LAST UPDATED · 2026-06-08

Privacy Policy

we collect what we need to make findmymatcha work — your reviews, your tier list, the cafes you've visited. nothing more. nothing sold.

This Privacy Policy describes how findmymatcha ("we", "us", or "our") collects, uses, and discloses your information when you use our website (https://findmymatcha.app) and our mobile applications (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when you create an account, use the Service, or contact us. This includes:

  • Email address — used to create and authenticate your account.
  • Name — used to display your profile.
  • Profile photo — optional, used to display your profile.
  • User-generated content — reviews, photos of beverages, tier lists, journal entries, and other content you submit.

1.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

  • Search history (hashed) — search queries are hashed (SHA-256) before being stored. We cannot reverse-engineer original search terms from the stored hash.
  • Foreground location — when you grant permission, we use your device's location to surface nearby cafes. Location is used in-session only and is not persisted to our servers.
  • Usage data — product interaction events (page views, button taps, feature usage) are captured via PostHog analytics. These events are linked to your authenticated user ID.
  • Device information — operating system, app version, and device model, captured by PostHog.

1.3 Information We Do Not Collect

We do not collect:

  • IP addresses for tracking purposes
  • Precise device identifiers (IDFA, AAID) for advertising
  • Contacts, calendar, microphone, or camera data (other than photos you upload)
  • Background location

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your account and maintain your session
  • Display your profile and your content to other users
  • Surface cafes near your location when you opt in
  • Analyze usage patterns to improve product features
  • Communicate with you about your account, the Service, or in response to your inquiries
  • Detect, prevent, and address fraud, abuse, or security incidents

3. Third-Party Service Providers

We share information with the following third-party service providers strictly to operate the Service:

  • Cloudflare — website hosting, edge compute, content delivery, and DDoS protection.
  • Better Auth — account authentication and session management.
  • PostHog — product analytics. Events are linked to your authenticated user ID.
  • Sentry — error and crash diagnostics. We remove email addresses, authentication credentials, and signed media links from diagnostic reports before they are sent.
  • Apple and Google — only when you choose Sign in with Apple or Sign in with Google. We receive your name and email to create your account; we never post anything on your behalf.

These providers are bound by contractual obligations to handle your data only for the purposes we specify and to maintain appropriate security measures.

We do not sell your personal information to third parties. We do not share your information with advertisers.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service:

  • Account data — retained until you delete your account.
  • User-generated content — retained until you delete the content or delete your account.
  • Usage analytics — retained by PostHog for up to 7 years.
  • Hashed search queries — retained for analytics aggregation, not linked to individual users post-hashing.

You may request deletion of your data at any time by contacting us at the email address in Section 11.

5. Your Rights

5.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell about you.
  • Request deletion of your personal information.
  • Opt out of the sale of your personal information (we do not sell your information).
  • Non-discrimination for exercising your rights.

To exercise these rights, contact us at the email in Section 11.

5.2 European Economic Area / United Kingdom Residents (GDPR / UK GDPR)

If you are located in the EEA or UK, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data ("right to be forgotten").
  • Restrict or object to processing of your personal data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Lodge a complaint with your local data protection authority.

The legal basis for our processing is your consent (where applicable), the performance of a contract with you (account creation and Service delivery), and our legitimate interests in operating and improving the Service.

To exercise these rights, contact us at the email in Section 11.

6. Children's Privacy

The Service is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will delete it.

The Service is not directed at children under 13. We do not comply with the Children's Online Privacy Protection Act (COPPA) requirements because we do not knowingly collect information from children under 13.

7. Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. International Data Transfers

The Service is operated from the United States. By using the Service, you consent to the transfer of your information to the United States, which may have data protection laws different from those of your country.

9. Cookies and Tracking Technologies

We use functional cookies and local storage to maintain your session and remember your preferences. We use PostHog analytics, which is gated behind cookie consent. We do not use third-party advertising cookies.

You can manage your cookie preferences at any time via the cookie consent banner.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last Updated" date. Your continued use of the Service after the changes become effective constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:

Email: privacy@findmymatcha.app