Privacy Policy

BeanScore ("we", "us", "our") operates the BeanScore web and mobile application at beanscore.app. We are the data controller responsible for your personal data.

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where the EU GDPR applies (for example, for users in the European Economic Area), we comply with that too.

For data protection enquiries, please contact us at: hello@beanscore.app

We collect the following categories of personal data:

• Account data: email address, username, and password (stored as a secure hash via our authentication provider).
• Profile data: profile image and any optional bio or display information you choose to provide.
• Coffee activity: coffees you swipe on (including direction), coffees you add to favourites, reviews and ratings you submit, and flavour notes you associate with coffees.
• Taste & preference data: brew methods, equipment preferences, and the Taste DNA profile we derive from your activity.
• Usage data: pages and features you visit, session timestamps, and interaction patterns within the app.
• Technical data: device type, operating system version, and browser type. We do not collect advertising identifiers.

We process your personal data on the following legal bases under UK/EU GDPR:

• Contract performance: processing necessary to provide you with the BeanScore service you signed up for, including account management, personalisation, and community features.
• Legitimate interests: processing necessary to improve coffee recommendations, detect fraudulent or abusive behaviour, maintain platform security, and develop the app — where these interests are not overridden by your rights.
• Consent: for optional features such as marketing communications or non-essential analytics. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal obligation: processing necessary to comply with applicable law or respond to lawful requests from authorities.

• To operate your account and enable you to use all platform features.
• To personalise your coffee discovery feed and generate your Taste DNA profile based on your ratings and swipe behaviour.
• To improve recommendation quality and overall app performance.
• To send transactional emails (for example: email verification, password reset, account notices). We will not send marketing communications without your explicit consent.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with our legal obligations.

BeanScore uses the following types of cookies and tracking technologies:

• Essential cookies: session tokens required for authentication and to keep you logged in. These cannot be disabled without breaking core functionality.
• Analytics: we may use analytics tools (such as Google Analytics via Google Tag Manager) to understand how users navigate the app and where improvements can be made. Analytics data is aggregated and not used to identify you personally.

We do not use third-party advertising cookies or sell data to ad networks. Where non-essential cookies are in use, you will be informed and given the opportunity to manage your preferences.

Your data is stored and processed using the following infrastructure providers, each operating under a data processing agreement with BeanScore:

• Supabase: our primary database and authentication provider. User data, reviews, ratings, and activity records are stored in Supabase-managed infrastructure.
• Supabase Storage: profile images and other uploaded files are stored in cloud object storage managed by Supabase.
• Vercel: our web hosting provider. Application code is deployed and served via Vercel's global edge network.

We take steps to ensure our providers maintain appropriate data protection standards. Where data is transferred outside the UK or EEA, we ensure adequate safeguards are in place as required by UK GDPR.

BeanScore is a community platform. The following data is publicly visible by default and can be seen by any visitor, including users who are not logged in:

• Your username and profile image.
• Coffee reviews and ratings you submit.
• Your flavour note associations and other contributed content.

If you do not wish this information to be publicly visible, you should not submit it. You can delete your account and associated public content at any time via Profile › Account › Delete Account.

We do not sell, rent, or trade your personal data to any third party. We may share data only in the following limited circumstances:

• Infrastructure providers: Supabase and Vercel, as described above, process data on our behalf under data processing agreements.
• Legal requirements: where required by law, court order, or lawful request from a government authority, we may disclose data to the extent necessary to comply.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before any such transfer takes effect.

We retain your personal data for as long as your account is active and for a reasonable period thereafter to meet legal and operational obligations.

If you request deletion of your account, we will erase your personal data within 30 days of the request, except where:

• Retention is required by law (for example, financial records).
• The data has been aggregated and anonymised such that it can no longer be linked to you — in which case it may be retained indefinitely for service improvement purposes.

You have the following rights regarding your personal data. To exercise any of them, contact us at hello@beanscore.app:

• Right of access: to request a copy of the personal data we hold about you.
• Right to rectification: to correct inaccurate or incomplete data.
• Right to erasure: to request deletion of your data ("right to be forgotten"). You can also do this directly via Profile › Account › Delete Account.
• Right to restriction: to ask us to limit how we process your data in certain circumstances.
• Right to object: to object to processing based on legitimate interests.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Right to complain: you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We will respond to requests within one month. Complex or multiple requests may take up to three months; we will keep you informed.

BeanScore is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at hello@beanscore.app and we will delete the data promptly.

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), access controls, and secure authentication via our infrastructure providers. However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and are not responsible for circumvention of our security measures by third parties.

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notice or email at least 14 days before they take effect. The date of the most recent update is shown at the top of this page. Your continued use of BeanScore after changes take effect constitutes your acceptance of the revised policy.

For any privacy-related questions, requests, or concerns, please contact us at: hello@beanscore.app