Privacy.

Coffeework is a one-person project. This policy is in plain English so you can actually tell what's happening with your data. If anything's unclear, email hello@richardsaethang.com and I'll explain.

What we collect

Account info: your email address, and either your password (stored as a hash, never plain text, by Supabase) or your Apple Sign In identifier.

Profile info you choose to add: display name, handle, short bio, "currently working on" note, profile photo, and a "connection intent" flag (Networking / Open to meeting / Both / Private). All optional. You control whether your profile is visible to other users.

Activity inside the app: cafés you've favorited, private notes you've written about cafés, check-ins (which auto-expire after 30 minutes), plans you've made or RSVPed to, and people you follow.

Submissions: photos you submit for a café and "suggest an edit" messages. These are reviewed by the curator before appearing publicly.

Location: when you tap "check in" at a café, we read your current location once to verify you're physically there (within ~200 meters). We don't store that GPS reading; we just store the fact that you checked into that café. No background location, no continuous tracking.

Photo library: accessed only when you tap "Suggest a photo" or "Change profile photo." We only see the specific photo you choose.

Push notification token: if you grant push permission, an opaque token from Apple's notification service so we can send you notifications (e.g., when someone RSVPs to a plan you're hosting). You can revoke anytime in iOS Settings.

Subscription status: if you ever subscribe to a paid tier, we record that you have an active subscription. Payment itself is handled by Apple (via RevenueCat) or Stripe — we don't see your card or bank info.

Who we share it with

We use a small set of services to run the app. Each only sees what they need to do their job:

• Supabase — our database and auth provider. Stores your account, profile, favorites, plans, and check-ins.
• Apple — handles Sign in with Apple and push notification delivery.
• RevenueCat — manages iOS subscription state. Receives an anonymous user ID and your purchase events.
• PostHog — product analytics so we know which features people actually use. Sees: events like "cafe_viewed" with timestamps and an anonymous user ID. Does not see your email, your private notes, or your check-in locations.
• Expo — handles push notification delivery for the iOS app.

We don't sell your data. We don't share it with ad networks. We don't use tracking pixels.

What other users can see

If your profile visibility is off (default), no other user can see your profile, your check-ins, or that you exist on the platform. You can still browse, save favorites, and make plans.

If your profile visibility is on, other authenticated users can see: your display name, handle, bio, "currently working on," profile photo, connection intent flag, and your active check-ins (during the 30-minute window).

Plans you create generate a shareable invite link. Anyone with the link can see the café and time, and can RSVP. They see your display name as the host.

Your rights

You can delete your account, export your data, or correct anything we have about you by emailing hello@richardsaethang.com. We respond within 30 days. If you're in California, the EU, or another jurisdiction with specific data rights — those rights apply.

Children

Coffeework is for users 17 and older. We don't knowingly collect data from anyone under 17. If you think we have such data, email us and we'll delete it.

Security

Data is stored on Supabase, which encrypts data in transit (TLS) and at rest. Passwords are hashed before storage. Nothing is bulletproof — we'll tell you within 72 hours if a breach we know about could affect you.

Changes to this policy

If we change this policy in a meaningful way, we'll update the "Last updated" date at the top and notify active users via push or email if the change affects what we do with existing data.

Contact

Email hello@richardsaethang.com for anything related to your data or this policy.