Privacy Policy

1. Introduction

Urban Permascapes LLC ("Company," "we," "us," or "our") operates Flora API ("Service"), a plant species database API accessible at floraapi.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using Flora API, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Email address (required for registration and authentication)
• Company name (optional)

Payment Information:

When you subscribe to a paid tier, payment information is collected and processed by Stripe, our third-party payment processor. We do not directly store your credit card information on our servers.

2.2 Automatically Collected Information

API Usage Data:

• API endpoint accessed
• HTTP method used
• Response status codes
• Response time
• Timestamp of request
• API key used (for authentication and rate limiting)

Technical Information:

• IP address
• Browser type and version (for web dashboard access)
• Device information
• Operating system

Cookies and Similar Technologies:

We use session cookies to maintain your login state when accessing the web dashboard. These cookies are essential for the Service to function properly.

2.3 Information We Do Not Collect

We do not collect:

• Physical addresses
• Phone numbers
• Social media profiles
• Demographic information
• User-generated content (users do not create content on our platform)
• Location data beyond IP-based geolocation

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Create and manage your account
• Authenticate your identity via magic link emails
• Generate and validate API keys
• Process API requests
• Enforce rate limits based on subscription tier

3.2 Payment Processing

• Process subscription payments through Stripe
• Manage subscription status and billing cycles
• Handle refund requests

3.3 Communications

• Send magic link authentication emails
• Send welcome emails upon registration
• Notify you of subscription changes or payment issues
• Respond to your inquiries and support requests
• Send important service announcements

3.4 Analytics and Improvement

• Monitor API usage patterns and performance
• Identify and fix technical issues
• Improve Service features and functionality
• Detect and prevent abuse or fraudulent activity

3.5 Legal Compliance

• Comply with applicable laws and regulations
• Enforce our Terms of Service
• Protect our rights and property

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with the following third-party service providers who assist in operating our Service:

Stripe (Payment Processing):

• Purpose: Process subscription payments and manage billing
• Data Shared: Email address, payment information, subscription details
• Location: United States
• Privacy Policy: https://stripe.com/privacy

Resend (Email Delivery):

• Purpose: Send transactional emails including magic links and service notifications
• Data Shared: Email address, email content
• Location: United States
• Privacy Policy: https://resend.com/legal/privacy-policy

Supabase (Database Hosting):

• Purpose: Host and manage our database infrastructure
• Data Shared: Account information, API usage data
• Location: United States (AWS US-East-1)
• Privacy Policy: https://supabase.com/privacy

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, warrant)
• Requests from law enforcement or government agencies
• Protection of our rights, property, or safety
• Protection of the rights, property, or safety of our users or the public

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email of any such change in ownership or control of your personal information.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

5.1 Account Data

We retain your account information for as long as your account is active or as needed to provide you with the Service.

5.2 API Usage Logs

API usage logs are retained for 90 days for analytics and troubleshooting purposes, after which they are automatically deleted.

5.3 Payment Records

Payment records are retained for 7 years to comply with financial record-keeping requirements.

5.4 Deletion Upon Account Termination

When you terminate your account, we will delete your personal information within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes.

6. Data Security

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• API key-based authentication
• Regular security assessments
• Access controls limiting employee access to personal data
• Secure database infrastructure through Supabase

6.2 API Key Security

Your API key is a sensitive credential that provides access to your account. You are responsible for keeping your API key secure and confidential. We recommend:

• Never sharing your API key publicly
• Storing API keys securely using environment variables or secret management systems
• Rotating API keys regularly
• Immediately notifying us if your API key is compromised

6.3 No Absolute Security

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights and Choices

7.1 Access and Correction

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Update your account information through the web dashboard

To exercise these rights, contact us at info@floraapi.com.

7.2 Data Portability

You may request a copy of your personal information in a structured, commonly used, and machine-readable format by contacting us at info@floraapi.com.

7.3 Deletion

You may request deletion of your personal information by:

• Terminating your account through the web dashboard
• Contacting us at info@floraapi.com

Please note that we may retain certain information as required by law or for legitimate business purposes.

7.4 Marketing Communications

You may opt out of receiving marketing communications from us at any time by:

• Following the unsubscribe link in our emails
• Contacting us at info@floraapi.com

Note: You cannot opt out of transactional emails necessary for the Service (magic links, payment confirmations, security alerts).

7.5 Cookies

You can manage cookie preferences through your browser settings. However, disabling cookies may affect the functionality of the web dashboard.

8. International Data Transfers

Flora API is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

The United States may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to the United States.

9. Children's Privacy

Flora API does not have an age restriction. However, we do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at info@floraapi.com, and we will delete such information.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

10.1 Right to Know

You have the right to know what personal information we collect, use, and disclose.

10.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

10.3 Right to Opt-Out

We do not sell your personal information. If our practices change, we will update this policy and provide you with an opt-out mechanism.

10.4 Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your privacy rights.

10.5 Exercising Your Rights

To exercise these rights, contact us at info@floraapi.com. We will respond to your request within 45 days.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

11.1 Legal Basis for Processing

We process your personal information based on:

• Contractual Necessity: To provide the Service you requested
• Legitimate Interest: To improve our Service and prevent fraud
• Legal Obligation: To comply with applicable laws
• Consent: Where you have provided explicit consent

11.2 Your GDPR Rights

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

11.3 Data Protection Officer

For GDPR-related inquiries, contact us at info@floraapi.com.

11.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Sending an email to the address associated with your account
• Displaying a notice on the Service

12.2 Effective Date

The "Last Updated" date at the top of this policy indicates when the policy was last revised. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

12.3 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Urban Permascapes LLC
Email: info@floraapi.com
Website: https://floraapi.com

For privacy-specific inquiries, please include "Privacy Policy" in the subject line.

15. Data Processing Addendum

For Enterprise customers who require a Data Processing Addendum (DPA) for GDPR or other compliance purposes, please contact us at info@floraapi.com to request our standard DPA.

Summary of Key Points:

• What We Collect: Email address, optional company name, API usage data, payment info (via Stripe)
• How We Use It: Service delivery, payment processing, communications, analytics
• Who We Share With: Stripe (payments), Resend (email), Supabase (database)
• Your Rights: Access, correction, deletion, data portability
• Security: Encryption, access controls, API key protection
• Retention: Active accounts + 30 days after termination; usage logs for 90 days
• Contact: info@floraapi.com