Privacy Policy

Last updated: 04 May 2026 · Effective: 04 May 2026

This Privacy Policy explains how Sylvo (“Sylvo”, “we”, “us”, or “our”) collects, uses, shares, and protects information about you when you use the Sylvo mobile application (the “App”) and the website at sylvo.app (together, the “Services”).

We've tried to keep this readable. If anything is unclear, please reach out using the contact information at the end.

1. Who we are

Sylvo is operated by NCOM d.o.o., a limited liability company organised under the laws of the Republic of Slovenia. For the purposes of Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and the Slovenian Personal Data Protection Act, we are the data controller of personal data processed through the Services.

2. Information we collect

2.1 Information you give us

Account information. When you create an account, we collect your email address, a hashed password (or an Apple/Google sign-in identifier), and a display name you choose.
User content. When you claim a tree, you may submit photos, the name you give the tree, species information, and free-form field notes. This content is yours.
Location of claimed trees. When you pin a tree on the map, you choose a location (typically your current GPS position or a location you select manually).
Communications. If you contact us by email or in-app, we keep that correspondence to respond and maintain a record.

2.2 Information we collect automatically

Device information. Device model, operating system version, language and locale, time zone, and a non-resettable installation identifier we generate.
Diagnostic and crash data. Anonymous error reports and performance traces that help us fix bugs.
Usage analytics. Aggregate, non-identifying events such as “a tree was claimed” or “the map was opened,” used to understand which features people use.
Approximate location. Derived from your IP address solely for security and abuse-prevention purposes; not used to infer your home or work location.

2.3 Permissions we request

The App asks for the following iOS permissions only when needed:

Camera — to photograph the tree you are claiming.
Photo library — to attach an existing photo to a claim.
Location (when in use) — to drop the pin for a tree you are claiming. We never access location in the background.
Notifications — only after you opt in, used for app updates you have asked to follow.

Granting any permission is optional. If you decline, certain features will be limited, but the rest of the App will still work.

3. How we use the information

We use the information we collect to:

operate, maintain, and provide the Services and the features you ask for (claiming trees, viewing your collection, browsing the community map);
identify tree species using third-party AI models (see Section 5);
secure the Services against abuse, fraud, and unauthorized access;
fix bugs and improve performance;
communicate with you about important account or service changes;
comply with legal obligations.

We do not sell your personal information. We do not run third-party advertising in the Services and do not share your personal information for cross-context behavioral advertising.

4. Legal bases for processing (EEA / UK users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 GDPR:

Performance of a contract — to deliver the Services you sign up for.
Legitimate interests — to keep the Services secure, prevent abuse, and improve them, where those interests are not overridden by your rights.
Consent — for optional features such as push notifications, where we ask you first and you can withdraw consent at any time.
Legal obligation — where the law requires us to retain or disclose information.

We share information only in these situations:

Service providers (data processors). Companies that host our infrastructure, store backups, send transactional email, and run analytics on our behalf — for example, Apple (App Store, Sign in with Apple, push notifications), Vercel (web hosting), Supabase (database and authentication), and OpenAI (species identification and Tree Chat). They are bound by written agreements and may only use the data to provide services to us.
Public claims. When you publish a claim, your display name, the tree's name, species, your notes, and the pin location become visible to other Sylvo users. Public pin coordinates are coarsened to roughly the nearest block before being shown to others, so trees on private property remain private.
Legal compliance. We may disclose information when required by law, valid legal process, or to protect rights, safety, or the integrity of the Services.
Business transfers. If Sylvo is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction. We will give notice before your information becomes subject to a different privacy policy.

6. AI-powered features

Sylvo uses third-party AI models (currently OpenAI's GPT-class models) to identify tree species from your photos and to power the optional “Tree Chat” feature. When you use these features:

the photo and minimal context are sent to the AI provider for inference;
we do not allow the AI provider to use your data to train their models;
responses generated by AI are best-effort and may be incorrect — please don't rely on them for any safety-critical decision (e.g., foraging, allergen identification).

7. Data retention

We keep your information only as long as we need it:

Account and user content — for as long as your account is active. If you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to retain it (e.g., for tax, fraud, or legal-obligation reasons).
Diagnostic and crash data — up to 90 days.
Server access logs — up to 30 days, then aggregated.

You can delete your account at any time from Settings → Account → Delete account in the App, or by emailing us (see Section 12).

8. Your rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you;
Rectify information that is inaccurate;
Delete your information (the “right to be forgotten”);
Restrict or object to certain processing;
Data portability — receive your data in a machine-readable format. You can also export your trees, photos, and notes from Settings → Export my data in the App;
Withdraw consent at any time, where we rely on consent;
Lodge a complaint with your local data-protection authority. Slovenian residents can contact the Information Commissioner of Slovenia (Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, www.ip-rs.si). EU/EEA residents elsewhere can contact their national supervisory authority; UK residents can contact the Information Commissioner's Office.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to deletion, and the right not to be discriminated against for exercising those rights. We do not “sell” or “share” personal information as those terms are defined under CCPA.

To exercise any of these rights, contact us using the details in Section 12. We respond within 30 days.

9. Children's privacy

Sylvo is not directed to children under 13 (or under 16 in jurisdictions that require a higher age of consent for online services), and we do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We use industry-standard safeguards — encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular reviews — to protect your information. No system is perfectly secure; if you discover a vulnerability, please report it responsibly to the contact in Section 12.

11. International data transfers

Your information may be stored and processed in countries other than the one where you live, including the United States. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the App and update the “Last updated” date at the top. Your continued use of the Services after the change indicates acceptance of the updated Policy.

13. Contact us

If you have questions about this Policy or wish to exercise your rights, please contact us at privacy@sylvo.app.

This document is provided as a starting point and reflects common practice for consumer mobile apps as of mid-2026. It is not a substitute for advice from a qualified attorney. Please review it carefully — especially the bracketed placeholders — and have a lawyer adapt it to your specific entity, jurisdiction, and feature set before publishing on the App Store.