Privacy Policy

Last updated: 19 May 2026 · Effective: 19 May 2026

This Privacy Policy explains how Hi, Tree (“Hi, Tree”, “we”, “us”, or “our”) collects, uses, shares, and protects information about you when you use the Hi, Tree mobile application (the “App”) and the website at hitree.app (together, the “Services”).

We've tried to keep this readable. If anything is unclear, please reach out using the contact information at the end.

1. Who we are

Hi, Tree is operated by NCOM d.o.o., a limited liability company organised under the laws of the Republic of Slovenia. For the purposes of Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and the Slovenian Personal Data Protection Act, we are the data controller of personal data processed through the Services.

2. Information we collect

2.1 Information you give us

Account information. An anonymous Supabase user identifier is created the first time you launch the App so we can attach your trees and preferences to a stable account. A display name (chosen by you) and an optional email address can be added later from the “Your profile” screen.
User content. When you claim a tree, you may submit photos, the name you give the tree, species information, and free-form field notes. When you use the optional “Tree Chat” feature you also submit the messages you write. This content is yours.
Location of claimed trees. When you pin a tree on the map, you choose a location (typically your current GPS position or a location you select manually).
Communications. If you contact us by email or in-app, we keep that correspondence to respond and maintain a record.

2.2 Information we collect automatically

Device information. Device model, operating system version, language and locale, time zone, and a non-resettable installation identifier we generate.
Push notification registration token. When you opt in to push notifications, your device produces a Firebase Cloud Messaging (FCM) registration token that we store alongside your user identifier so we can deliver notifications to that device (for example, when another user likes a tree you have claimed). The token is rotated by the operating system and is invalidated automatically when you uninstall the App or revoke notification permission.
Diagnostic and crash data. Anonymous error reports and performance traces that help us fix bugs.
Product analytics. Events about how you use the App (for example, a tree was claimed, the map was opened, a chat message was sent) are sent to our analytics provider PostHog. Events are linked to your Hi, Tree user identifier so we can group them into a single user view; some events include the text content you entered (see Section 6 for the specific cases). We do not sell this data and do not share it with advertising networks.
Approximate location. Derived from your IP address solely for security and abuse-prevention purposes; not used to infer your home or work location.
Advertising and attribution identifiers (only with your consent). If you grant the optional iOS App Tracking Transparency permission, your device's advertising identifier (Apple's IDFA) is shared with Meta so we can measure which marketing campaigns brought naturalists to Hi, Tree and attribute installs. If you decline, no identifier is shared and Meta receives only aggregate, non-identifying signals. You can withdraw consent at any time in iOS Settings → Privacy & Security → Tracking → Hi, Tree.

2.3 Permissions we request

The App asks for the following iOS permissions only when needed:

Camera — to photograph the tree you are claiming.
Photo library — to attach an existing photo to a claim.
Location (when in use) — to drop the pin for a tree you are claiming. We never access location in the background.
Notifications — only after you opt in. Used to tell you when another user likes a tree you've claimed, when someone adds a photo to one of your trees, and for occasional service announcements. Delivered through Apple Push Notification Service (APNs) on iOS and Firebase Cloud Messaging on Android.
App Tracking — only after you opt in via Apple's App Tracking Transparency prompt, used to share an anonymous advertising identifier with Meta for campaign attribution and measurement. Declining does not affect any in-app feature.

Granting any permission is optional. If you decline, certain features will be limited, but the rest of the App will still work.

3. How we use the information

We use the information we collect to:

operate, maintain, and provide the Services and the features you ask for (claiming trees, viewing your collection, browsing the community map);
identify tree species using third-party AI models (see Section 5);
secure the Services against abuse, fraud, and unauthorized access;
fix bugs and improve performance;
communicate with you about important account or service changes;
comply with legal obligations.

We do not sell your personal information. We do not show third-party advertising inside the Services. With your consent (via the iOS App Tracking Transparency prompt), we share an anonymous advertising identifier and standard app events with Meta to attribute installs from our marketing campaigns and to measure their effectiveness — see Section 5 for detail. If you decline App Tracking Transparency, no advertising identifier is shared.

4. Legal bases for processing (EEA / UK users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 GDPR:

Performance of a contract — to deliver the Services you sign up for.
Legitimate interests — to keep the Services secure, prevent abuse, and improve them, where those interests are not overridden by your rights.
Consent — for optional features such as push notifications, where we ask you first and you can withdraw consent at any time.
Legal obligation — where the law requires us to retain or disclose information.

We share information only in these situations:

Service providers (data processors). Companies that host our infrastructure, store backups, send transactional email, run analytics, deliver push notifications, and provide AI inference on our behalf — for example, Apple (App Store, Sign in with Apple, APNs push notifications), Vercel (web hosting), Supabase (database, authentication, edge functions), Google (Gemini AI models for species identification, Tree Chat, photo comparison, and content moderation; Firebase Cloud Messaging for push delivery), PostHog (product analytics, including the message content described in Section 6), and Meta (mobile advertising attribution and campaign measurement, only when you grant the iOS App Tracking Transparency permission). They are bound by written agreements and may only use the data to provide services to us.
Advertising and conversion measurement. With your consent (via the iOS App Tracking Transparency prompt), we share an anonymous advertising identifier and standard app events — such as app launches, tree-claim completions, and shares — with Meta to attribute installs from our ad campaigns and to optimise future campaigns. Meta is bound by their Business Tools Terms and may not use this data for cross-app profiling or to identify you personally without your separate consent. You can withdraw this consent at any time in iOS Settings → Privacy & Security → Tracking → Hi, Tree.
Public claims. When you publish a claim, your display name, the tree's name, species, your notes, and the pin location you chose become visible to other Hi, Tree users. You decide where the pin sits — please choose a location you're comfortable sharing publicly. We do not move or alter the pin after you place it.
Legal compliance. We may disclose information when required by law, valid legal process, or to protect rights, safety, or the integrity of the Services.
Business transfers. If Hi, Tree is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction. We will give notice before your information becomes subject to a different privacy policy.

6. AI-powered features

Hi, Tree uses third-party AI models — currently Google's Gemini family of models, accessed via the Google AI API — to power four features:

Species identification. When you take a photo of a tree, the image and a short instruction prompt are sent to Gemini, which returns a likely species, common name, age estimate, description, and a short fun fact. No personal information is attached to the image.
Tree Chat. When you tap “Chat with this tree,” the tree's metadata (name, species, location name, description) and your chat history with that tree are sent to Gemini, which returns a reply written in the tree's voice. The full conversation (the messages you write and the AI replies) is also stored in our analytics provider PostHog, linked to your Hi, Tree user identifier, so we can understand how people use the feature and improve the prompts. Tree Chat is optional — if you never tap “Chat with this tree,” no chat content is ever recorded.
Photo comparison. When you save a tree near a tree another user has already claimed, your new photo and the existing photo are sent to Gemini so it can decide whether the two photos depict the same individual tree (used to avoid duplicate claims).
Content moderation. Before a tree name or notes you write is saved, the text is sent to Gemini for an automated check against our community guidelines (no profanity, slurs, sexual or political content, etc.). If the text is rejected, you see an on-screen message explaining the rejection and the entry is not saved to our database.

For all four uses:

we use Google's API under terms that prohibit Google from using your data to train their models;
we do not send your account email, IP address, or location to Gemini;
AI outputs are best-effort and may be inaccurate. Don't rely on them for any safety-critical decision (foraging, allergen identification, ecology, navigation, etc.). Moderation may produce occasional false positives — if you believe content was rejected unfairly, contact us at the address in Section 13.

7. Data retention

We keep your information only as long as we need it:

Account and user content — for as long as your account is active. If you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to retain it (e.g., for tax, fraud, or legal-obligation reasons).
Diagnostic and crash data — up to 90 days.
Server access logs — up to 30 days, then aggregated.

You can delete your account at any time from Settings → Account → Delete account in the App, or by emailing us (see Section 12).

8. Your rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you;
Rectify information that is inaccurate;
Delete your information (the “right to be forgotten”);
Restrict or object to certain processing;
Data portability — receive your data in a machine-readable format. You can also export your trees, photos, and notes from Settings → Export my data in the App;
Withdraw consent at any time, where we rely on consent;
Lodge a complaint with your local data-protection authority. Slovenian residents can contact the Information Commissioner of Slovenia (Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, www.ip-rs.si). EU/EEA residents elsewhere can contact their national supervisory authority; UK residents can contact the Information Commissioner's Office.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to deletion, and the right not to be discriminated against for exercising those rights. We do not “sell” or “share” personal information as those terms are defined under CCPA.

To exercise any of these rights, contact us using the details in Section 12. We respond within 30 days.

9. Children's privacy

Hi, Tree is not directed to children under 13 (or under 16 in jurisdictions that require a higher age of consent for online services), and we do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We use industry-standard safeguards — encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular reviews — to protect your information. No system is perfectly secure; if you discover a vulnerability, please report it responsibly to the contact in Section 12.

11. International data transfers

Your information may be stored and processed in countries other than the one where you live, including the United States. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the App and update the “Last updated” date at the top. Your continued use of the Services after the change indicates acceptance of the updated Policy.

13. Contact us

If you have questions about this Policy or wish to exercise your rights, please contact us at privacy@hitree.app.

This document is provided as a starting point and reflects common practice for consumer mobile apps as of mid-2026. It is not a substitute for advice from a qualified attorney. Please review it carefully — especially the bracketed placeholders — and have a lawyer adapt it to your specific entity, jurisdiction, and feature set before publishing on the App Store.