Welcome to the Herbids website (hereinafter referred to as "this website" or "we"), accessible at https://www.herbids.com. We deeply understand that your privacy is very important to you, so we have formulated this privacy policy to explain to you how we collect, use, store, share, and protect the personal information you provide to us when using our plant identification, health diagnosis, and care advice services (hereinafter referred to as "this service"). Please carefully read and fully understand all contents of this privacy policy before using this service. Once you use this service, it means you agree to all terms of this privacy policy. If you do not agree with any content of this privacy policy, please do not use this service. This privacy policy applies to all services provided by this website, as well as other websites and services accessed through this website, regardless of whether these services are directly operated or provided by us.
We divide the information we collect into information you actively provide and information we automatically collect, as follows:
Registration Information: When you register to become our user, you may need to provide information such as your name, email address (such as [email protected]), mobile phone number, etc., so that we can create an account for you and provide personalized services.
Plant Identification and Care Related Information: When using plant identification, health diagnosis, and care advice services, you may upload photos of plants, describe plant characteristics, growth environment information, etc. This information will be used to accurately identify plants and provide professional care advice. For example, you may describe the shape and color of plant leaves, whether there are flowers and their colors, as well as environmental conditions such as light and humidity where the plant is located.
Feedback and Consultation Information: If you submit feedback, consultation questions, or seek help to us, we will collect the relevant content you provide, including but not limited to your name, contact information, specific problem descriptions and suggestions, etc., so that we can respond to you in a timely manner and solve your problems.
Device Information: When you use this website, we will automatically collect information about the device you use, such as device model, operating system version, browser type and version, screen resolution, device unique identifiers (such as IMEI, MAC address, etc., but we will try our best to anonymize or de-identify them). This information helps us optimize the display and performance of the website on different devices and provide you with a better user experience.
Log Information: Our servers will automatically record log information generated during your use of the website, including your access time, visited pages, IP address, click behavior, dwell time, etc. This log information is used to analyze website usage, improve website functions and services, and troubleshoot technical problems.
Location Information: If you have enabled device location services and agreed to us obtaining location information, we may collect your general geographical location information to provide you with plant care advice that is more suitable for the local environment. For example, different regions have different climates and soil conditions, so care advice will also vary.
We will use the collected information to realize the core service functions of this website, as follows:
Plant Identification: Using the plant photos and related description information you upload, through our identification algorithms and database, we identify the plant species and accurately inform you of the plant's name, family, and other basic information.
Health Diagnosis: Based on the plant growth condition descriptions, photo details, and growth environment information you provide, we comprehensively analyze and determine whether the plant has health problems, such as pests and diseases, malnutrition, etc., and give corresponding diagnosis results.
Care Advice: Combining information such as plant species, growth environment, and health status, we provide targeted care advice for you, including watering frequency, fertilization methods, light and temperature requirements, pest and disease prevention measures, etc., to help you better care for plants. For example, if we identify that the plant is a shade-loving plant and you are in an area with strong light, we will suggest you take appropriate shading measures.
Analyzing Usage Habits: We will analyze the collected device information, log information, and location information to understand user usage habits, such as pages users frequently visit, time and frequency of using services, preferred plant types for identification, etc.
Website Optimization: Based on the above analysis results, we can optimize the website's page layout, function settings, and operation processes to make them more consistent with user usage habits and needs, and improve user experience. For example, if we find that most users feel confused about the image upload step when using the plant identification function, we will simplify this step or provide clearer prompts.
Providing Personalized Content and Services: Based on your usage history and preferences, we provide you with personalized plant knowledge push, care reminders, and related product recommendations. For example, if you frequently query succulent plant care information, we will push you succulent plant propagation techniques, new variety introductions, etc., as well as fertilizer and flower pot recommendations suitable for succulent plants.
Ensuring Website Security: The collected information is used to ensure the safe and stable operation of the website, prevent various security risks, such as malicious attacks, online fraud, data leakage, etc. For example, by analyzing log information and device information, we can timely discover abnormal access behaviors and take corresponding protective measures.
Risk Prevention: Using the collected information for risk assessment and monitoring to prevent behaviors that may cause damage to users or us. For example, by identifying abnormal login locations and frequencies, we prevent account theft.
Complying with Legal and Regulatory Requirements: We will use the collected information in accordance with applicable legal and regulatory requirements to ensure that our information processing activities are legal and compliant. When necessary, we may provide your information to relevant regulatory agencies or law enforcement departments in accordance with legal and regulatory requirements.
We will store the collected information on servers located in [specific storage location, such as domestic data centers]. These servers have adopted strict physical security measures, including access control, monitoring systems, etc., to prevent unauthorized physical access. At the same time, we also use encryption technology to encrypt and store sensitive information stored on servers to ensure data security during storage.
We only retain your personal information for the period necessary to achieve the purposes described in this privacy policy. For example, for your registration information, we will retain it during your use of this service and for [X] years after you cancel your account, so that we can quickly restore your account information when you use the service again. For plant identification and care related information, we retain it for [X] months after service completion for subsequent data analysis and service improvement.
For log information, we usually retain it for [X] months for analyzing website usage and troubleshooting technical problems. However, if we need to comply with legal and regulatory requirements or resolve disputes, we may extend the retention period.
When your personal information exceeds the above storage period, we will delete or anonymize it so that it cannot be identified to specific individuals. For example, we will delete your name, contact information, etc., and only retain statistical data that has been anonymized, so that we can continue data analysis and service optimization.
Sharing After Obtaining Consent: We will only share your personal information with third parties after obtaining your explicit written consent or authorization. For example, when you participate in specific plant care activities jointly held by us and partners, we may share part of your registration information (such as name, contact information) with partners after obtaining your consent according to activity rules and requirements, so that they can provide you with activity-related services and support.
Sharing Based on Legal Circumstances: When required by law, needed for litigation resolution, or when government departments legally request it, we may share your personal information externally in accordance with legal and regulatory provisions. For example, when judicial organs legally require us to provide user information related to cases, we will cooperate legally. However, we will confirm the legality and necessity of relevant legal procedures before sharing and try to ensure that the scope of shared information is minimized.
Sharing with Service Providers: To provide you with more complete and high-quality services, we may share your information with service providers who support our business. These service providers will only use your information for specific service purposes and are bound by strict confidentiality agreements. For example, we may share your device information and log information with third-party institutions responsible for website technical maintenance and data analysis, so that they can help us optimize website performance and analyze user behavior. However, these service providers cannot use your information for any other purpose.
Transfer After Obtaining Consent: We will not transfer your personal information to any third party unless we obtain your explicit written consent in advance. When transferring after obtaining your consent, we will ensure that the transferee complies with privacy protection standards as strict as ours to protect your personal information security. For example, if we conduct business mergers, acquisitions, or asset transfers that may involve personal information transfer, we will obtain your consent before the transaction and require the transferee to continue fulfilling the obligations to protect your personal information stipulated in this privacy policy.
Transfer Based on Legal Requirements: In cases required by applicable laws and regulations, legal procedures, or mandatory administrative or judicial requirements, we may transfer your personal information. However, we will confirm the legality and necessity of relevant legal procedures before transfer and try to ensure that the scope of transferred information is minimized. At the same time, we will timely notify you of relevant transfer situations, unless the law prohibits or restricts us from doing so.
Public Disclosure After Obtaining Consent: We will only publicly disclose your personal information after obtaining your explicit written consent or based on your active choice. For example, if you actively share your plant care experience and related information in the website's public forum or community, we will display your voluntarily public content in the corresponding public area according to your settings and operations.
Public Disclosure Based on Law or Protection Purposes: If we determine that you have violated laws and regulations or seriously violated relevant agreement rules of this website, or to protect the personal and property safety of this website, other users, or the public from harm, we may publicly disclose your personal information in accordance with laws and regulations or relevant agreement rules of this website, including related violations and measures we have taken against you. For example, if you publish illegal or harmful content on the website, we may publicly disclose part of your information (such as username, violation content, etc.) to warn other users and maintain the normal order of the website. However, we will carefully evaluate the severity and necessity of relevant situations before public disclosure to ensure that the scope and method of public disclosure are reasonable and legal.
You have the right to access the personal information you provide to us during your use of this service. You can view your registration information, plant identification and care related records, etc., by logging into your account and going to the account settings or personal profile page. If you cannot access your personal information through the above methods, or if you need to obtain other personal information not displayed on the account page, you can contact us at any time by sending an email to [email protected]. We will reply to you within [X] working days after receiving your request and assist you in completing information access. However, in some cases, according to legal and regulatory requirements, we may not be able to meet your access request, such as involving trade secrets, personal sensitive information that cannot be anonymized, etc. In such cases, we will explain the specific reasons to you.
If you find that the personal information we collect, store, and use about you is incorrect, inaccurate, or incomplete, you have the right to request us to make corrections. You can directly modify it on the relevant information display page by logging into your account. For information that cannot be modified by yourself through the account, you can submit a correction application to us by sending an email to [email protected]. In the application, please detail the information content that needs to be corrected, the information you think is correct, and relevant supporting materials. We will verify and process it within [X] working days after receiving your correction application and inform you of the processing results. If we need you to supplement more information or materials to complete the correction, we will communicate with you in a timely manner.
In the following circumstances, you have the right to request us to delete your personal information:
Our processing of personal information violates legal and regulatory provisions. For example, if we collect and use your personal information without your consent, you have the right to request deletion.
We collect and use your personal information beyond the scope related to and necessary for the purpose of collection and use. For example, we originally collected your mobile phone number for notifications of plant identification services, but used it for other commercial promotion activities without your consent. You can request deletion of this mobile phone number information.
You withdraw your consent to our use of your personal information, and we have no other legal reason to continue processing your personal information.
Our service has been terminated or you have cancelled your account.
If you meet the above deletion conditions and wish to delete your personal information, you can submit a deletion request to us by sending an email to [email protected]. In the request, please clearly state the personal information that needs to be deleted and relevant account information. We will process it within [X] working days after receiving your deletion request and inform you of the processing results. However, it should be noted that in some cases, even if you submit a deletion request, we may still need to retain part of the information according to legal and regulatory requirements, such as to comply with tax, audit, and other legal and regulatory provisions. In such cases, we will explain to you the information content and reasons that need to be retained.
You have the right to withdraw your consent to our collection and use of your personal information at any time. You can express your intention to withdraw consent to us by modifying your privacy settings on the website, sending an email to [email protected], or through other methods we provide. After you withdraw consent, we will no longer collect and use your personal information based on the purposes you previously agreed to. However, please note that withdrawing consent may affect your user experience of this service and the normal use of some functions. For example, if you withdraw your consent to us obtaining your location information, we may not be able to provide you with location-based plant care advice. At the same time, your act of withdrawing consent will not affect the legality of our personal information processing activities based on your consent before you withdrew consent.
If you no longer wish to use this service, you have the right to cancel your account. You can complete the cancellation operation by logging into your account and finding the "Cancel Account" option in account settings or help center, following the steps prompted by the system. If you encounter problems during the cancellation process, you can contact us at any time by sending an email to [email protected]. After you cancel your account, we will stop providing services to you and delete or anonymize your personal information, except as otherwise provided by laws and regulations or required by regulatory departments. For example, according to tax, audit, and other legal and regulatory requirements, we may need to retain part of your transaction records and related information for a certain period. At the same time, after you cancel your account, you will not be able to recover your account and related information. Please operate carefully.
Data Encryption: We use encryption protocols such as SSL/TLS to encrypt sensitive information transmitted during your use of this service to prevent data from being stolen or tampered with during transmission. For example, when you upload plant photos or submit personal information, this data will be encrypted during network transmission. At the same time, for sensitive data stored on our servers, such as your registration password, personal privacy information related to plant identification and care, etc., we also use encryption algorithms (such as AES) for encrypted storage to ensure data security during storage.
Access Control: We have established strict access control mechanisms, setting different access permissions for employees in different positions to ensure that only authorized personnel can access and process your personal information. For example, personnel responsible for plant identification algorithm development can only access plant data related to algorithm training and optimization, but cannot access your registration information and contact information. At the same time, we regularly review employee access permissions, timely revoke permissions that are no longer needed, and prevent permission abuse.
Firewall and Intrusion Detection: We have deployed enterprise-level firewalls, configured rules according to business needs and security policies to filter and block unauthorized access and malicious traffic. At the same time, we have installed intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor website network traffic in real-time, timely discover and respond to abnormal behaviors and attack attempts. For example, when detecting a large number of abnormal login requests or malicious scanning behaviors against servers, IDS will timely issue alarms, and IPS will automatically take measures to intercept and defend.
Vulnerability Management: We regularly use professional vulnerability scanning tools to scan the website's systems and applications for security vulnerabilities, timely discover and repair potential security vulnerabilities. At the same time, we pay attention to security patches released by software suppliers, timely update software, plugins, and systems used by the website to ensure system security. For example, once we discover that an open-source framework used by the website has security vulnerabilities, we will immediately assess the risk level of the vulnerability and take measures to repair it in the first time, such as updating the framework version, applying security patches, etc.
Security Training: We regularly organize employees to participate in information security training to improve employees' security awareness and skills, so that they understand common network attack methods and prevention measures. Through simulated attack drills and other methods, we enhance employees' ability to respond to security incidents. For example, we will invite professional security experts to train employees, explain cases of data leakage and prevention methods, and how to comply with information security norms in daily work.
Security System: We have established a complete information security management system, clarifying the responsibilities and permissions of various departments and personnel in information security management, and standardizing the operation processes of various links such as information collection, use, storage, sharing, and protection. For example, it stipulates that when collecting user information, the principle of minimum necessity must be followed, and when sharing user information, users' explicit consent must be obtained and strict confidentiality agreements must be signed. At the same time, corresponding punishment measures have been formulated for behaviors that violate the information security system to ensure effective implementation of the system.
Emergency Response: We have formulated detailed emergency response plans, clarifying the handling processes and responsibility allocation when security incidents occur. Once a security incident occurs, we will immediately activate the emergency response mechanism, take measures such as isolation, shutdown, data backup, etc., to prevent further spread and harm of the incident. At the same time, we will timely notify affected users and report to relevant regulatory departments. For example, if a data leakage incident occurs, we will immediately stop processing related data, backup affected data, investigate the cause of leakage, and notify potentially affected users within the specified time, informing them of the data leakage situation and remedial measures we have taken. We also regularly conduct drills on emergency response plans to ensure that the team can respond quickly and effectively when security incidents actually occur.
Reporting and Notification: If we discover or learn that a security incident involving your personal information has occurred, we will timely notify you of the relevant situation, including the basic situation of the security incident, possible impact, measures we have taken or will take, etc. Notification methods include but are not limited to publishing announcements on the website, sending emails, push notifications, etc. The specific method will be determined according to the nature and impact scope of the security incident. For example, if a data leakage incident occurs, we will notify you through the above methods within [X] hours of discovery. At the same time, we will also timely report the security incident situation to relevant regulatory departments according to legal and regulatory requirements.
Investigation and Handling: After a security incident occurs, we will immediately organize professional personnel to investigate the incident, analyze the cause, impact scope, and possible consequences of the incident. Based on the investigation results, we will take corresponding measures for handling, including but not limited to repairing vulnerabilities, strengthening security protection measures, investigating the responsibility of relevant personnel, etc. For example, if it is found that data leakage is caused by a certain employee's violation of regulations, we will seriously deal with the employee and review and improve related security processes and systems. At the same time, we will actively assist you in taking necessary measures to reduce the losses caused by security incidents to you. If you suffer losses due to security incidents and the losses are caused by our fault, we will bear corresponding compensation responsibility according to law.
Information Collection: We attach great importance to the protection of minors' personal information. This website will not actively collect personal information of minors under 14 years old. If we discover that we have collected personal information of minors under 14 years old, we will immediately delete the relevant information. For minors who are 14 years old or older but under 18 years old, we only collect personal information related to and necessary for this service after obtaining explicit consent or authorization from their guardians.
Use and Protection: When using minors' personal information, we will strictly follow legal and regulatory provisions to ensure the security of their personal information. We will take security measures such as encryption and access control to prevent minors' personal information from being leaked, tampered with, or misused. At the same time, we will limit internal employees' access permissions to minors' personal information, and only authorized personnel can access and process relevant information.
Guardian Rights: If you are a guardian of a minor, you have the right to access, correct, and delete your child's personal information, and you also have the right to withdraw your consent to our use of your child's personal information. If you have any questions or concerns about our handling of your child's personal information, you can contact us at any time by sending an email to [email protected]. We will reply to you within [X] working days after receiving your request and assist you in solving problems.
Third-Party Links: This website may contain links to third-party websites or services. These third-party websites or services have their own independent privacy policies. When you click these links, you will leave this website and enter third-party websites or services. We recommend that you carefully read their privacy policies before accessing third-party websites or using third-party services to understand how they collect, use, store, and share your information. We do not assume any responsibility for the content, privacy policies, operational behaviors of third-party websites or services, and your experience on third-party websites.
Third-Party Service Providers: To provide you with more complete services, we may use technologies and services provided by third-party service providers, such as cloud computing services, data analysis tools, payment processing services, etc. When using these third-party service providers' services, we will ensure that they comply with strict confidentiality agreements and data protection regulations, and can only use your personal information within the scope we explicitly authorize. However, we cannot control the behavior of third-party service providers, and we do not assume responsibility for their leakage of your personal information or other damages caused by violating relevant agreements or laws and regulations. If you have any questions or concerns about third-party service providers' privacy policies or data processing behaviors, we recommend that you contact the third party directly.
Change Circumstances: We may revise this privacy policy from time to time based on business development, changes in laws and regulations, or other reasonable reasons. For example, when the country introduces new personal information protection related laws and regulations, or when our service content and business model undergo major changes, we will make corresponding adjustments to the privacy policy.
Notification Methods: If we make major changes to this privacy policy, we will publish prominent notices on this website to remind you of policy changes. Notices may be displayed in prominent positions on the website homepage for a certain period, or sent to you through internal messages, emails, etc. For major changes, we will also give you sufficient time to understand and consider before the policy changes take effect. Major changes include but are not limited to: major changes in our service model, such as major changes in the purpose of processing personal information, types of personal information processed, ways of using personal information, etc.; major changes in our ownership structure, organizational structure, etc., such as business adjustments, bankruptcy mergers and acquisitions, etc., causing changes in personal information processors.
Continued Use Deemed as Agreement: After privacy policy changes, if you continue to use this website's services, it means you have read, understood, and agreed to be bound by the changed privacy policy. If you do not agree with the changed privacy policy, you have the right to stop using our services and can handle your account and personal information according to relevant provisions such as account cancellation in this privacy policy.
If you have any questions, opinions, or suggestions about this privacy policy or our information processing activities, or if you need to exercise your relevant rights, please contact us through the following methods:
Effective Date: October 24, 2025