Privacy Policy

1. Controller & Contact

The controller for your personal data is the app publisher identified above. For any privacy-related questions or requests, you can contact us at info@coffeetells.com.

2. Scope

This Privacy Policy applies to the CoffeeTells mobile application (the "App"), our associated backend services, and any support channels we operate. It does not apply to third-party services that you may access via links from our App.

3. Summary of Our Practices

• Minimal Data Collection: We only process what's needed to provide and improve the App's functionality. This includes your uploaded coffee-cup photo, the AI-generated output (story/image), and minimal technical logs necessary for security and reliability.
• Deletion of Irrelevant Images: Any uploaded image that is detected not to be a coffee-cup photo is deleted immediately (through automated checks and periodic human review to improve our filter). We do not retain non-coffee images.
• Temporary Storage: Coffee-cup photos are stored temporarily on our servers (by default no more than 30 days, and never beyond 3 months) to allow processing and for you to re-download results. You can delete your photos and outputs at any time within the App.
• No Advertising or Tracking: We do not use advertising identifiers (IDFA), no third-party advertising SDKs, and no cross-app tracking techniques. Your data is not used for targeted advertising or profiling by us or others.
• Push Notifications (Opt-in): If you grant permission, we use push notifications for transactional updates and occasional announcements. We obtain a device-specific Apple Push Notification service (APNs) token to send these notifications, but this token is used solely for that purpose and not shared with advertisers.

4. Data We Process

We process the following types of data when you use the App:

4.1 User Content (Input)

Photos you upload to the App (specifically, images of coffee cups). We use these images to perform the App's core functionality - analyzing the coffee cup and generating your personalized story or image ("Output"). Non-coffee images (anything that our system identifies as not a coffee cup) are automatically flagged and deleted immediately, as they are not needed for the App's purpose.

4.2 Generated Output

The stories and/or images that are produced for you by our AI when you upload a coffee-cup photo. We may temporarily store this Output on our servers to facilitate viewing in the App and allow you to re-download it. You remain in control of your Output and can delete it at any time via the App.

4.3 Technical Logs

We collect minimal technical information such as timestamps of requests, request and response status codes, truncated or hashed IP addresses in security logs, job IDs, and error messages or crash reports. These logs are used solely to monitor and improve the App's security, prevent abuse (e.g. stopping spam or misuse of the service), and ensure reliability (e.g. debugging and fixing issues). These logs do not contain the content of your photos or outputs beyond possibly an ID or error reference.

4.4 Purchase Metadata

If you make an in-app purchase (such as subscribing to premium features), we receive limited information from Apple's App Store about the purchase status (e.g. confirmation that you have an active subscription or completed purchase). This may include an anonymous identifier for the transaction and the type of purchase, but no personal payment information like your name or credit card number. We use this data only to unlock or provide the features you paid for. Payment processing itself is handled by Apple, not by us.

4.5 Push Notification Token

If you enable push notifications, Apple provides us with a device-specific token (APNs token). We store this token to send you push notifications (for example, to notify you when your AI generation is complete or to send updates you've opted into). This token is not linked to any other personal identifiers and is not used for anything other than delivering notifications. You can disable push notifications at any time (see Section 7 below).

4.6 Cafe Mode (if available)

The App may offer an optional "Cafe Mode" feature. This feature might involve checking your current Wi-Fi network name (SSID/BSSID) on your device to determine if you are in a cafe environment. Importantly, these network checks are done on-device - the SSID/BSSID or any network identifiers are not transmitted to our servers. We do not receive or store your location or network information; all such determinations happen locally on your device for your privacy.

5. Data We Do Not Intentionally Collect

We do not collect any of the following information:

• No Account Sign-Up: We do not require you to create an account or provide personal details like your name, email (except if you contact us for support), or phone number to use the App.
• No Sensitive Personal Data: We do not collect precise geolocation data, contact lists, calendar entries, health or medical data, biometric identifiers, voice or audio recordings, or microphone recordings through the App.
• No Advertising Identifiers: We do not access or use the device's advertising identifier (IDFA) or any fingerprinting techniques for tracking you or your device.
• No Cross-App Tracking: We do not track your activity across other companies' apps or websites, and we do not partake in any data broker activities.

6. Your Rights & Choices

You have rights and choices regarding the personal data we collect and how we use it:

• Access & Portability: You have the right to ask whether we are processing your personal data, and to request a copy of the data we hold about you. You also have the right to request that the data be provided in a commonly used, machine-readable format.
• Correction: If any personal data we have is inaccurate or incomplete, you have the right to ask us to correct it.
• Deletion: You have the right to request deletion of your personal data. We already provide you the ability to delete your uploaded images and generated outputs directly through the App. If you want us to delete any other personal data associated with you, you can send us a request via email.
• Withdraw Consent: Where we rely on your consent to process data, you are free to withdraw that consent at any time. For example, you can revoke permission for push notifications or for accessing your camera/photos.
• Object/Restrict Processing: If you are an EU/EEA user, you have the right to object to certain processing or ask us to restrict processing.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

• Coffee-cup Photos: Stored temporarily on our servers for processing and for your convenience. By default, we retain these photos for no longer than 30 days. In no case will a coffee-cup photo be kept for more than 3 months.
• Non-Coffee Images: If an uploaded image is identified as not being a coffee-cup photo, our system deletes it almost immediately.
• Generated Output (Stories/Images): Output content you receive from the App is retained under the same policy as photos. We may keep it up to 30 days by default, and never more than 3 months, unless you choose to delete it sooner.
• Technical & Security Logs: Logs and diagnostic data are retained for a short period, generally up to 30 days, unless we need to keep them longer to investigate specific issues or security incidents.
• Backups: Our systems perform routine encrypted backups for reliability. Even after you delete data from our live systems, it may remain in our secure backups for up to an additional 30 days.

8. Data Security

We take the security of your personal data seriously and implement reasonable administrative, technical, and physical safeguards to protect it:

• Secure Transmission: Data transmitted between the App and our servers (such as your photos and generated content) is encrypted in transit using industry-standard protocols (HTTPS/TLS) to prevent eavesdropping.
• Secure Storage: Any sensitive data we store (for example, your photos during processing) is kept on secure servers. We use measures like access controls, encryption at rest, and network firewalls to guard against unauthorized access.
• Limited Access: Our team members and contractors are bound by confidentiality obligations. They will only access personal data when necessary to operate, develop, or troubleshoot the service - and always under strict privacy and security controls.
• No Guarantee: Despite our efforts to protect your information, no security measure or method of data transmission is 100% guaranteed. However, we strive to use commercially acceptable means to protect your personal data.

For the complete Privacy Policy document, including sections on children's privacy, changes to this policy, and additional legal provisions, please refer to the full document within the app or contact us at info@coffeetells.com.