Privacy Policy

Coffeefe ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service.

This policy is intended to help users understand our privacy practices and supports rights and disclosures commonly required under laws such as the EU/EEA GDPR, the Israeli Privacy Protection Law, 5741-1981, and US state privacy laws (including California's CCPA/CPRA).

1. Data Controller

Coffeefe (operated by Omer Horovitz) is the data controller responsible for your personal data. For any privacy-related inquiries, contact us at: [email protected]

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address when you register.
• Profile Information: Optional display name, avatar, preferences.
• User Content: Images you upload, reviews, brew logs, and other content you create.
• Communications: Messages you send us via contact forms or email.

2.2 Information Collected Automatically

• Device Information: Browser type, operating system, device identifiers.
• Usage Data: Pages visited, features used, timestamps, referring URLs.
• Cookies: Session cookies for authentication, preference cookies (see Cookie Policy below).

2.3 Information from Third Parties

We may receive information from authentication providers if you choose to sign in via third-party services.

3. How We Use Your Information

• Provide Services: Process uploads, perform image recognition, match coffee data, enable search and discovery.
• Account Management: Create and manage your account, authenticate sessions.
• Communication: Send service-related emails (login links, notifications you've enabled).
• Improvement: Analyze usage to improve features, fix bugs, enhance user experience.
• Safety & Security: Detect and prevent fraud, abuse, and security incidents.
• Legal Compliance: Comply with applicable laws and respond to legal requests.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

• Contract Performance: Processing necessary to provide the service you requested.
• Legitimate Interests: Security, fraud prevention, service improvement (balanced against your rights).
• Consent: Where you have given explicit consent (e.g., marketing communications).
• Legal Obligation: Where required by law.

5. Data Sharing and Disclosure

We do not sell your personal information.

We may share data with:

• Service Providers: Cloud hosting, image storage, email delivery, analytics (under data processing agreements).
• Legal Requirements: When required by law, court order, or government request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you).
• With Your Consent: When you explicitly authorize sharing.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States and European Union. Where required, we use appropriate safeguards for international transfers (for example, Standard Contractual Clauses or other lawful transfer mechanisms).

7. Data Retention

• Account Data: Retained while your account is active, plus 30 days after deletion request.
• User Content: Retained until you delete it or request account deletion.
• Usage Logs: Retained for up to 12 months for security and analytics.
• Legal Requirements: Some data may be retained longer if required by law.

8. Your Rights

Depending on your location, you have the following rights:

8.1 GDPR Rights (EU/EEA/UK)

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Request limited processing of your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time (without affecting prior processing).
• Lodge Complaint: File a complaint with your local data protection authority.

8.2 CCPA Rights (California)

• Know: Request disclosure of data collected about you.
• Delete: Request deletion of your personal information.
• Opt-Out: Opt out of sale of personal information (we do not sell data).
• Non-Discrimination: Equal service regardless of exercising privacy rights.

You may submit a CCPA/CPRA request by emailing [email protected] or via our contact form. To protect your privacy and security, we may need to verify your identity before responding. You may also use an authorized agent where permitted by law.

8.3 Israeli Privacy Rights

Under the Israeli Privacy Protection Law, you have the right to access, correct, and delete your personal data. Contact us to exercise these rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner as required by law).

9. Cookie Policy

We use the following types of cookies:

• Essential Cookies: Required for authentication and basic functionality. Cannot be disabled.
• Preference Cookies: Remember your settings and preferences.
• Analytics Cookies: Help us understand how you use the service (can be disabled).

You can manage cookie preferences through our cookie banner (including choosing essential-only, accepting all, or customizing). You can also use your browser settings.

Your cookie choices are saved in your browser (for example, using local storage) so we can remember your preferences.

To update your choices at any time, visit /privacy#cookie-settings.

10. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Access controls and authentication
• Regular security assessments

No system is 100% secure. Please do not upload sensitive personal information (e.g., government IDs, financial data) to our service.

11. Children's Privacy

Our service is not intended for children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided us data, contact us immediately.

12. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or prominent notice in the app. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy inquiries, data requests, or complaints:

• Email: [email protected]
• Contact Form: /contact

For EU residents: You may also contact your local Data Protection Authority.