Froot Privacy Policy

This is a product draft for legal review. It should be reviewed by qualified Israeli counsel before public launch.

1. What Froot collects

Account data such as phone number, email address, display name, city, language preference, role, and verification status.
Tree report data such as fruit type, ripeness, location, photos, notes, public-access declaration version, declaration text, declaration language, timestamps, and moderation status.
Community safety data such as confirmations, issue reports, feedback, audit logs, rate-limit events, and security logs.
Technical data such as IP address, browser, device type, session identifiers, request IDs, hashed request evidence, and diagnostic events needed to operate and secure the service.

To let users sign in, verify phone ownership, recover accounts, and protect against abuse.
To publish and review public tree reports, show nearby trees, and keep the map accurate and legally responsible.
To investigate inaccurate reports, private-property concerns, abuse, security incidents, and operational failures.
To understand beta usage at an aggregate level without turning RavenDB into a long-term analytics warehouse.

Tree reports may include exact coordinates and photos. Users must only submit locations they believe are public or legally available for public picking.
Photos should avoid faces, house numbers, license plates, private interiors, and anything that exposes people or private property unnecessarily.
Froot keeps legal-declaration records linked to the submitting account and tree report so reports can be reviewed if a dispute, safety issue, or private-property concern appears.
For tree-report audits, Froot may store minimized phone-verification evidence such as a masked phone number, a non-reversible phone hash, the verification timestamp, request ID, hashed IP evidence, and hashed browser evidence.

Froot may use AWS SMS services to send one-time codes for login, account creation, phone verification, and password reset.
SMS providers may process the destination phone number and delivery metadata needed to deliver the message.
The full phone number is stored on the account profile while needed for login, recovery, abuse prevention, and legal compliance. Legal acceptance records avoid duplicating the full phone number where practical.

Public tree reports, photos, access notes, confidence signals, and update timestamps may be visible to other users.
Private account data is not sold. It may be shared with infrastructure, SMS, security, logging, and hosting providers only as needed to run Froot.
Froot should delete, anonymize, or restrict data when it is no longer needed for service, safety, legal, or abuse-prevention purposes. Legal-declaration evidence may be retained longer when needed to defend or resolve disputes.

Froot uses necessary first-party cookies for authentication and private beta access.
Froot uses local browser storage for language, accessibility preferences, splash-screen state, location prompt state, and a first-party anonymous analytics session identifier.
Beta analytics are intentionally limited to product events needed to improve login, search, reporting, verification, and feedback. Froot does not use advertising pixels or third-party marketing cookies during beta.
Users can opt out of beta analytics in Settings. Necessary authentication and beta-access cookies cannot be disabled without breaking the app.

Users can request access, correction, deletion, or restriction of their personal data, subject to legal and safety exceptions.
Until a formal privacy contact is published, beta testers should use the in-app feedback flow or contact the Froot operator directly.