Privacy Policy – Coffee Codex

Last updated: June 8, 2026

Your privacy is important to us. This Privacy Policy describes how the Coffee Codex app (“Service”) collects, uses, stores and shares personal information, in compliance with the Brazilian General Data Protection Law (LGPD) and the General Data Protection Regulation (GDPR – European Union).

1. Data Controller

The controller responsible for processing personal data is Coffee Codex, operated from Brazil.

Contact for privacy and data protection matters:
Email: contato@cafesinn.com.br
This channel also serves as contact for the Data Protection Officer (LGPD).

2. Information We Collect

We only collect data necessary for the operation, security and improvement of the Service.

2.1 Personal Data Provided by the User

• Name and email address (via authentication).
• Information associated with the user account (e.g., saved recipes, preferences, inventory).

Authentication is performed through Firebase Authentication.

2.2 Usage and Diagnostic Data (Automatic Collection)

We may automatically collect:

• App and device identifiers (e.g., Firebase Instance ID, App Set ID).
• IP address (in aggregated or indirect form).
• Device type, operating system and app version.
• Usage and interaction events (Firebase Analytics).
• Crash logs, errors and diagnostic technical data (Firebase Crashlytics).

Note on IP: The IP address may be temporarily retained for security and geographic diagnostic purposes, and later anonymized or discarded in line with standard Firebase practices. This data is used exclusively for analysis of performance, stability, security and improvement of the Service.

2.3 Advertising

The app may display ads through Google AdMob, which may use device advertising identifiers in accordance with user preferences and permissions. Processing of this data follows Google's policies and applicable consent settings (e.g., GDPR/EEA).

2.4 Payments and Subscriptions

Purchases and subscriptions are processed exclusively by Google Play Billing. Coffee Codex does not collect or store credit card data or sensitive financial information. Google Play may collect and process data according to its own privacy policies.

2.5 Backups

User data may be included in automatic backups, for the purpose of ensuring security, integrity and recovery of information.

3. Legal Bases for Processing

3.1 LGPD (Brazil)

We process personal data based on:

• Performance of a contract and preliminary procedures.
• Data subject consent, where applicable.
• Legitimate interest, for security, fraud prevention and improvement of the Service.
• Compliance with a legal or regulatory obligation.

3.2 GDPR (European Union)

If you are in the European Economic Area (EEA), processing occurs based on:

• Explicit consent.
• Performance of a contract.
• Legitimate interests, respecting your fundamental rights and freedoms.
• Compliance with legal obligations.

4. How We Use the Information

We use the data to:

• Operate and maintain the Service.
• Authenticate users and manage accounts.
• Save and sync content.
• Analyze usage and performance.
• Fix bugs and improve stability.
• Display ads, where applicable.
• Process subscriptions and premium features.

5. Data Sharing and Third Parties

We do not sell personal data. We may share data with service providers acting as operators/processors, including:

• Authentication, database and cloud hosting services (Firebase).
• Usage and performance analytics (Firebase Analytics).
• Crash reporting (Firebase Crashlytics).
• Advertising (Google AdMob).
• Payment processing (Google Play).

These third parties process the data only according to our contractual instructions and for the described purposes.

6. International Data Transfer

Data may be transferred and processed on servers located outside Brazil, including Google servers in other countries. We adopt appropriate technical and organizational security measures, as well as appropriate contractual safeguards, to ensure that data is protected in accordance with applicable law.

7. User Rights

You have the right to:

• Access your personal data.
• Correct incomplete or incorrect data.
• Request deletion of data and the account.
• Request portability.
• Restrict or object to processing.
• Withdraw consent at any time.

Account Deletion: You can request deletion of your account and data directly in the app settings. If you cannot access the app, you can request full deletion of your account by sending an email to contato@cafesinn.com.br with the subject "Account Deletion".

Users in the EEA may also lodge a complaint with their local data protection authority. In Brazil, the data subject may contact the National Data Protection Authority (ANPD).

8. Data Retention

Personal data is kept:

• While the account is active.
• After account deletion, for a limited period, when necessary for backups, security, fraud prevention and compliance with legal obligations.

Data stored locally on the device is associated with the active account. When you access the app with a different account on the same device, the previous account's local data that was not synced may be erased from that device, as a cross-account privacy measure. Data synced to the cloud remains linked to the respective account, in accordance with the retention and security sections.

9. Children's Privacy

The Service is not intended for children under 13 (or 16 in the EEA). If we identify the collection of data from children without a valid legal basis, we will take steps to delete that information immediately.

10. Security

We employ appropriate technical and organizational measures to protect personal data. No system is completely secure, but we continually seek to improve our security practices.

11. Changes to This Policy

This Policy may be updated periodically. The latest version will always be available in the app and on our official website.

12. Contact

Questions or requests related to privacy:
Email: contato@cafesinn.com.br
Website: cafesinn.com.br