Privacy Policy

Last updated: February 25, 2026

Origine (“we,” “us,” or “our”) is a personal coffee journal app developed by an independent developer. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application and related services.

By using Origine, you agree to the practices described in this policy. If you do not agree, please do not use the app.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address — provided directly or through a social sign-in provider
• Name — if you sign in with Apple and choose to share it
• Authentication provider — whether you signed up with email, Apple, or Google

Coffee Library Data

The core of Origine is your personal coffee journal. When you log a coffee, we store:

• Roaster, origin country and region, process method, varietal, altitude, and roast level
• Tasting notes, your personal ratings, and written notes
• Roast date and producer information

Images

When you scan a coffee bag, the photo is stored locally on your device and, if you have an account, uploaded to a private cloud storage bucket accessible only to you.

OCR Data

When you scan a coffee bag label, we use optical character recognition (OCR) to extract text from the image. The raw extracted text is stored alongside your coffee entry to improve accuracy and allow corrections.

Payment Information

Payments are processed entirely by Stripe. We never see or store your full credit card number. We retain only your Stripe customer ID and subscription status (free or Pro) to manage your account tier.

Usage Data

We track your monthly scan count to enforce free-tier limits (5 scans per month). This counter resets each calendar month.

Crash and Error Reports

We use Sentry to collect anonymous crash reports and error logs. These help us identify and fix bugs. Sentry data may include device type, operating system version, and error stack traces, but does not include your coffee data or personal information.

2. How We Use Your Information

We use your information to:

• Provide the service — store and sync your coffee journal across devices
• Process payments — manage your subscription through Stripe
• Enforce usage limits — track scan counts for the free tier
• Improve reliability — diagnose crashes and errors via Sentry
• Communicate with you — send transactional emails related to your account (password resets, subscription changes)

We do not sell your personal information. We do not use your data for advertising. We do not build behavioral profiles.

3. Data Storage and Security

Your data is stored in multiple layers:

• On your device — coffee entries are stored in a local SQLite database. Authentication tokens are stored in encrypted secure storage (not in plain-text storage).
• In the cloud — your coffee library syncs to Supabase, which provides encrypted storage and row-level security ensuring you can only access your own data.
• Images — stored in a private Supabase Storage bucket, isolated to your user account.
• Payments — handled entirely by Stripe's PCI-compliant infrastructure.

We use industry-standard security practices including HTTPS for all network communication, encrypted credential storage on-device, and database-level access controls.

4. Third-Party Services

Origine relies on the following third-party services, each with their own privacy policies:

• Supabase — authentication, database, and file storage (Privacy Policy)
• Stripe — payment processing (Privacy Policy)
• Sentry — error monitoring (Privacy Policy)
• Apple Sign-In — authentication (Privacy Policy)
• Google OAuth — authentication (Privacy Policy)

5. Your Rights

For all users

You can at any time:

• Access your data — export your full coffee library as a JSON file from within the app
• Delete your data — delete individual coffee entries, reset your entire library, or delete your account entirely
• Update your data — edit any coffee entry in your library

European Economic Area (GDPR)

If you are in the EEA, you have additional rights under the General Data Protection Regulation:

• Right of access — request a copy of all personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data
• Right to data portability — receive your data in a machine-readable format
• Right to restrict processing — request that we limit how we use your data
• Right to object — object to processing based on legitimate interests

Our lawful basis for processing is contract performance (providing the service you signed up for) and legitimate interests (improving reliability through error monitoring).

California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Delete your personal information
• Opt out of the sale of personal information — we do not sell your data, so this right is already satisfied
• Non-discrimination — we will not treat you differently for exercising your rights

To exercise any of these rights, contact us at the email address below.

6. Data Retention

• Coffee data and images — retained until you delete them or delete your account. Deleting your account permanently removes all associated data from our servers.
• Account information — retained while your account is active. Deleted upon account deletion.
• Payment records — Stripe retains transaction records per their own policies and legal requirements.
• Error logs — Sentry retains crash reports per their data retention policy (typically 30–90 days).
• Local data — data stored on your device persists until you uninstall the app or manually reset your library.

7. Children's Privacy

Origine is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. International Data Transfers

Your data may be processed and stored in the United States and the European Union through our third-party service providers. By using Origine, you consent to the transfer of your information to these regions. We ensure that appropriate safeguards are in place in compliance with applicable data protection laws.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: contact@origine.cafe