Privacy Policy

Effective date: March 1, 2026 — Last updated: March 2026

CoffeeTrove ("we", "us", "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights.

What We Collect

Account information

When you create an account via Google OAuth, we receive and store your name, email address, and profile photo. You can update your display name and username after signing up.

Content you create

Reviews, ratings, cafe submissions, saved lists, and any other content you voluntarily submit to CoffeeTrove.

Usage data

Pages visited, searches performed, and interactions with the platform. This helps us understand which features are useful and improve the experience. We do not track you across other websites.

Device information

Browser type, operating system, screen size, and IP address (used for approximate location to show nearby cafes). IP addresses are not stored permanently.

How We Use Your Data

  • Display your reviews, profile, and contributions on the platform
  • Calculate leaderboard rankings and XP
  • Show nearby cafes based on approximate location
  • Send account-related emails (password resets, security alerts)
  • Improve CoffeeTrove based on aggregate usage patterns
  • Prevent abuse, spam, and fake reviews

We do not sell, rent, or share your personal data with advertisers or data brokers.

Cookies

We use minimal cookies:

  • Session cookies — keep you logged in (essential, no consent needed)
  • Analytics cookies — help us understand which pages are useful (anonymous, aggregated)

We do not use third-party advertising cookies, tracking pixels, or retargeting scripts.

Third-Party Services

  • Google OAuth — authentication (shares your name, email, photo with us)
  • Supabase — database hosting (processes data on our behalf, EU-compliant)
  • Vercel — website hosting (may process server logs containing IP addresses)

These services act as data processors under our instructions. We do not share your data with any other third parties.

Data Retention

Account data is retained as long as your account is active. If you delete your account, all personal data (profile, email, reviews) is permanently removed within 30 days. Anonymized usage data may be retained for analytics.

Data Security

All data is transmitted over HTTPS. Passwords are never stored (we use OAuth). Database access is restricted to authorized systems only. We follow industry-standard security practices, but no system is 100% secure.

Your Rights

Under GDPR, CCPA, and applicable privacy laws, you have the right to:

  • Access — request a copy of all data we hold about you
  • Correction — update or correct inaccurate information
  • Deletion — request permanent deletion of your account and data
  • Export — receive your data (reviews, profile, bookmarks) in a portable format
  • Objection — opt out of non-essential data processing

To exercise any of these rights, email mike@coffeetrove.com with the subject line "Privacy Request". We respond within 7 business days.

Children

CoffeeTrove is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has created an account, contact us and we will remove it promptly.

Changes to This Policy

We may update this privacy policy as our practices evolve. Significant changes will be communicated through the platform. The effective date at the top of this page reflects the latest revision.