Privacy Statement

PRIVACY POLICY


Effective Date: 1 January 2026
Entity: Horti Minds Pte. Ltd., 160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914 (“Horti Minds”, “we”, “us”).


This Privacy Policy explains how we collect, use, disclose and protect Personal Data when you use the Open Plant Data platform and related services (the “Service”). It is drafted to comply with the Personal Data Protection Act 2012 of Singapore (PDPA) and applies to all users of the Service worldwide.


1. Definitions

1.1 “Personal Data” means data about an individual who can be identified from that data, or from that data and other information to which we have access.

1.2 “Client” or “you” means the business customer or individual using the Service.

1.3 “Generated Content” means images and other outputs generated through the Service.


2. Categories of Personal Data We Collect

We may collect and process the following categories of Personal Data:

2.1 Account Data: name, business name, email address, billing details, login credentials.

2.2 Usage and Technical Data: IP address, browser type, device identifiers, log files, timestamps, and basic interaction data with the Service.

2.3 Input and Output Data: configuration settings, query parameters and other input fields you submit when using the Service, as well as the images and other outputs generated for you by the Service.

2.4 Support and Communication Data: contents of support requests, feedback, and correspondence with us.

2.5 Payment Data: limited payment information (e.g. transaction IDs) via our payment processors.


3. How We Collect Personal Data

We collect Personal Data:

3.1 directly from you (for example when you create an account, use the Service or contact support);

3.2 automatically through your use of the Service (cookies, logs, analytics);

3.3 from third-party service providers (for example payment processors or hosting providers) where this is necessary to provide the Service.


4. Purposes and Legal Basis for Processing

We use your Personal Data for the following purposes:

4.1 Provision of the Service
To create and manage your account, generate images, maintain and improve the Service, provide customer support, and personalize your experience.

4.2 Payments and Billing
To process subscription payments, issue invoices, and manage accounting and audit obligations.

4.3 Security and Abuse Prevention
To detect misuse (e.g. unlawful or abusive inputs or configurations), secure our systems, and enforce our Terms and Conditions.

4.4 Analytics and Service Improvement
To analyze usage patterns in aggregated or pseudonymized form in order to improve performance and user experience.

4.5 Legal and Regulatory Compliance

To comply with applicable laws, respond to lawful requests from public authorities, and protect our legal rights. Where required under the PDPA, we rely on your consent (for example for certain marketing communications), or on other PDPA grounds such as deemed consent or legitimate business purposes.


5. Use of Input Data and Generated Content

5.1 We log relevant configuration settings, query parameters and Generated Content to provide the Service (including troubleshooting, abuse detection and quality improvement).

5.2 Horti Minds does not use Client input data or Generated Content to train its own proprietary models in a way that would identify you as an individual client.

5.3 We configure our third-party model providers, where technically possible, so that they do not use your inputs or outputs to train their foundation models for other customers.


6. Disclosure of Personal Data

We may disclose Personal Data to:

  • Affiliates: Horti Minds Data Services Pte. Ltd. (IP holding company) and The Bratpack Group B.V. (Netherlands) for group-level management and support.

  • Service Providers: cloud hosting, model providers (including Replicate and Google Cloud), payment processors, email and analytics providers, acting as data intermediaries.

  • Professional Advisers: lawyers, auditors and accountants under confidentiality obligations.

  • Authorities: where required by law, court order, or to protect our rights, safety or property.

We do not sell Personal Data.


7. International Data Transfers

7.1 Our infrastructure and third-party providers are located in several jurisdictions, including Singapore, the United States and the European Union.

7.2 By using the Service, you consent to the transfer and processing of your Personal Data in these jurisdictions, which may have data-protection laws different from those in your home country, and, where applicable, we rely on PDPA transfer mechanisms such as deemed consent and the legitimate interests exception in combination with appropriate safeguards. We take reasonable technical and organizational measures to ensure an appropriate level of protection consistent with PDPA requirements.


8. Data Security

We implement reasonable security safeguards to protect Personal Data against unauthorized access, collection, use, disclosure, copying, modification or disposal, including:

  • access controls and authentication;

  • encryption in transit;

  • logging and monitoring of system access;

  • restricted access to Personal Data on a need-to-know basis.

However, no method of transmission or storage is completely secure; you use the Service at your own risk.


9. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy, or as required by law. Typical retention periods are:

  • account and billing data: for the duration of your account plus standard statutory periods (e.g. 5–7 years for tax records);

  • logs and technical data: for shorter operational periods, unless needed for security or legal purposes.

After expiry of the retention period we will delete or anonymize Personal Data.


10. Your Rights

Subject to PDPA conditions, you have the right to:

  • request access to the Personal Data we hold about you;

  • request correction of inaccurate or incomplete Personal Data;

  • withdraw consent to processing where consent is the basis (for example for direct marketing);

  • submit a complaint to the Personal Data Protection Commission (PDPC) if you believe your rights have been infringed.

Requests can be submitted via the contact details below. We may need to verify your identity before fulfilling your request and may charge a reasonable fee where permitted by law.


11. Cookies and Analytics

We may use cookies and similar technologies to:

  • keep you logged in;

  • remember your preferences;

  • measure usage of the Service.

You can configure your browser to refuse cookies, but this may affect functionality.


12. Children’s Privacy

The Service is intended for business users and adults. We do not knowingly collect Personal Data from children under 18. If you believe a child has provided us with Personal Data, please contact us and we will take appropriate steps to delete such data.


13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website with a new “Effective Date”. Material changes may be notified by email or through the Service.


14. Contact – Data Protection Officer

For questions or requests regarding this Privacy Policy or your Personal Data, please contact our Data Protection Officer:


Email: info@openplantdata.com
Address: Data Protection Officer – Horti Minds Pte. Ltd.,
160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914.