Diora Back to home
Legal

Privacy Policy

Last updated: 9 June 2026

This privacy policy explains how the Diora mobile application ("Diora", "we", "us", or "our") collects, uses, and protects information about you when you use the app. Diora is a plant collection tracker for iOS and Android, built for rare plant collectors. It includes optional social features: a public profile, following other collectors, sharing individual plants and breeding programs at a visibility level you choose, offering pollen, and direct messaging, described in section 9. By creating an account and using the app, you agree to the practices described below.

1. Who runs Diora

Diora is built and operated by Beebles, an Australian company. You can reach us at beeble.ptyltd@gmail.com for any privacy question, request, or concern.

2. What we collect

We collect only what is necessary to make the app work, keep your data secure, and diagnose problems.

  • Account information. Your email address. You can sign in three ways: a passwordless magic link sent to your email, Sign in with Apple, or Sign in with Google. We do not store passwords. When you use Apple or Google sign-in, that provider authenticates you and passes us a sign-in token and your email address (and, on the first Apple sign-in, your name if you allow it). The magic-link, Apple, and Google flows are handled by our authentication provider on our behalf.
  • Profile information. A display name, a unique username (your @handle), an optional short bio, and an optional profile photo (avatar). Unlike your private plant records, your profile is part of the social layer: when another collector views your profile or sees you in a follow list, feed, pollen offer, or message thread, they see your display name, username, and avatar. See section 9 for how the social features work and how you control them.
  • Plant data. Everything you choose to enter about each plant: the species (either chosen from our catalogue or typed as free text), nickname, source or provenance text, acquired date, notes, current status (active, sold, given, died, lost), and the history of status changes. This data belongs to you. We store it so the app can show it to you across sessions and devices.
  • Plant events. The chronological log of things that have happened to each plant. Each entry is a photo, a note, or a status change, with the date you recorded it and an optional date for when it happened in real life.
  • Photos. Photos of plants you upload to the app, and your profile photo (avatar) if you set one. We extract the original capture date from a plant photo's EXIF metadata so the timeline can sort accurately. We strip GPS coordinates from every photo before it is stored. We also strip other EXIF fields, such as camera model and exposure data: the app re-encodes each photo on upload, which destroys the embedded EXIF block. Only the capture date is preserved, and it is stored as a separate field rather than as embedded EXIF. To reduce data use and storage, photos are also resized and a smaller thumbnail is generated on upload. Your avatar, if set, is stored in a public-read bucket so that other collectors who can see your profile can load it: see section 9.
  • Social content. If you use the social features (section 9), we store what you create there: which accounts you follow and who follows you, the visibility level you set on each plant and breeding program, pollen offers you post and the replies on them, and the messages you send and receive in direct conversations. We also store accounts you have blocked.
  • Usage analytics. Anonymous interaction events such as which screens you visit. These events are tagged with your account's internal user ID (a UUID) but never include the content of your records. No plant names, nicknames, species names, source text, notes, message text, or photo content is ever sent as analytics data, and we do not send your email, username, or display name as analytics data. Analytics is active in production builds (it is disabled in development and test builds). Session recording is off.
  • Diagnostics and crash data. When the app encounters an unexpected error, it shows an error screen so you can recover. We do not currently use a third-party crash-reporting service; technical error details are not sent off-device by a dedicated crash processor today. If we add automated crash reporting in a future release, reports will exclude the content of your records, and we will update this policy and the processor list in section 5 before turning it on.
  • Device information. The app version, build number, operating system, and a stable anonymous device identifier used by the analytics tool to group events from the same device.
  • Device push token. If you enable push notifications, we store the push token issued to your device so we can deliver the notifications you opt into. The token is an opaque identifier for your device's push channel; it does not contain the content of your records. See section 5 for how these notifications are delivered.

We do not collect: your location, your contacts, your full camera roll (we ask for permission only when you tap "add a photo" and only the photos you select are uploaded), your advertising ID, or anything used for ad targeting. Diora does not show ads, and we have no plans to ever introduce them.

3. Why we collect it

  • Account information lets you sign in and keeps your data secured to your account.
  • Profile information is what other collectors see when they encounter you in the social features. You choose your display name, username, bio, and whether to set an avatar.
  • Plant data, plant events, and photos are the core of the app. They exist so you can read them back across years and devices, and, for any item you choose to share, so the collectors you share with can see them (section 9).
  • Social content (follows, visibility settings, pollen offers and replies, messages, blocks) exists so the social features work: so people you follow appear in your feed, so a pollen offer reaches the right audience, so a conversation is delivered to the person you sent it to, and so blocking removes someone from your experience.
  • Usage analytics help us understand which features matter and where the app is confusing. We use this to decide what to build next.
  • Stripping GPS from photos is a deliberate privacy choice. Greenhouse and home photos often contain the photographer's home coordinates in EXIF. Because Diora now lets you share individual plants and their photos with other collectors (section 9), removing this before storage means your home address cannot leak through a photo you decide to share.

By creating an account you agree to this Privacy Policy. You can withdraw consent at any time by deleting your account.

4. How we store and secure it

  • Network traffic between the app and our servers uses TLS.
  • Data at rest in our database and photo storage is encrypted by our hosting provider.
  • Row-level security policies in the database control who can read each record. By default your plants are visible only to you. When you raise an item's visibility (section 9), these same policies are what let exactly the chosen audience (your followers, or anyone) read it, and no one else. A record set to "private" stays readable only by you. Blocked accounts are filtered out at this layer too.
  • Magic-link tokens are short-lived and single-use.
  • Backups of the database are retained for up to 7 days for disaster recovery and then expire automatically.

No system is perfectly secure. If we become aware of a breach affecting your data, we will let you know without undue delay and explain what happened and what we are doing about it.

5. Who we share it with

Diora uses a small number of third-party processors. We chose each one for security, clear privacy posture, and the ability to delete data on request.

  • Supabase is our backend host. It stores your account, profile, plant records, plant events, photos, avatars, and all social content (follows, visibility settings, pollen offers and replies, messages, blocks). Supabase operates the database, storage, and authentication on our behalf as a data processor.
  • PostHog receives the anonymous analytics events described in section 2. PostHog is configured without session recording and without ad-network attribution. PostHog is hosted in the European Union (EU data residency).
  • Apple and Google handle the Sign in with Apple and Sign in with Google flows when you choose them. They authenticate you and receive only the sign-in interaction itself; they do not receive your plant data or other in-app content.
  • Expo / EAS builds and ships the app to the App Store and Play Store. They do not see your runtime data.
  • Expo Push Service, together with Apple Push Notification service (APNs) on iOS and Firebase Cloud Messaging (FCM) on Android, delivers the push notifications you opt into. They receive your device push token and the notification text and routing information needed to deliver a message to your device, never the content of your records.

We do not currently use a third-party crash-reporting processor (such as Sentry). Diora sends push notifications for activity you opt into (such as new followers, replies, and messages) using the Expo Push Service, which delivers them via Apple Push Notification service (APNs) on iOS and Firebase Cloud Messaging (FCM) on Android. These messages carry only the notification text and routing information, never the content of your records, and you can turn each type off in the app's notification settings.

We do not sell your data. We do not share it with advertisers. We do not use your plant data, notes, photos, messages, or any other content you create to train any machine learning model.

6. Your rights

You can:

  • Access and correct your data. Every record in the app is yours to view and edit at any time.
  • Export your data. Full self-service export (JSON, CSV, and original photos) is scheduled for version 1.5 of the app. In the meantime, email us and we will send you a dump within 30 days.
  • Delete your data. Use Settings, then Delete Account, to remove your account and all associated plant records, plant events, photos, profile, and social content (follows, visibility settings, pollen offers, and your message records: see section 10). If you cannot sign in, email us. Once deletion runs, the data is removed from the live database immediately. Backup copies expire within 7 days, after which no copy of your data remains.
  • Withdraw consent for analytics at any time by deleting your account.

If you live in the EU or UK, you have additional rights under GDPR: to restrict processing, to object, and to lodge a complaint with your local data protection authority. If you live in California, you have rights under the CCPA, including the right to know and the right to delete. We respond to verifiable requests within 30 days.

7. Children's data

Diora is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has used the app, please email us and we will delete the account.

8. International data

Diora is operated from Australia. The processors listed in section 5 may store and process your data in regions including Australia, the European Union, and the United States, depending on the service and the region selected at provisioning time. Our analytics processor, PostHog, is hosted in the European Union. Supabase stores your account and content in the region selected when the backend was provisioned. By using Diora you consent to your data being transferred to and processed in these regions. We take reasonable steps to ensure that any international transfer is protected by appropriate safeguards, including the standard contractual clauses where applicable.

9. Social features and how sharing works

Diora has a social layer ("Grapevine"). It is designed so that nothing is shared with other people unless you choose to share it. Your collection is private by default; you control what becomes visible and to whom. Here is exactly how it works.

Your profile is visible to others. Once you have an account you have a public profile: your display name, your username (@handle), your bio if you write one, and your avatar if you set one. Other collectors can find your profile (for example by searching your username) and see these fields. Your profile does not expose your email address or any plant you have not chosen to share.

Every plant and breeding program has a visibility setting that you control. Each item can be set to one of three levels:

  • Private: visible only to you. This is the default.
  • Followers: visible to you and to accounts that follow you (and that you have not blocked).
  • Public: visible to anyone using Diora.

You set this per item, and you can change it at any time. You can also set a default visibility for new items and bulk-apply a visibility level across your collection. Raising an item to "followers" or "public" is what makes its details and photos (including provenance/source text) readable by that audience. Lowering it back to "private" hides it again.

Following. You can follow other collectors and they can follow you. Following is one-way: following someone does not require their approval and does not make them follow you back. Who you follow and who follows you is used to decide whose content appears in your feed and to activate the "followers" visibility level described above.

Feed. The feed shows activity from accounts you follow and public activity, for example a new plant added, a propagation, or a new breeding program, but only for items whose visibility allows you to see them. Items you have kept private never appear in anyone else's feed.

Pollen offers. You can post a pollen offer to make your pollen available to the community. An offer you post is visible to others and can carry a photo. People can reply to your offer; those replies are attached to that specific offer.

Direct messaging. Diora includes private one-to-one messaging. You can message another collector (for example, to follow up on a pollen offer), and the messages you send and receive are stored so the conversation persists. Messages are delivered to the other participant in the conversation and are not part of your public profile or feed. Blocking prevents messaging between the two accounts.

Blocking. You can block another account. Blocking is symmetric in effect: a blocked account cannot see your followers-only or public content, cannot follow you, and cannot message you, and you stop seeing theirs. By design, blocking is silent: the blocked person is not told they have been blocked.

Provenance / source text. Diora lets you record where each plant came from as free-text source data, which may include another collector's @handle. When you share that plant (followers or public), this text is visible to the audience you shared with, and a mentioned handle can be surfaced as a discovery suggestion. You enter this text yourself and Diora has no way to verify it; we do not vouch for the accuracy of provenance claims. If you believe source text in another user's shared collection misrepresents you, email us.

In short: profiles are public, but your plants, photos, and notes stay private until you raise their visibility, and you can lower it again at any time. We will update this policy before adding a materially new way to share your data.

10. Deleting your social content

When you delete your account (section 6), your profile, follows, visibility settings, pollen offers, and the records of your messages are removed along with the rest of your data. Note that messages you sent to another person, and replies you posted on someone else's pollen offer, may have been seen by their recipient before deletion; deletion removes them from our systems but cannot un-send what another person has already read. If you want a specific piece of shared content taken down sooner, you can lower its visibility to private in the app, or email us.

11. We are not a plant care advice service

Diora records what you tell it about your plants. We do not provide care guides, watering schedules, diagnoses, or species identification. Nothing in the app should be treated as professional horticultural advice. This is a deliberate product choice, not a limitation we plan to fix.

12. Changes to this policy

We may update this policy as the app evolves. The "Last updated" date at the top reflects the most recent change. For material changes (anything that adds a new category of data collection, a new third-party processor, or a new sharing capability), we will surface a notice in the app the next time you open it.

13. How to contact us

For any privacy question, data export request, deletion request, or concern, email beeble.ptyltd@gmail.com. Diora is a small project and replies are best effort, but we will get back to you as soon as we reasonably can.

This policy is written in plain English by intent. If anything in it is unclear, please email us. We will fix the wording.