Principles Coffee House

Privacy Policy

PRIVACY POLICY Last updated: 16 April 2026 Principles Coffee House ("we", "us", "our") operates this app. This policy explains what personal data we collect, how we use it, and your rights under the UK GDPR. WHAT WE COLLECT When you sign up, you give us: • Your name (first and last) • Your email address • Your mobile phone number (used only to identify your account) • Your password (stored securely, we never see it) When you use the app, we record: • Your orders (pre-orders and in-store) and their contents • Your wallet balance, top-ups, and transactions • Coffee stamps earned, free coffees redeemed • Any messages you send us via an order ("How can we help?") • Your marketing preferences (if you opted in) If you install the app from the App Store or Google Play, we also record: • A device token from Apple or Google, used only to send you push notifications about your orders and occasional promotional updates If you add our loyalty card to Apple Wallet or Google Wallet, the pass is linked to your account so we can keep your stamps and balance in sync. WHAT WE DON'T COLLECT We do NOT collect: • Your location • Your payment card details (we don't take card payments in the app — your wallet is topped up separately) • Advertising identifiers, tracking cookies, or analytics beyond what's needed to run the service • Your contacts, photos, microphone, or camera (except the camera if you scan a QR code, which is used only in that moment) HOW WE USE YOUR DATA We use your data only to: • Let you sign in and access your account • Process and deliver your orders • Track your wallet balance and loyalty rewards • Send you notifications about your orders and occasional updates (you can disable these in your device settings) • Respond to support messages • Keep our app and service working securely WHO HAS ACCESS • Only Principles staff can see your account (name, email, phone, order history, balance) when viewing the staff dashboard to serve you • Our database is hosted by Supabase (EU region), our app is hosted by Vercel • Email notifications are sent via Resend • Push notifications are delivered by Apple (iOS) or Google (Android) • We never sell or share your data with advertisers or third-party marketers HOW LONG WE KEEP YOUR DATA • Active accounts: as long as you use the app • If you delete your account: we remove your personal details within 30 days. We keep anonymised transaction records for accounting purposes (required by UK tax law). YOUR RIGHTS Under UK GDPR you have the right to: • See what data we hold about you • Correct or update your details (you can do this in the app under "Account") • Delete your account and associated personal data (you can do this in the app under "Account" → "Delete account") • Export your data — email us and we'll send you a copy • Withdraw marketing consent at any time • Complain to the ICO (ico.org.uk) CONTACT For any privacy questions or requests, email us at: principles@mightchange.app PHONE NUMBER NOTE We use your phone number only to identify your account. We will never contact you by phone or text, and we will never share your number with third parties. CHANGES TO THIS POLICY If we update this policy, we'll post the new version in the app and update the date above.