, shared or sold
• Right to delete personal information held by businesses
• Right to opt-out of sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

11. Do Not Track Signals

We do not track users. Our app does not collect analytics, behavioral data, or user tracking information. The only data collected is for core app functionality: photos for AI identification (not linked to you) and subscription management (linked to you for billing purposes only).

12. No Advertising

We do not display any advertisements in our app. We do not work with advertising networks, ad measurement services, or data brokers. Your data is never used for advertising purposes.

Our business model is simple: free users get limited AI scans, premium subscribers get unlimited access. We make money through subscriptions only, not through advertising or selling data.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

For material changes, we will provide prominent notice within the app or send you an email notification.

14. Contact Us

If you have any questions about this Privacy Policy, your data rights, or wish to exercise your rights, please contact us:

• Email: nareshalakuntla1234@gmail.com
• Contact Form: Contact Us

We will respond to your request within 30 days.

15. Your Consent

By using our Service, you consent to our Privacy Policy and agree to its terms.