Account details (name, email, phone), your suburb, your orders and preferences, payment tokens (via Stripe — we never see your card number), and — only while you have an active order and have granted permission — your approximate location to time your coffee to your arrival.
To run your orders, power loyalty, prevent fraud, and improve the product. We do not sell your personal data to third parties, ever.
Any image you upload (such as a café logo) has its embedded metadata — including EXIF GPS location — stripped on your device before it is sent to us. We store the picture itself, not where or when it was taken.
We keep your information while your account is active and for as long as needed for the purposes above or to meet our legal, tax and fraud-prevention obligations. When you delete your account we remove or de-identify your personal data, retaining only the records the law requires us to keep.
Under the Australian Privacy Principles you can access, correct, export or permanently delete your data and account at any time from settings — cafés can do the same for their venue. You can also withdraw location permission or opt out of marketing whenever you like.
Only the service providers needed to operate: Stripe (payments), Supabase (database, sign-in and image storage), Resend (email), ClickSend (SMS codes), Google (Maps for arrival timing and push delivery), and PostHog and Sentry (privacy-respecting analytics and error monitoring). Each is bound by a data-processing agreement and held to the Australian Privacy Principles. Some process data overseas, where we take reasonable steps to ensure comparable protection.
Questions, an access request, or a privacy complaint? Email [email protected] and we will respond promptly. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner at oaic.gov.au.
This is a plain-language summary; the full legal document ships at launch. Questions: [email protected]