Privacy Notice

Last updated: May 24, 2026

Yellow to Green ("we", "us") is operated by YELLOWTOGREEN LLC, a Wyoming limited liability company, with mailing address 759 SW Federal Highway, Suite 304, Stuart, FL 34994, United States. We operate the plant diagnosis service at yellowtogreenlab.com. This notice explains what we collect when you use the service, why we collect it, who we share it with, and the choices you have. We do not require accounts, and we do not sell or share your information for advertising.

1. What we collect

The photo you upload

When you submit a photo for diagnosis, we send it to a third-party AI model (OpenAI) to generate the diagnosis text. We store a downsized copy of the photo (longest edge 1024 pixels) for up to 90 days so we can review diagnoses, then it is deleted automatically.

Information attached to the photo (EXIF)

If your photo contains EXIF metadata (most phone photos do, downloads usually do not), we read a small subset:

• The date and time the photo was taken
• The camera or phone make and model
• GPS coordinates — used only to look up a coarse city name; the raw coordinates are discarded and never stored

What we observe from the photo itself

The same AI call that produces your diagnosis also returns descriptive labels about the photo so we can aggregate trends: indoor vs. outdoor, pot vs. in-ground, approximate plant size, presence of other plants in the background, photo quality (sharp / blurry / dim), and dominant light type (natural / warm / cool / fluorescent).

Network and device signals

• Approximate location derived from your IP address: country, state/region, city, time zone, and internet provider
• A one-way salted hash of your IP address. The raw IP is never stored. The hash lets us count repeat visits without identifying you.
• Your browser's user agent (browser name and operating system), language preference, screen size, and the referring page
• Marketing tags in the URL you arrived from (utm_source, utm_medium, utm_campaign)

How you use the diagnosis page

• The time elapsed between opening the page and uploading the photo
• Which recommended product you tap, and when
• How far you scroll on the diagnosis page

2. What we do NOT collect

• Your name, email, phone, or payment information (we have no accounts and no checkout)
• Precise GPS coordinates — we use the EXIF GPS only to look up a city, then discard it
• Face or biometric data — we do not run face detection on photos
• Information from other sites or apps (no third-party advertising or analytics)

3. Why we collect it

• To provide your diagnosis. The photo and basic context are sent to the AI model that generates the result.
• To understand how the service is used. Aggregated patterns help us see which problems are most common, which products are most clicked, where users come from, and how reliable our diagnoses are.
• To improve the product. Reviewing past diagnoses helps us refine the AI prompts and recommendations.
• To prevent abuse. Hashed IPs and session identifiers let us detect spam or denial-of-service patterns without storing your IP.

4. Who we share it with

We use a small number of third-party providers to run the service:

We do not sell or share your data with advertising networks, data brokers, or marketing platforms.

5. How long we keep it

• Diagnosis rows: up to 18 months from the date of the diagnosis, then automatically deleted.
• Photos (downsized): up to 90 days, then automatically deleted.
• Raw IP and raw GPS coordinates: never stored. Used only in real time to derive a city.

6. Cookies and similar technologies

We use exactly two first-party cookies. We use no third-party cookies and no fingerprinting libraries.

7. Your rights (California and other US states)

Residents of California (CCPA/CPRA) and similar states with privacy laws — including Colorado, Connecticut, Virginia, Utah, Oregon, Texas, and others — have these rights:

• Right to know what personal information we collect about you and how it is used.
• Right to delete the personal information we have about you.
• Right to correct inaccurate personal information.
• Right to opt out of "sale or sharing" of personal information. We do not sell or share for advertising — but you can still reject all non-essential data collection in the cookie banner.
• Right to non-discrimination. The service works the same whether you accept or reject. There is no paid tier, no degraded experience.

To exercise any of these rights, email admin@yellowtogreenlab.com with the request and the approximate date(s) you used the service. If you want a specific diagnosis deleted, include the city / device / approximate time so we can locate the row.

8. How to opt out

You can withdraw consent at any time:

• Click Reject in the cookie banner the next time you visit, or
• Clear the ytg_consent cookie in your browser (the banner will reappear), or
• Email admin@yellowtogreenlab.com asking us to delete your data.

When you reject, we do not store any diagnosis rows, photos, identifiers, or behavioural data. Your photo is still sent to the AI model in real time to produce the diagnosis you requested, but no copy is retained on our side.

9. Children

Yellow to Green is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child has used the service, contact us and we will delete the related data.

10. Security

The service runs over HTTPS. Our database (Supabase) and storage are encrypted at rest. Access to the admin secret key is restricted to the operator. We are a small team — we do not promise enterprise-grade security guarantees.

11. Changes to this notice

If we change this notice in a material way, we will update the "Last updated" date above and show a notice in the cookie banner asking you to re-confirm consent. Minor edits (typos, clarifications) may be made without re-prompt.