Privacy Policy
CoffeeProphet — Turkish Coffee Cup Reading App
1. Introduction
Dinkel AI & MEDIA TECH GmbH ("Company", "we", "us", "our") respects your privacy and is committed to protecting your personal data in accordance with European Union and Austrian law.
This Privacy Policy describes what data we collect, how we use it, how we protect it, and your rights regarding your data.
This Policy applies to all versions of the application:
- Android version (Google Play Store)
- Web version (coffeeprophet.net/app/ — Telegram Mini App)
- iOS version (Apple App Store — in preparation)
2. Data Controller Information
| Legal Entity | Dinkel AI & MEDIA TECH GmbH |
| Type | Gesellschaft mit beschränkter Haftung (GmbH) |
| Address | Simmeringer Hauptstraße 24/220, 1110 Vienna, Austria |
| Country | Austria, European Union |
| Privacy email | partners@sonaya.ai |
| Support email | support@sonaya.ai |
| Website | coffeeprophet.net |
| Regulator | Austrian Data Protection Authority (DSB): dsb.gv.at |
3. Definitions
- Personal Data — any information that can identify a natural person directly or indirectly (e.g., name, email, Device ID, photograph).
- Processing — any action with personal data (collection, storage, use, transfer, deletion).
- Controller — the company that determines the purposes and means of processing (us).
- Processor — a company that processes data on behalf of the controller (e.g., OpenAI, RevenueCat, Stripe).
- Data Subject — a natural person whose information is processed (you, the user).
4. What Data We Collect
4.1. Data You Provide to Us
Authorization Data (Optional)
If you choose to sign in via Apple ID or Google Account:
| Data | Purpose | Legal Basis |
|---|---|---|
| Apple/Google User ID | User identification, subscription binding | Consent (Art. 6(1)(a) GDPR) |
| Email address (if shared) | User contact, account recovery | Consent (Art. 6(1)(a) GDPR) |
| Profile name (if available) | Display in app | Consent (Art. 6(1)(a) GDPR) |
Sign in via Apple/Google is optional. You can use the app anonymously with Device ID.
Data You Actively Upload
| Data | Purpose | Storage |
|---|---|---|
| Cup photographs (3 photos) | AI analysis for interpretation generation | Deleted within 24 hours |
| Text question (optional) | Context for AI interpretation | Stored in history until account deletion |
| User gender (optional) | Personalization of AI response | Stored in history until account deletion |
Data Obtained During Use
| Data | Purpose | Storage |
|---|---|---|
| Reading result (AI-generated text) | User's reading history | Until account deletion |
| User reaction | AI quality improvement (anonymized) | 24 months (anonymous) |
| Date and time | History maintenance | 12 months |
4.2. Technical Data Collected Automatically
| Data | Purpose | Storage |
|---|---|---|
| Device ID | Subscription binding, fraud protection | Until account deletion |
| IP address | Geolocation for pricing, security | 30 days in logs |
| Device type, OS version, app version | Compatibility, debugging | 12 months (anonymous) |
| Locale/Language, time zone | Localization, region determination | Anonymous |
4.3. Analytics Data
| Data | Purpose | Storage |
|---|---|---|
| Usage events (button presses, screens viewed) | User experience improvement | 24 months (anonymized) |
| Session duration | Engagement analysis | 24 months |
| Crash reports | Bug fixing | 3 months |
4.4. Payment Data
Payments are processed through:
- Google Play Billing (Android)
- Stripe (Web / Telegram Mini App)
- Apple App Store (iOS — in preparation)
- RevenueCat (subscription management intermediary)
4.5. Data We DO NOT Collect
- Photos of your face or personal photos (only coffee cup photos)
- Real-time location (only region by IP)
- Contacts from your phone book
- Web browser history
- Content of other apps
- Health information
- Biometric data
5. Third Parties and Data Transfer
5.1. OpenAI, Inc.
Purpose: Photo analysis and interpretation text generation (GPT-5.2 Vision)
Data transferred: Coffee cup photographs (3 photos), question text, anonymized Device ID
Storage: USA (Standard Contractual Clauses apply)
Photo handling: Uploaded to OpenAI API, analyzed, then deleted from OpenAI within 30 days. Not used for training models.
5.2. RevenueCat, Inc.
Purpose: Subscription management and payment validation
Data transferred: Device ID, User ID, purchase receipt, subscription status
Storage: USA (Standard Contractual Clauses apply)
5.3. Stripe, Inc.
Purpose: Payment processing for web version
Data transferred: Payment information (processed directly by Stripe, not stored by us)
Storage: USA (Standard Contractual Clauses apply)
5.4. Infrastructure (Railway / AWS)
Purpose: App server hosting (Backend)
Data transferred: User ID, reading history, interpretation results
Database: PostgreSQL with encryption at rest (AES-256)
5.5. Analytics and Advertising
Our website (coffeeprophet.net) uses the following tracking technologies:
- Google Analytics / Google Ads — website analytics and advertising conversion tracking
- Meta (Facebook) Pixel — advertising conversion tracking
- TikTok Pixel — advertising conversion tracking
These tools collect anonymized usage data on our website. You can opt out via your browser's Do Not Track setting or by using ad-blocking extensions.
The mobile app does not use third-party advertising tracking pixels.
5.6. Cross-border Data Transfer
Data is transferred to the USA (OpenAI, RevenueCat, Stripe, Railway). We use Standard Contractual Clauses (SCCs) under GDPR, along with encryption in transit (TLS 1.3) and at rest (AES-256).
6. Your Rights Under GDPR
6.1. Right of Access (Article 15)
You can request a copy of all data we store about you. Email partners@sonaya.ai with "GDPR Access Request". We respond within 30 days, free of charge.
6.2. Right to Rectification (Article 16)
If your data is inaccurate, you can correct it via Settings → Account, or email us.
6.3. Right to Erasure (Article 17)
You can request deletion of all your data via Settings → Account → Delete Account. All data is deleted within 30 days, except payment receipts retained for 7 years per Austrian tax law.
6.4. Right to Restriction of Processing (Article 18)
You can ask us to restrict processing of your data. Email partners@sonaya.ai.
6.5. Right to Data Portability (Article 20)
You can download your data in JSON/CSV format via Settings → Data & Privacy, or by emailing us.
6.6. Right to Object (Article 21)
You can object to data processing for marketing or profiling purposes.
6.7. Complaint to Regulator
Austrian Data Protection Authority (Datenschutzehörde): dsb@dsb.gv.at · dsb.gv.at · +43 1 521 52-0
7. Data Security
- Encryption in transit: All data via HTTPS / TLS 1.3
- Encryption at rest: PostgreSQL with AES-256; passwords as bcrypt hashes
- Access control: Only authorized personnel
Data Retention Periods
| Data Type | Retention |
|---|---|
| User ID, Email | Until account deletion or 3 years |
| Reading history | Until account deletion |
| Cup photographs | 24 hours maximum |
| Payment receipts | 7 years (Austrian tax law) |
| IP address logs | 30 days |
| Analytics (anonymous) | 24 months |
| Crash reports | 3 months |
8. Data Breach Notification
In the event of a data breach, within 72 hours we will notify the Austrian Data Protection Authority and all affected users by email.
9. AI Usage
CoffeeProphet uses OpenAI GPT-5.2 Vision to analyze coffee cup photographs and generate text interpretations. This is not profiling — we do not draw conclusions about you based on interpretations. Each reading is independent. Results are generated for entertainment purposes and have no scientific basis.
10. Children
Minimum age: 4+ years (per App Store / Google Play classification). Users under 13 are recommended to use with parental consent. Users under 18 may require parental consent for subscriptions in some jurisdictions.
11. Marketing and Communication
Unsubscribe from emails: Use the "Unsubscribe" link in any email, or email support@sonaya.ai.
Push notifications: Disable via your device's notification settings for CoffeeProphet.
12. Policy Changes
For critical changes, we notify via the app. For non-critical changes, we update the document and the date at the top. If you disagree with changes, you may delete your account and request data erasure.
13. Contact
| Privacy questions | partners@sonaya.ai (response within 30 days) |
| Technical support | support@sonaya.ai (response within 1–7 business days) |
| Address | Dinkel AI & MEDIA TECH GmbH, Simmeringer Hauptstraße 24/220, 1110 Vienna, Austria |