Privacy Policy
Last updated: 20 May 2026 Effective date: 10 May 2026
1. Introduction
Sai Teja Reddy, proprietor of Qoffee ("we", "our", "us") operates the Qoffee mobile application (the "App"), a daily reading and podcast experience. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data.
By installing or using Qoffee, you agree to the practices described here. If you do not agree, please do not use the App.
This policy applies to the Qoffee mobile app on Android and iOS, the website at getqoffee.com, and any related services we provide.
2. Information we collect
2.1 Information you provide
- Account information. When you sign in with Google Sign-In, we receive your email address, display name, and profile picture from Google. When you sign in with Apple, we receive your Apple user identifier and, if you choose to share them, your email address and name. Authentication is handled through Firebase Auth. We do not access your Gmail, Drive, iCloud, or any other Google or Apple service.
- Subscription information. When you purchase a Qoffee Premium subscription, RevenueCat helps us manage subscription status across Google Play Billing and the Apple App Store. RevenueCat shares purchase metadata with us, including product ID, transaction date, renewal status, store, and a pseudonymous user identifier. We do not receive your card number, billing address, or payment instrument details.
- Referral codes. If you redeem a referral code from a friend, we record the pairing between your account and theirs solely to credit the referral.
2.2 Information collected automatically
- Reading activity. We record which articles you open, how long you spend on them, and whether you bookmark or share them, to power the For You feed and your reading stats.
- Listening activity. For podcasts, we record which episodes you start, pause, complete, or skip, to improve audio recommendations.
- Device information. App version, operating system version, device model, language preference, and a Firebase-issued installation ID. We use this to debug crashes and ensure compatibility.
- Push notification token. A Firebase Cloud Messaging (FCM) token, used solely to deliver the daily briefing notification to your device.
- Analytics events. Aggregated usage events (screen views, feature taps) via Firebase Analytics. These events are tied to a Firebase pseudonymous user ID, not your name or email.
- Crash diagnostics. If the app crashes, Firebase Crashlytics captures the stack trace, device state at the moment of the crash, and a pseudonymous user ID, to help us fix bugs.
- Advertising and attribution data. Free-tier users may see contextual native ads through Google AdMob. On Android, the Google Mobile Ads SDK may receive the Google Advertising ID (GAID). On iOS, Qoffee does not request App Tracking Transparency permission or IDFA access for launch; AdMob may process app instance, device, ad request, and SKAdNetwork attribution data permitted by iOS for non-personalized ads. See Section 11 for details.
2.3 Information we do not collect
- We do not collect your contact list, photos, location, microphone audio, or SMS history.
- We do not sell your personal data to data brokers.
- We do not profile you for purposes outside of the App's core experience (curation, recommendations, support).
3. How we use your information
| Purpose | Lawful basis (DPDP / GDPR) |
|---|---|
| Authenticate you and keep you signed in | Performance of contract |
| Curate your For You feed and reading stats | Performance of contract |
| Process subscription purchases and renewals | Performance of contract |
| Send you the daily briefing push notification | Consent (you can disable in Settings) |
| Detect crashes and improve stability | Legitimate interest |
| Render contextual ads in the free tier | Legitimate interest |
| Respond to support requests | Performance of contract |
| Comply with legal obligations | Legal compliance |
4. Who we share your information with
We share data only with the service providers required to operate the App:
| Provider | What they receive | Why |
|---|---|---|
| Google Firebase (Auth, Analytics, Crashlytics, Cloud Messaging) | Account email, Firebase user ID, device identifiers, app events, crash logs | Authentication, analytics, push notifications, crash reporting |
| Google Sign-In | Google account email, display name, profile picture | Account sign-in |
| Sign in with Apple | Apple user identifier, email and name when shared | Account sign-in on Apple platforms |
| Supabase (PostgreSQL hosted in Singapore / EU) | Account data, bookmarks, reading history | Primary application database |
| Cloudflare R2 | Audio files | Podcast streaming |
| RevenueCat | Pseudonymous user ID, subscription state, store transaction metadata | Subscription management |
| Google Play Billing | Android purchase tokens and transaction status | Android payment processing |
| Apple App Store | iOS purchase and renewal status through RevenueCat | iOS payment processing |
| Google AdMob | GAID on Android; app instance, device, ad request, and SKAdNetwork attribution data on iOS | Native feed ads in the free tier |
| Railway | Server-side request metadata | Backend hosting |
| OpenAI / Google Gemini / Anthropic | Article text and prompts | Content generation pipeline (server-side only; your personal account data is not sent to LLM providers) |
We do not authorise these providers to use your information for any purpose other than delivering Qoffee's service to you.
5. International data transfers
Some of our service providers are located outside India. When we transfer your data internationally, we rely on the standard contractual safeguards required under DPDP and GDPR, including data processing agreements with each provider.
6. How long we keep your data
| Data type | Retention period |
|---|---|
| Account profile (email, display name) | For as long as your account is active. Deleted within 30 days of account deletion. |
| Reading and listening history | For as long as your account is active, capped at 365 days for personalisation; older entries may be aggregated and anonymised. |
| Bookmarks | Until you remove them, or 30 days after account deletion. |
| Subscription and payment records | 7 years (statutory tax retention requirement). |
| Crash logs and analytics events | 14 months (Firebase default). |
| FCM push token | Until you sign out, uninstall the app, or 90 days of inactivity (whichever is sooner). |
7. Your rights
Depending on where you live, you have the following rights:
- Access. You can request a copy of the personal data we hold about you.
- Correction. You can correct inaccurate information from inside the App (Settings > Profile) or by contacting us.
- Deletion. You can delete your account at any time from inside the App at Settings > Privacy > Delete account, or by visiting
getqoffee.com/delete-account. Deletion removes your profile, bookmarks, reading history, and FCM token from our active systems within 30 days. Subscription and payment records are retained for the statutory period above. - Withdraw consent. For data processed on the basis of consent (e.g., push notifications, analytics), you can withdraw consent in Settings.
- Portability. You can request an export of your data in a machine-readable format.
- Objection. You can object to processing based on legitimate interest (e.g., ads, analytics).
- Grievance redressal (India). Users in India can contact our Grievance Officer at the address below.
To exercise any of these rights, email support@getqoffee.com. We respond within 30 days.
8. Children
Qoffee is rated 13+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it.
9. Security
We protect your data with industry-standard measures including TLS encryption in transit, encryption at rest on Supabase and Cloudflare R2, principle-of-least-privilege access controls for our team, and Firebase App Check to deter abuse. No system is perfectly secure; if you discover a vulnerability, please contact us at support@getqoffee.com.
10. Third-party services
The App may contain links to external websites (e.g., publishers we cite), the Google Play Store, or the Apple App Store. We are not responsible for the privacy practices of third-party services. Please review their privacy policies separately.
11. Advertising
The free tier of Qoffee shows native ads inside the feed via Google AdMob. Qoffee configures native ad requests as non-personalized at launch.
Premium subscribers do not see ads in the App. After premium status is known, the app does not initialize the Mobile Ads SDK for premium users.
On Android, AdMob may receive the Google Advertising ID (GAID). You can reset or limit the GAID from Android Privacy or Ads settings.
On iOS, Qoffee does not request App Tracking Transparency permission or IDFA access for launch. AdMob uses non-personalized ad requests and Apple's SKAdNetwork attribution where applicable. You can manage Apple advertising and privacy controls from iOS Privacy & Security settings.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the App and update the "Last updated" date at the top. Your continued use of the App after the change takes effect constitutes acceptance of the updated policy.
13. Contact us
For privacy questions, requests, or complaints:
- Email:
support@getqoffee.com - Grievance Officer (India):
Sai Teja Reddy,support@getqoffee.com - Postal address: Sai Teja Reddy, proprietor of Qoffee, 3rd Floor, Crescent 4, Prestige Shantiniketan, ITPL Main Rd, Thigalarapalya, Whitefield, Bengaluru, Karnataka 560048
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India under the DPDP Act, or with your local supervisory authority under the GDPR.