Privacy Policy

Last updated: October 25, 2025

1. Introduction

ACOS ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address, password (encrypted), and optional username. If you sign up using OAuth providers (Google, Microsoft), we collect your email, name, and profile information from those services.

Location Data

We collect your location data to help you discover nearby coffee shops. This includes GPS coordinates (if you grant permission) or approximate location based on your IP address. You can control location permissions in your device settings.

Content You Create

We store content you create including coffee reviews, ratings, photos, notes, and check-ins. You control the visibility of this content through privacy settings.

Usage Data

We collect information about how you use the Service, including pages visited, features used, search queries, and interaction patterns. This helps us improve the Service.

Device Information

We collect device type, operating system, browser type, IP address, and unique device identifiers for security and functionality purposes.

3. How We Use Your Information

  • To provide and maintain the Service
  • To personalise your experience and show relevant coffee recommendations
  • To process your coffee purchases and transactions
  • To send you verification emails and important account updates
  • To respond to your support requests
  • To improve and optimise the Service
  • To detect and prevent fraud or security issues
  • To comply with legal obligations

4. Third-Party Services

We use the following third-party services that may collect information:

  • Resend: Email delivery service for verification emails and notifications
  • ipinfo.io: IP-based location detection when GPS is unavailable
  • Google Maps: Map services and coffee shop location data
  • Google OAuth: Third-party authentication
  • Microsoft OAuth: Third-party authentication
  • Neon PostgreSQL: Secure database hosting
  • Cloudflare: Content delivery and security

These services have their own privacy policies governing their use of your information.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • With your consent or at your direction
  • With service providers who help us operate the Service
  • When required by law or to protect our rights
  • In connection with a business transfer or acquisition
  • Public content you choose to share (reviews, photos) is visible according to your privacy settings

6. Data Security

We implement industry-standard security measures to protect your data, including encryption of passwords, secure HTTPS connections, and regular security audits. However, no method of transmission over the internet is 100% secure.

7. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes. Cached location data is retained for 24 hours.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your account and data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain processing of your data
  • Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@acos.app

9. Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences (language, dark mode), and analyse Service usage. You can control cookies through your browser settings, but some features may not function properly without them.

10. International Data Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

11. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when this policy was last revised.

13. Contact Us

For questions about this privacy policy or our data practices, contact us at:

Email: privacy@acos.app
Address: Auckland, New Zealand