AxilDB

Botanical Accession

CollectionsActive: The Sibley Collection
The Sibley CollectionManage collections
HelpSign inPrivacyTerms

Theme

AxilDB policies

Privacy Policy

Last updated May 26, 2026. This page describes how this AxilDB installation handles account, collection, plant, photo, email, AI, and operational data. It is written in plain English and has not been reviewed as legal advice.

Who Runs This Service

AxilDB is self-hosted software. The operator of this installation controls the server, database, file storage, SMTP email configuration, AI configuration, backups, and administrator access. If you have privacy questions, contact the server administrator for this installation.

Information Stored In AxilDB

AxilDB stores information needed to run a botanical accession and collection management system.

  • Account and security data: email address, password hash, global role, collection memberships, session state, email verification, password reset and magic-login tokens, two-factor authentication settings, recovery code hashes, and user preferences.
  • Collection and plant records: collection names, slugs, visibility, descriptions, plant definitions, author citations, aliases, source links, governing bodies, generated plant IDs, plant specimens, locations, acquisition details, sources, distributors, stock labels, propagations, blooms, sport observations, notes, labels, transfers, and archive history.
  • Care and husbandry data: husbandry guides, local care overrides, care events, plant conditions, care queue data, reminders, care sheets, sitter plans, and follow settings.
  • Photos and uploads: specimen photos, type images, bloom photos, captions, source names, source URLs, resized image files, and crop/framing metadata.
  • Operational data: audit log entries, sign-in events, administrative actions, email delivery attempts, AI usage records, server health data, backup metadata, and error details.

How Information Is Used

Data is used to provide the application: authentication, collection access, plant browsing, record editing, search, photo display, QR labels, reminders, follow notifications, transfer workflows, care sheets, sitter plans, audit logging, backups, and server administration.

Visibility And Sharing

Private collections are intended to be visible only to active members and server administrators. Public collections can be browsed without registration, but following records requires an active membership. Token links for care sheets and sitter plans expose only the selected records and tasks to anyone who has the link until the token expires or is revoked.

Collection transfers, shared plant definitions, care sheets, sitter plans, and public collections can intentionally copy or expose selected plant information outside the original collection. Collection managers and server administrators should review these actions before approving them.

Cookies And Local Storage

AxilDB uses session and security cookies to keep users signed in and to protect authentication flows. The app may also use browser local storage for theme choice, sort and filter preferences, scroll restoration, dismissed interface state, and other usability settings. AxilDB does not use advertising cookies or third-party ad tracking.

Email

AxilDB can send transactional and reminder emails, including welcome messages, verification links, password resets, magic-login links, reminders, follow notifications, invitations, transfer alerts, and collection request notices. These emails are sent through the SMTP provider configured by the server operator, such as Amazon SES. The email provider may process delivery metadata needed to send and troubleshoot mail.

AI Disclosure

If AI features are enabled for a collection, AxilDB may send relevant plant context to the configured OpenAI API account. This can include genus, species, cultivar, aliases, source links, husbandry, recent care history, user prompts, and optional selected photos. AI responses may be stored as drafts, descriptions, husbandry content, or Green Thumb care notes.

AI output is informational and can be wrong. It should not be treated as authoritative botanical, medical, veterinary, pesticide, toxicity, conservation, import/export, or legal advice.

Service Providers

Depending on how the installation is configured, data may be processed by the server host, database storage, file storage, SMTP email provider, backup storage, and OpenAI for AI features. The server operator is responsible for choosing and configuring these providers.

Access, Correction, And Deletion

Users can edit many of their own account settings and collection records when their role allows it. Collection managers can manage collection memberships and collection records. Server administrators can manage users, collections, backups, and server-level settings.

To request account deletion, export, correction, or removal of personal data, contact the server administrator. Some information may remain in backups, audit logs, email delivery logs, or security records until those systems rotate or are manually cleaned up. Archived or transferred plant records may also retain historical references needed for collection integrity.

Security

AxilDB uses password hashing, session controls, email verification, two-factor authentication, single-use tokens, role-based access, audit logging, and collection scoping to protect data. No web application can guarantee perfect security, so users should use strong passwords and protect their two-factor authentication and recovery codes.

Changes

This policy may be updated as AxilDB changes. Continued use of the service after changes means the updated policy applies. You should also review the Terms of Use.