Legal — Privacy Policy

Privacy Policy

Last updated: June 8, 2026

1. Information We Collect

We collect the following information: **Required Information** - Social account information (Google, Apple): name, email address, profile photo - Service usage data: recipe generation history, bean information (including photos), equipment details, brewing feedback (satisfaction and taste ratings such as acidity, sweetness, body, and bitterness), journey (brewing session) records, equipment addition requests - Device information: browser language setting (locale), device model, OS version - Push notification token: device identifier token (FCM token) for delivering push notifications - Notification preferences: opt-in status per notification type - App analytics: screen views, feature usage frequency - Error information: app crash logs, error stack traces **Optional Information** - Location: approximate device GPS location (used to refine recipes based on environmental factors such as weather and region). GPS coordinates are not stored on our servers; only the resolved region name is stored. **How We Collect** - Automatically through social login (Google, Apple) - Directly from user input during service use - Automatically during mobile app usage - Location data when device location permission is granted (with user consent)

2. How We Use Your Information

We use collected information for the following purposes: 1. Account management: identity verification, account administration 2. Service delivery: personalized recipe generation, recipe refinement based on environmental factors such as location and weather, brewing record management, bean and recipe card image recognition 3. Service improvement: recipe generation and recommendation quality improvement, usage pattern analysis, service stability improvement through error analysis, equipment catalog expansion 4. Personalized recommendations: taste analysis and bean/equipment recommendations for Plus subscribers 5. Communication: service announcements, welcome emails, push notifications (brewing reminders, feedback reminders, news)

3. Data Retention

1. Personal information is retained for the duration of your service use. 2. Upon account deletion, personal information is promptly destroyed. 3. Where required by applicable law, data may be retained for the legally mandated period.

4. Sharing with Third Parties

We do not share your personal information with third parties without your consent, except: 1. When required by law 2. When you have given prior consent Additionally, when you create and share a share card externally, the information it contains (bean, recipe, satisfaction, statistics, etc.) may be transmitted to external platforms. You control whether and to what extent you share it.

5. Service Providers

We use the following service providers to operate the Service: | Provider | Purpose | |----------|----------| | Supabase Inc. | Data storage and authentication | | Google LLC | Social login (Google Sign-In), app analytics, crash reporting, push notifications (Firebase Cloud Messaging), image recognition (Gemini Vision API), reverse geocoding (Android, coordinates→region) | | Apple Inc. | Social login (Sign in with Apple), reverse geocoding (iOS, coordinates→region) | | PostHog | Product usage analytics | | RevenueCat, Inc. | Subscription billing management | | Open-Meteo | Weather data lookup (based on location coordinates) | | Resend Inc. | Email delivery |

6. Your Rights

You have the right to: 1. Access your personal information 2. Request correction of your information 3. Request deletion of your information (account deletion) 4. Request suspension of data processing You can exercise these rights through the Service settings or by contacting privacy@pourist.app.

7. Data Destruction

1. Personal information is destroyed without delay when the retention period expires or the purpose of processing is achieved. 2. Electronic files are permanently deleted using methods that prevent recovery.

8. Security Measures

We implement the following measures to protect your information: 1. Encryption of key data (in transit and at rest) 2. Access control management 3. Security software installation and updates

9. Cookies

The Service may use cookies to improve user experience. You can refuse cookie collection through browser settings, but some features may be limited.

10. Contact

For privacy-related inquiries, please contact: - Email: privacy@pourist.app

11. Changes to This Policy

Changes to this Privacy Policy will be announced within the Service at least 7 days before the effective date.

Effective Date

This Privacy Policy is effective as of June 8, 2026.