Last Edited

Apr 9, 2026

Privacy Policy – Coffeehouse

Effective Date: April 9, 2026

Last Updated: April 9, 2026

This Privacy Policy explains how Coffeehouse Communications OÜ (“Coffeehouse”, “we”, “our”, or “us”) collects, uses, shares, and protects personal data when you use our mobile application and related services (collectively, the “Service”).

1. Controller Information

Coffeehouse Communications OÜ

Commercial Registration Number: 16147857

Registered Address: Tööstuse tn 75-71, 10416 Tallinn, Estonia

Email: hello@coffeehouse.world

Data Protection Contact: Federico Abruzzini, Data Protection Lead.

2. Scope and Legal Basis

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Estonian data protection laws. The legal bases for processing your data may include: consent, performance of a contract, compliance with legal obligations, and our legitimate interests, provided these do not override your fundamental rights and freedoms.

3. Data We Collect

We collect the following categories of data:

  • Account and profile information: username, email address, password, profile content.
  • Usage and device data: log files, app interactions, IP address, device identifiers, and cookies.
  • Content data: posts, comments, messages, and uploaded media.
  • Economic and transactional data: Coins, Tokens, Points, payments, and rewards.
  • Communication data: customer support and feedback messages.
  • Identity and Tax Data (Creators only): For users who monetize content, we collect full name, date of birth, government-issued ID, and Tax Identification Number (TIN) to comply with EU DAC7 reporting and Anti-Money Laundering (AML) regulations. We use a third party provider to collect Identity and Tax data (Stripe).

4. Purpose of Processing

We process your data to:

  • Provide and improve our Service.
  • Enable creator tools, including Tokens, Channels, Series, and Points functionality.
  • Facilitate payments, tips, and withdrawals through Stripe or other payment providers.
  • Personalize user experience, including feed recommendations and creator discovery.
  • Prevent fraud and abuse, ensure legal compliance, and maintain platform integrity.

5. Profiling and Personalization

We may use limited profiling (e.g., analyzing engagement, topic preferences, or token interactions) to personalize your experience. These processes do not produce legal or similarly significant effects under Article 22 GDPR. No automated decisions are made that affect your legal rights.

6. Legal Bases Summary

  • Account registration and service delivery: Contractual necessity.
  • Payments and rewards: Contractual necessity and legal obligation.
  • Analytics and improvement: Legitimate interest.
  • Advertising or personalization: Consent (where required).
  • Security and fraud prevention: Legitimate interest and legal obligation.

7. Data Sharing and Processors

We only share personal data with trusted third parties to operate our Service. These include:

  • Hosting: Amazon Web Services (AWS) – EU data centers.
  • Analytics: Google Firebase (EU-compliant setup).
  • Payment processing:Stripe, LLC

All third parties process data under signed Data Processing Agreements and implement adequate safeguards, including Standard Contractual Clauses for international transfers.

8. International Data Transfers

Where data is transferred outside the European Economic Area, we ensure compliance through Standard Contractual Clauses (SCCs) approved by the European Commission, encryption, and strict access controls.

9. Retention and Deletion

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, and resolve disputes. Users may delete their account at any time via app settings.

We retain personal data as long as the account is active. Upon account deletion, most data is removed within 30 days. However, in accordance with Estonian accounting and tax laws, records of financial transactions (Coin purchases, Creator Payouts etc…) will be retained for a period of 7 years.

10. Data Security

We implement strong technical and organizational measures to protect data, including encryption (AES-256), HTTPS connections, firewalls, and access restrictions. While no system is entirely secure, we take reasonable steps to minimize risks.

11. Children’s Privacy

Coffeehouse is not directed to individuals under 16 years of age. Users must be at least 16 years old to use the Service. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected data from a child, we will promptly delete it.

12. User Rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Request correction or deletion.
  • Restrict or object to processing.
  • Withdraw consent at any time.
  • Port your data to another service provider.

Requests can be submitted to hello@coffeehouse.world. We respond within 30 days. You also have the right to lodge a complaint with your national Data Protection Authority (in Estonia, the Estonian Data Protection Inspectorate).

13. Cookies and Tracking

We use cookies and similar technologies to operate and improve our Service. Some cookies are essential, while others (e.g., for analytics or personalization) require your consent. For details, please refer to our Cookie Policy.

14. Data Minimization and Transparency

We collect and process only the minimum data necessary to achieve the stated purposes. Our systems are designed with privacy by default and privacy by design principles.

15. Updates to This Policy

We may update this Privacy Policy periodically. Updates will be posted in the app and on our website with a revised “Last Updated” date. We encourage users to review the policy regularly.

For any questions, contact us at: hello@coffeehouse.world