Privacy Policy

Cuptrace is a coffee-evaluation tool built on a non-custodial philosophy: we hold your trust, not your files. This policy is short because we collect little.

What we collect

Email address (optional). Only if you choose to create an account for Organizer, Head Judge, Lab, or Farmer roles. Anonymous Solo mode requires no email. Email is used solely for sign-in and password recovery.

Anonymous user identifier. Firebase generates a random ID (UID) when you first launch the app. It does not identify you personally. It is required for the app to sync your own evaluations across your devices.

Anonymous crash diagnostics. If the app crashes, Firebase Crashlytics records the stack trace and device model. This data contains no personal identifiers. We use it to fix bugs.

What we do not collect

• We do not collect behavioral analytics. Firebase Analytics is disabled in this app.
• We do not track your location, contacts, advertising ID, or activity in other apps.
• We do not collect or store any files. When you attach a photo or document, you provide a URL that points to your own Google Drive, Dropbox, or iCloud. Cuptrace stores only the URL, never the file.

What you create inside Cuptrace

Your evaluations, cupping scores, flavor notes, farmer submissions, and Coffee Profile data are your content. We store them solely to render them back to you and sync them across your devices. We do not analyze, profile, mine, sell, or share this content with anyone.

If you join a multi-user cupping session as a Tester or Judge, your evaluations are visible to that session's Organizer and Head Judge. That is the purpose of the session.

AI Buyer Notes (optional)

If — and only if — you tap to generate AI Buyer Notes, the cupping data for that one coffee — its flavor descriptors and score, plus the lot metadata you entered (which may include the producer, farm, or business names, but never your own email, name, or account identifier) — is sent to Google's Gemini API to write a short summary back to you. It runs only on your explicit request. We do not send your data to any AI service in the background, and AI never proposes or changes scores. If you never use the feature, no data ever leaves for AI processing.

Legal basis for processing (GDPR)

• Email & account — performance of a contract (Art. 6(1)(b)): to provide the role-based features you signed up for.
• Anonymous identifier & sync — performance of a contract: to operate the app you are using.
• Crash diagnostics — legitimate interest (Art. 6(1)(f)): to keep the app stable; data contains no personal identifiers.
• AI Buyer Notes — consent (Art. 6(1)(a)): processed only when you explicitly tap to generate.

Where data lives

All data is stored in Firebase (Google LLC) — our primary sub-processor (full list below). Servers are located in Google's global infrastructure. Data transfers from EU to US are governed by Google's Standard Contractual Clauses.

How long we keep it

For as long as your account exists. You can delete your account at any time from Settings → Delete Account. This cascade-deletes all your evaluations, submissions, sessions, and authentication record. Firebase backup retention may keep data for up to 30 days after deletion, after which it is permanently erased.

Your rights

You can access, export, correct, or delete your data at any time from inside the app. For requests we cannot fulfill in-app (rare), email us at the address above. We respond within 30 days.

Children

Cuptrace is intended for users 16 years or older. We do not knowingly collect data from children.

Changes

If we materially change this policy, we will notify you via an in-app prompt before changes take effect.

Sub-processor disclosure

Both are Google services. We use no other third-party tools that receive your data. No advertising networks. No analytics SDKs.

This policy reflects Cuptrace's non-custodial architecture: we treat your data the way we treat your files — as something you own, not something we hold. If you have questions, write to us. We answer directly.