Privacy Policy

Last updated: June 18, 2026

Introduction

Floret ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information when you use our mobile application, website, and related services (collectively, the "Services").

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Email address, display name, and password when you register
• Health Data: Consumption logs (strain, method, amount, date/time), mood assessments (mood, pain, anxiety scores, symptoms), inventory records, and optional notes
• Device Information: Expo Push Token for push notifications

1.2 Information Collected Automatically

• Device Data: Device type, operating system, app version, unique device identifier
• Usage Data: Features accessed, actions performed, session duration, crash reports (via error boundaries)
• Connection Data: IP address, timestamps of requests

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Services
• Create and manage your account
• Send push notifications (only with your consent) for inventory reminders and optional mood check-ins
• Generate predictions and analytics specific to your consumption patterns
• Comply with legal obligations and respond to lawful requests
• Detect, prevent, and address fraud or security issues
• Monitor app performance and debug errors

3. Data Storage & Security

• Cloud Storage: Your account data and health records are stored on MongoDB hosted on a secure, encrypted server
• Local Storage: Sensitive tokens (access and refresh tokens) are stored in your device's secure enclave (Expo SecureStore on iOS/Android)
• Encryption: All data in transit uses HTTPS encryption. Authentication uses JWT with RS256 RSA encryption
• Access Control: Only authenticated users can access their own data. All API endpoints require valid JWT tokens

4. Data Retention

• Account Data: Retained as long as your account is active
• Health Records: Retained indefinitely to provide historical analysis and trends (or until you request deletion)
• Push Tokens: Retained until registration is updated or account is deleted
• Session/Crash Logs: Retained for up to 30 days for debugging purposes

5. Sharing Your Information

We do not sell, rent, or share your personal or health data with third parties except:

• Service Providers: Hosting providers, error tracking services, and analytics services who are contractually bound to keep your data confidential
• Legal Requirements: When required by law, court order, or government request (we will notify you unless prohibited by law)
• Aggregated Data: We may share anonymized, aggregated analytics (e.g., "average mood scores for users tracking anxiety") for research or improvement purposes

6. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a portable format
• Opt-Out: Disable push notifications in app settings at any time

To exercise these rights, contact us at privacy@floret.info.

7. Children's Privacy

Floret is not intended for use by individuals under 18 years old without parental consent. We do not knowingly collect data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

8. Third-Party Services

• Expo Push API: Used to send notifications. See Expo's privacy policy
• Sentry (optional): If enabled, crash reports are sent to Sentry for debugging. See Sentry's privacy policy

9. International Data Transfers

If you access Floret from outside Australia, your data may be transferred to, stored in, and processed in Australia or other countries where we or our service providers operate. By using Floret, you consent to such transfers.

10. Medical Disclaimer

Floret is not a medical device or diagnostic tool. The information and predictions provided by Floret are for personal tracking and educational purposes only. They are not a substitute for professional medical advice, diagnosis, or treatment. Always consult with a qualified healthcare provider before making changes to your medicinal cannabis usage.

11. Data Breach Notification

In the event of a confirmed data breach affecting your personal or health information, we will notify you within 30 days via email and through the app.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by updating the "Last updated" date and posting the revised policy. Your continued use of Floret after such notifications constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@floret.info
• Postal Address: Floret, Australia
• Response Time: We aim to respond to privacy inquiries within 14 days

14. Regulatory Compliance

Floret complies with applicable privacy laws, including:

• Australia: Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
• GDPR (EU): If applicable, General Data Protection Regulation
• CCPA (US): California Consumer Privacy Act (if applicable)