Courses Journal Flavors Brewing Calculator Pricing
Legal

Privacy Policy

Last updated: April 17, 2026

Draft. This policy is a starting point. Review with counsel for GDPR, CCPA, LGPD, and any other regulations that apply to your users before launching publicly.

1. Who we are

Coffee Standards Studio (“we”, “us”) operates the service available at this domain. We are the data controller for the personal data you provide.

2. Data we collect

  • Account data: name, email, hashed password.
  • Usage data: journal entries, course progress, brew logs, and preferences you create inside the app.
  • Technical data: IP address and minimal server logs used for security and rate limiting. We do not use third-party advertising cookies.

3. How we use your data

  • To operate your account and deliver the Service.
  • To send transactional emails (verification, password reset, billing notices) via our email provider.
  • To prevent abuse, investigate security incidents, and comply with legal obligations.

4. Legal basis (GDPR)

We process personal data on the basis of contract (to provide the Service you signed up for), legitimate interest (to keep the Service secure and functional), and consent where required (e.g. optional email marketing, if offered).

5. Sharing

We share data only with processors needed to run the Service:

  • Our hosting provider (infrastructure).
  • Our email provider (Mailgun) for transactional emails.
  • Our payment processor (when payments are enabled) for billing.
  • Sentry, if enabled, for error monitoring.

We do not sell your personal data.

6. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data at any time from your profile page, or by emailing us.
  • Export your journal data on request.
  • Lodge a complaint with your local data protection authority.

7. Retention

Account data is kept while your account is active. When you delete your account, we remove your personal data from our production systems. Backups are purged on a rolling schedule (typically 30 days).

8. Security

Passwords are stored using bcrypt hashes. Sessions use HttpOnly cookies over HTTPS in production. We apply rate-limiting and payload size limits to reduce abuse.

9. Cookies

We use a single first-party cookie to keep you logged in. We do not use third-party tracking or advertising cookies.

10. Changes

Material changes will be announced via email or in-app notice. Continued use after changes means you accept the updated policy.

11. Contact

Data requests or questions? Email privacy@coffeestandardsstudio.com.