Privacy Policy

Effective Date: April 21, 2025

1. Information We Collect

1.1 Authentication Data

When you register as a Barista or optionally as a signed‑in Customer via Sign in with Apple, we receive your name and email address. This data is stored in Firestore to identify you and personalize your experience.

1.2 Location Data

Customers: We request real‑time location from your device to show nearby coffee shops. Customer location is used in‑memory only and not stored.

Baristas: You provide your shop’s address or coordinates when creating a listing. We store that location in Firestore for as long as your shop remains active; if you delete your shop, we delete its location.

1.3 Push Notification Tokens

We request permission to send you push notifications (order updates, app announcements). We store your device’s push token in Firestore and use Firebase Cloud Messaging to deliver messages.

1.4 User‑Generated Content

Images & Logos: Baristas may upload shop logos and drink photos. These are stored in Firebase Storage and displayed in‑app.

Text & Menu Data: Menu names, drink descriptions, and other content you submit are stored in Firestore.

1.5 Analytics & Diagnostics

We collect anonymous usage statistics and crash reports via Firebase Analytics and Crashlytics to improve stability and performance.

1.6 Cookies & Web Beacons (Site Only)

Our Site is a static Firebase‑hosted page. We do not set tracking cookies or use web beacons beyond essential session cookies. We do not use Google Analytics or similar on the Site.

2. How We Use Your Information

• Provide, operate, and maintain the App and Site
• Authenticate and identify Baristas and (optionally) Customers
• Display shop locations and user‑uploaded images
• Send push notifications you’ve opted into
• Analyze usage trends and crash events
• Improve and personalize features and user experience
• Communicate with you regarding your account, orders, and updates

3. Data Sharing & Disclosure

We do not sell or lease your personal information. We may share information only in the following limited circumstances:

• Service Providers: Firebase (Auth, Firestore, Storage, Cloud Messaging, Analytics, Crashlytics) as needed to operate the App and Site.
• Legal Requirements: When required by law, subpoena, or government request.
• Business Transfers: If we merge, sell, or reorganize, user data may be transferred as part of that transaction, subject to this Privacy Policy.

4. Data Retention & Deletion

We retain your authentication info, shop listings, uploaded images, and analytics data indefinitely, or until you delete them. To request deletion, email us at info@homegrind.app with “Data Deletion Request” in the subject line. We will delete your data within 30 days, unless retention is required by law.

5. Data Security

We implement reasonable safeguards via Firebase: secure transit (HTTPS/TLS), Firestore and Storage access controls, and regular security assessments.

6. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA: right to know, right to delete, right to opt‑out of sale (we do not sell your data), and non‑discrimination. To exercise these rights, contact us at info@homegrind.app.

7. Children’s Privacy

We do not knowingly collect personal data from children under 13. If we inadvertently collect data from a child under 13, we will delete it. Users aged 13–17 may use the App only under a parent or guardian’s supervision.

8. Changes to This Privacy Policy

We may update this policy at any time by posting a revised version with a new Effective Date. Continued use signifies acceptance. Review periodically.

9. Contact Us