Legal · UK GDPR

Privacy Policy

Last updated · June 12, 2026

CaF is a personal coffee journal you can choose to share with a small circle of friends you accept. There's no public feed, no ads, and no third-party trackers — entries are visible only to you and the friends you've added. This policy spells out the little we do collect, why, and what control you have over it.

Who runs CaF

CaF is operated by Benri M Ltd ("we", "us", "our"), a company registered in England & Wales, based in London. For the purposes of UK GDPR, Benri M Ltd is the data controller for the personal data described below.

You can reach us by email at hello@delacreme.cc, or by post:

• Benri M Ltd
• London
• United Kingdom

What we collect

Account

• Email address — when you sign in with the email one-time code. Used only to identify your account and deliver the 6-digit login code. Stored by our backend provider, Supabase. If you choose to set a password, it is stored hashed by Supabase Auth — we never see it.
• Apple or Google identifier — when you sign in with Apple or Google. An opaque token, not the email on your Apple or Google account.
• Display name + handle — set during onboarding. Your handle is how friends search for and add you inside the app.

Coffee entries

• Photos you attach to each entry. Stored in a private Supabase Storage bucket protected by row-level security — only your account can read them.
• Cafe name + address you pick from search. Pulled from the Google Places API; cached on Supabase against your entry.
• Drink type, optional caption, and the optional tasting-note details (brew, bean, flavour) you log yourself.

Friends & social

• Friend connections — when you send, accept, or receive a friend request. We store which accounts are linked so your friends feed and shared café map work. Friends see the entries you post; non-friends never do.
• Likes & comments — the likes and short comments you leave on a friend's entry, shown to that friend and to mutual friends on the entry.
• Blocks & reports — if you block someone or report content, we record it to keep CaF safe.
• Push token — an Expo push token for your device, stored so we can send a notification when a friend likes or comments. Removed when you sign out or delete your account. You can turn push off in Profile.

Device + app

• Anonymous crash reports — sent to Sentry to help us fix bugs. No personal data attached.
• Approximate location — only when you tap "Use my location" on the Cafe step. Passed once to Google Places for nearby search; not stored on Supabase.

What we don't collect

• No advertising identifiers, no analytics SDKs (Mixpanel, Amplitude, GA).
• No cross-app or cross-website tracking.
• No public profiles or public feed — your entries reach only the friends you accept.
• No microphone, contacts, or address book access — friends are added by handle or QR, never by scanning your contacts.
• No background location, no significant-change monitoring.
• No app-usage telemetry beyond anonymous crash reports.

How we use what we collect

• Email + sign-in identity (Apple / Google) — to identify your account so your entries follow you across sessions.
• Entries — to show your home feed, calendar, and entry detail screens, and to share the entries you post with friends you've accepted.
• Friends & social — to power your friends feed, the shared café map, and likes and comments.
• Notifications — two kinds, both optional: a daily reminder scheduled locally on your device, and a remote push when a friend likes or comments, delivered through Expo's push service. Turn either off in Profile.
• Crash reports — to improve stability.

Where your data lives

• Supabase — Postgres + Storage in the EU-West-2 (London) region. Row-level security scopes every query to your user_id, and friend-visibility rules are enforced at the database layer.
• Expo (EAS) — delivers remote push notifications. We send your push token and a short message (e.g. "Sam liked your cup"); no entry photos or full content pass through it.
• Sentry — crash report aggregation.
• Google — Sign in with Google identity, plus café search and details via the Google Places API. Google's privacy policy governs their handling.
• AI label reader — the optional bean-label scanner uses a third-party AI service to read a coffee-bag label and pre-fill the bean details. It runs only when you choose to scan, and the label is processed to return those details, not to show you ads. Skip the scanner and nothing is sent.
• Apple — Sign in with Apple identity. Apple's privacy policy applies.

Your rights under UK GDPR

You have the following rights over the personal data we hold about you:

• Access — see every photo, entry, and cafe pin (all visible inside the app) or request a copy by email.
• Rectification — correct anything inaccurate. Display name and handle are editable in Profile; for the rest, email us.
• Erasure — delete your account and all associated data in Profile → Delete account. This is immediate, irreversible, and removes every entry, photo, and account row from our backend.
• Restriction or objection — ask us to pause processing while a dispute is resolved.
• Portability — receive your entries in a machine-readable format on request.
• Lodge a complaint — you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your data.

To exercise any of the above rights, email hello@delacreme.cc. We respond within 30 days.

Lawful basis for processing

• Contract — your email, sign-in identity, entry data, and friend connections are processed to deliver the service you signed up for.
• Legitimate interest — anonymous crash reports help us keep the app stable, and block/report records help us keep CaF safe. You can opt out of crash reporting by emailing us.
• Consent — approximate location is only used when you explicitly tap "Use my location" and is not stored; remote push is sent only after you grant notification permission.

Data retention

Your entries and account data stay until you delete them or close your account. Deleted accounts are removed from our backend immediately and from backups within 30 days. Crash reports in Sentry are retained for 90 days then purged.

Children

CaF is not intended for users under 13. We do not knowingly collect data from users below that age. If we learn that personal data from a user under 13 has been collected, we will deactivate the account and delete the data promptly. If you believe a child has created an account, email hello@delacreme.cc.

Users between 13 and 17 may use CaF with the permission of their parent or guardian.

Changes to this policy

When we update this policy we bump the date at the top. If a change is material we will notify you inside the app before it takes effect.

Contact

Questions, requests, or concerns — email hello@delacreme.cc, or write to:

• Benri M Ltd
• London
• United Kingdom