Privacy Policy
Last updated: March 31, 2026
1. Information We Collect
We collect the following categories of information:
| Data | Purpose |
|---|---|
| Email address | Authentication, account management, transactional emails |
| Chat messages (coffee descriptions, tasting notes) | Sent to third-party AI providers to generate profiles |
| Usage logs (chat count) | Rate limiting, abuse prevention |
| Saved espresso profiles | Core service functionality |
| Payment information | Processed by Stripe — we never store card details |
| IP address, browser information | Security, abuse prevention (via hosting provider) |
2. How We Use Your Information
- To provide and maintain the Service
- To process your subscription and payments
- To generate AI-powered espresso profile recommendations
- To enforce rate limits and prevent abuse
- To send transactional emails (login links, subscription receipts)
- To respond to support requests
We do not sell your personal information. We do not use your data for advertising or marketing purposes beyond transactional emails related to your account.
3. Third-Party AI Processing
To generate espresso extraction profiles, your chat messages — including coffee bean descriptions, tasting notes, and brewing preferences — are sent to third-party AI providers for processing. We do not send your email address, payment information, or account details to AI providers.
AI providers process your data solely to generate a response and, per their current API data usage policies, do not use API inputs or outputs to train their models. We recommend reviewing the privacy policies of our current AI sub-processors listed below.
4. Sub-Processors
We use the following third-party services to operate BeanWhisperer:
| Service | Purpose | Data Shared |
|---|---|---|
| OpenAI | AI profile generation | Chat messages only |
| Stripe | Payment processing | Email, payment details |
| Resend | Transactional email | Email address |
| Vercel | Hosting and infrastructure | IP address, request data |
This list may be updated as we change providers. We will update this policy and notify users of material changes.
5. Data Retention
- Account data (email, profile settings): Retained until you delete your account.
- Usage logs (chat count, token usage): Retained for 90 days for rate limiting and billing purposes.
- Saved espresso profiles: Retained until you delete them or your account.
- Payment records: Retained as required by tax and financial regulations (typically 7 years).
6. Your Rights
For all users:
- Access: Request a copy of your personal data.
- Deletion: Request deletion of your account and associated data.
- Correction: Request correction of inaccurate data.
Additional rights for EU/EEA residents (GDPR):
- Legal basis: We process your data based on contract performance (providing the Service), legitimate interest (security, abuse prevention), and your consent where applicable.
- Data portability: Request your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interest.
- Right to restrict: Request restriction of processing in certain circumstances.
- Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
Additional rights for California residents (CCPA):
- Right to know: Request disclosure of what personal information we collect and how we use it.
- Right to delete: Request deletion of your personal information.
- Non-discrimination: We will not discriminate against you for exercising your rights.
- Do Not Sell: We do not sell your personal information to third parties.
To exercise any of these rights, contact us at privacy@beanwhisperer.app. We will respond within 30 days.
7. Cookies and Tracking
We use strictly necessary cookies to maintain your login session. These cookies are essential for the Service to function and do not require your consent. We do not use tracking, analytics, or advertising cookies. Third-party services (such as Stripe) may set their own cookies during payment processing; refer to their respective cookie policies for details.
8. Children's Privacy
BeanWhisperer is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
9. International Data Transfers
Your data is processed in the United States by our hosting and service providers. If you are located outside the United States, your data will be transferred to and processed in the US. We rely on our sub-processors' Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) to ensure adequate protection of your data.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect via the email associated with your account. The "Last updated" date at the top of this page reflects when the policy was last revised.
11. Contact
BeanWhisperer is operated by Dot and Drape LLC, a Delaware limited liability company. For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@beanwhisperer.app.