Privacy Policy

Effective date: 3 May 2026

Tamped ("we", "us", or "our") is a personal coffee journal app developed by Sitong Ye. This policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

  • Account information: Email address and display name when you sign up (or name/email provided by Google or Apple Sign-In).
  • Coffee data: Beans, brew logs, recipes, equipment, café visits, cupping scores, and related notes you enter.
  • Photos: Images you capture or select (bean bags, latte art, café visits). Photos are stored in Firebase Cloud Storage linked to your account.
  • Location: When you log a café visit or browse the Atlas map, we use your approximate location to show nearby places. Location is used only in real-time and is not continuously tracked.
  • Subscription status: Purchase and entitlement data managed by RevenueCat to determine your plan (free or premium).

2. How We Use Your Data

  • Provide and sync your coffee journal across devices.
  • Process AI scans (bean bags, equipment) via Google Gemini. Images are sent to Gemini for analysis and are not retained by the AI service after processing.
  • Show nearby cafés and roasteries using Google Places API.
  • Manage your subscription through RevenueCat.
  • Display community-shared visits (only when you explicitly publish a visit).

3. Third-Party Services

  • Firebase (Google): Authentication, database, cloud storage, and hosting.
  • RevenueCat: Subscription management. See RevenueCat Privacy Policy.
  • Google Gemini AI: Image analysis for bean and equipment scanning.
  • Google Places API: Café and roastery search.
  • OpenStreetMap: Map tiles for the Atlas view.

4. Data Sharing

We do not sell your personal data. Data is shared with third parties only as described above (infrastructure providers). Community-shared visits display your display name and visit data publicly — this is always opt-in per visit.

5. Data Retention

Your data is retained as long as your account exists. You may delete individual entries at any time within the app. To delete your entire account and all associated data, use the "Delete Account" option in Settings.

6. Security

Data is transmitted over HTTPS and stored in Google Cloud (Firebase). Access is controlled by Firebase Security Rules that restrict data to the owning user. AI scan API keys are kept server-side and never exposed to the client.

7. Children

Tamped is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

8. Your Rights

  • Access & export: Export your brew data as PDF or CSV from within the app (Premium).
  • Deletion: Delete your account and all data from Settings.
  • Correction: Edit any of your data directly in the app.

For EU/UK users (GDPR) and California users (CCPA), you may exercise your rights by contacting us at the email below.

9. Changes

We may update this policy. Material changes will be communicated via the app or email. Continued use after changes constitutes acceptance.

10. Contact

For questions or requests regarding your data:
hello@tamped.coffee