CoffeeCost

Privacy Policy

Last updated: September 9, 2025

This policy describes how we collect, use, and protect your personal information.

1) Information about the collection of personal data and contact details of the controller

We are pleased that you are using our application ("app"). Below we inform you about the handling of your personal data when using our app. Personal data is all data with which you can be personally identified.

Controller (GDPR): Vladyslav Moroz, Calle Ibiza 64, 1 A2, 28009 Madrid, Spain. Email: vladyslav.moroz.1996@gmail.com.

The controller is the natural person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Contact

When contacting us (e.g., by email), we collect the personal data you provide (e.g., name, email address, message content). This data is processed solely to answer your request or for contacting you and the associated technical administration. The legal basis is our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR). If your request aims at concluding or performing a contract, the additional legal basis is Art. 6(1)(b) GDPR. We delete the data once your inquiry has been finally resolved unless statutory storage obligations apply.

3) Data processing for contract performance (in-app purchases & subscriptions)

If you make purchases in the app (including auto-renewable subscriptions), we process data necessary to provide the service and handle billing. Depending on the platform, the Application Store (Apple App Store / Google Play) acts as an independent controller for payment data. We receive limited purchase metadata to enable your entitlement (e.g., product identifier, transaction/receipt status).

3.1 RevenueCat

We use RevenueCat, Inc., 300 Euclid Avenue, San Francisco, CA 94118, USA, to manage in-app purchases and subscriptions. We transmit purchase-related information (such as product identifiers, anonymized user/app user ID, receipt tokens) to RevenueCat to validate entitlements. Legal basis: performance of a contract (Art. 6(1)(b) GDPR). We have a data processing agreement with RevenueCat. For details, see RevenueCat's privacy policy: https://www.revenuecat.com/privacy.

4) Firebase Crash Reporting (Crashlytics)

To improve stability and reliability, we use "Firebase Crashlytics", a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With your consent (Art. 6(1)(a) GDPR), anonymous crash information may be sent after an app crash (e.g., app state at crash time, installation UUID, crash traces, device model/OS version, last log messages). Transfers to Google LLC in the United States are possible; such transfers occur with appropriate safeguards (e.g., Standard Contractual Clauses). You can grant or withdraw consent in the app's settings at any time (disable "Crash Reporting"). Further information: https://firebase.google.com/support/privacy.

5) Optional marketing & measurement SDKs (TikTok App Events SDK)

For user acquisition measurement and to optimize advertising campaigns, we may integrate the TikTok App Events SDK provided by TikTok Technology Limited (Ireland) and/or related entities. The SDK can collect app events (e.g., app launches, conversions) and device information. Processing is based on your consent where required (Art. 6(1)(a) GDPR); you can withdraw consent in the app (e.g., "Marketing & measurement" toggle) at any time. International transfers may occur; appropriate safeguards (e.g., Standard Contractual Clauses) apply according to the provider's terms. For details, see TikTok's business documentation and privacy notices.

6) Categories of data we may process

Account & purchase data: email (if you sign up), app user ID, product identifiers, subscription status, purchase receipts/transaction tokens (via stores/RevenueCat).
Diagnostic data (with consent): crash logs, performance metrics, device/OS information (via Crashlytics).
Usage/events (with consent where applicable): app events for marketing measurement/attribution (e.g., via TikTok SDK).
Support communications: content you send us (emails).

7) Legal bases for processing

Art. 6(1)(b) GDPR (contract): providing the app, validating purchases/subscriptions.
Art. 6(1)(f) GDPR (legitimate interests): responding to inquiries, maintaining app security and fraud prevention.
Art. 6(1)(a) GDPR (consent): crash reporting, marketing/attribution SDK events where required. You can withdraw consent at any time with effect for the future.

8) Storage duration

We store personal data only as long as necessary for the purposes stated, to comply with legal obligations, or to resolve disputes. Diagnostic and marketing data are retained according to each provider's policies and our internal retention practices. When data is no longer required, we delete or anonymize it.

9) International data transfers

Where providers are located outside the EU/EEA (e.g., the United States), we rely on appropriate safeguards for transfers, such as the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures as required.

10) Your rights under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to withdraw consent (Art. 7(3))
Right to object (Art. 21), including to processing based on legitimate interests and to direct marketing
Right to lodge a complaint with a supervisory authority (Art. 77). In Spain: Agencia Española de Protección de Datos (AEPD), https://www.aepd.es/.

To exercise your rights, contact us at vladyslav.moroz.1996@gmail.com.

11) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes take effect when posted here with an updated effective date. Your continued use of the app after such changes means you accept the updated policy.

12) Contact

For questions about this Privacy Policy or our data practices, contact: vladyslav.moroz.1996@gmail.com.