Privacy Policy

Effective date: May 5, 2026 · Last updated: May 5, 2026

This Privacy Policy explains how Coffee Chats ("Coffee Chats," "we," "us," or "our") collects, uses, discloses, and protects information when you use our website at https://coffeechats.net, our web application at https://app.coffeechats.net, our Android and iOS mobile applications, and any related services (together, the "Service"). By using the Service, you agree to this Policy.

1. Who we are

Coffee Chats is an anti-ghosting mentorship marketplace that connects early-career professionals with mentors for structured 1:1 conversations. We are the data controller for the personal information described in this Policy.

2. Information we collect

2.1 Information you provide

Account information: name, email address, password (hashed), profile photo, headline, bio, location (city/country), industry, role, seniority, languages, and topics you can chat about.
Profile content: work history, education, links (LinkedIn, GitHub, personal site), availability, conversation intents, and any information you choose to add.
Communications: chat requests, messages, scheduling notes, ratings, reviews, reports, and feedback you submit through the Service.
Payment information: if you subscribe to Pro, our payment processor (Stripe) collects your card details directly. We receive only a transaction ID, the last four digits of the card, the brand, and billing country. We never store full card numbers.
Verification data: if you choose to verify your employer or education, we may receive a verification token from a third-party provider.

2.2 Information collected automatically

Device and log data: IP address, device model, operating system, browser type, app version, language, time zone, crash logs, and diagnostic data.
Usage data: pages visited, features used, requests sent and received, confirmations, no-shows, completions, and reliability events. This data powers your reliability score.
Cookies and similar technologies: session cookies for authentication, preference cookies, and limited first-party analytics. We do not use third-party advertising cookies. See Section 8 for details.
Push notification tokens: on mobile, we store a device token (issued by Apple Push Notification service or Firebase Cloud Messaging) so we can deliver chat reminders and confirmations. You can disable push at the OS level at any time.

2.3 Information from third parties

Sign-in providers: if you sign in with Google, Apple, or LinkedIn, we receive your name, email, profile photo, and a stable account identifier from that provider. We do not receive your password.
Calendar integrations: if you connect Google Calendar or Microsoft Outlook, we receive free/busy availability and write events you create through the Service. We do not read the contents of unrelated calendar events.
Video providers: if a chat is held over Google Meet, Zoom, or similar, we receive a meeting link and join status; we do not record meetings.

3. How we use information

We use information to:

Create and operate your account and authenticate you across devices.
Match early-career users with mentors, deliver chat requests, schedule meetings, and send confirmations and reminders.
Calculate and display reliability scores, badges, and ratings, including the reliability impacts of completing, cancelling, or no-showing a chat.
Detect, prevent, and respond to fraud, abuse, harassment, spam, and Terms of Service violations.
Process payments and manage Pro subscriptions.
Provide customer support and respond to your requests.
Improve the Service, develop new features, and run analytics.
Send transactional messages (chat requests, confirmations, no-show notices, billing receipts) and, where permitted, product updates you can opt out of.
Comply with legal obligations and enforce our Terms.

4. Legal bases (EEA/UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process personal data on the following bases: contract (to provide the Service you requested), legitimate interests (to secure the Service, prevent abuse, and improve features in ways you would reasonably expect), consent (for optional marketing or non-essential cookies, where required), and legal obligation (to comply with applicable law).

5. How we share information

We do not sell personal information. We share information only as described below:

With other users: your public profile (name, photo, headline, bio, topics, reliability score, badges, ratings, public reviews) is visible to other signed-in users and, if you opt in to a public profile, to anyone on the open web.
With service providers: infrastructure (Vercel, Supabase, AWS), email delivery (Resend), payments (Stripe), error monitoring (Sentry), analytics, and push notifications. These providers process data only on our instructions and under written agreements.
With your direction: when you connect a third-party integration or choose to share content outside the Service.
For legal reasons: to comply with law, valid legal process, or government requests; to enforce our Terms; or to protect the rights, safety, or property of users, the public, or Coffee Chats.
Business transfers: in connection with a merger, acquisition, financing, reorganisation, or sale of assets, subject to standard confidentiality protections.
With your consent: for any other purpose disclosed at the time of collection.

6. Data retention

We retain personal data for as long as your account is active or as needed to provide the Service. After deletion, we keep limited records (transaction history, abuse reports, reliability events tied to other users' histories) for up to seven years to comply with legal, accounting, and anti-abuse obligations. Backups are rotated and purged on a rolling 90-day schedule.

7. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing or withdraw consent. You can exercise most of these rights directly in the app under Settings → Account, or by emailing privacy@coffeechats.net. We will respond within the time required by applicable law.

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights. We do not sell or "share" personal information for cross-context behavioural advertising.

8. Cookies and tracking

We use first-party cookies for sign-in sessions and to remember preferences. We use privacy-friendly first-party analytics to understand aggregate product usage. We do not use cross-site advertising trackers and we honour Global Privacy Control signals where applicable.

9. Security

We protect your data with TLS in transit, encryption at rest, role-based access controls, audited admin actions, and regular dependency and infrastructure reviews. Passwords are hashed with a modern algorithm. No system is perfectly secure; if we learn of a breach affecting your information, we will notify you as required by law.

10. International transfers

Coffee Chats is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. Where required, we use standard contractual clauses or other approved transfer mechanisms.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Mobile app permissions

Our mobile apps may request the following permissions; you can grant or revoke each at the OS level:

Notifications— to deliver chat requests, confirmations, and no-show warnings.
Camera / Photos— to set or change your profile picture.
Calendar— only when you opt in, to read free/busy and add confirmed chats to your calendar.
Network state— to deliver content efficiently and queue actions while offline.

13. Account deletion

You can delete your account at any time from Settings → Account → Delete account in the web or mobile app, or by emailing privacy@coffeechats.net from the address on your account. Deletion removes your profile, messages, and personal identifiers within 30 days, except for the limited records described in Section 6.

14. Changes to this Policy

We may update this Policy from time to time. If changes are material, we will notify you in the Service and update the "Last updated" date above. Your continued use of the Service after the update means you accept the revised Policy.

15. Contact us

For privacy questions, requests, or complaints, email privacy@coffeechats.net. EU/UK users may also lodge a complaint with their local data protection authority.