Privacy Policy

Coffee Prophet — Coffee Grounds Fortune Telling App

Effective Date: January 1, 2026

Last Updated: December 22, 2025

Company: Dinkel AI & MEDIA TECH GmbH

Jurisdiction: European Union (GDPR), Austria

Application: Coffee Prophet (com.dinkelai.coffeeprophet)

1. Introduction and Important Information

Dinkel AI & MEDIA TECH GmbH (hereinafter "Company", "we", "us", "our") respects your privacy and is committed to protecting your personal data in accordance with European Union and Austrian law.

This Privacy Policy ("Policy") describes:

What data we collect
How we use it
How we protect it
Your rights regarding your data

IMPORTANT: Coffee Prophet is an entertainment application. Predictions are generated by artificial intelligence and are not professional advice, medical diagnosis, legal advice, financial recommendations, or any other type of professional assistance.

This Policy applies to both versions of the application:

iOS version (Apple App Store)
Android version (Google Play Store)

2. Data Controller Information

Legal Entity:

Name: Dinkel AI & MEDIA TECH GmbH
Type: Gesellschaft mit beschränkter Haftung (GmbH)
Country of Registration: Austria
Jurisdiction: European Union

Contact Information:

Website: https://dinkel.it.com/coffeeprophet.html
Email for privacy questions: partners@sonaya.ai
Support email: support@sonaya.ai

Regulator:

Austrian Data Protection Authority (DSB): https://www.dsb.gv.at/

3. What Data We Collect

3.1. Data You Provide to Us

Authorization Data (Optional)

If you choose to sign in via Apple ID or Google Account:

Data	Source	Purpose	Legal Basis
Apple/Google User ID	Apple/Google Sign in	User identification, subscription binding	Consent (Art. 6(1)(a) GDPR)
Email address (if shared)	Apple ID or Google	User contact, account recovery	Consent (Art. 6(1)(a) GDPR)
Profile name (if available)	Apple ID or Google	Display in app	Consent (Art. 6(1)(a) GDPR)

Important: Sign in via Apple/Google is optional. You can use the app anonymously with Device ID.

Data You Actively Upload

Data	Description	Purpose	Storage
Cup photographs (3 photos)	Photos of coffee grounds from different angles	Analysis via OpenAI for prediction generation	Deleted immediately after analysis (max 24 hours)
Text question (optional)	Question you ask	Context for AI prediction	Stored in history until account deletion

3.2. Technical Data Collected Automatically

Data	Purpose	Storage
Device ID	Subscription binding, fraud protection	Until account deletion
IP address	Geolocation for pricing, security	30 days in logs
Device type, OS version	Bug debugging, compatibility	Anonymous, 12 months
App version	Bug debugging, old version support	Anonymous, 12 months

3.3. Payment Data

IMPORTANT: We do NOT process payment data directly! Card numbers, CVV, and other payment details are processed exclusively by Apple/Google (PCI-DSS protected).

We only receive:

Transaction Status (successful/declined)
Purchase ID (for validation)
Subscription Expiry Date
Currency

3.4. Data We DO NOT Collect

❌ Photos of your face or personal photos (except coffee photos)
❌ Real-time location (only region by IP)
❌ Contacts from your phone book
❌ Web browser history
❌ Content of other apps
❌ Health information

4. Third Parties and Data Transfer

4.1. OpenAI, Inc.

Purpose: Photo analysis and prediction text generation

Data transferred: Coffee cup photographs (3 photos), question text, Device ID (anonymized)

Storage country: USA (OpenAI servers)

Privacy Policy: https://openai.com/policies/privacy-policy/

Photos are deleted from OpenAI within 30 days per their standard policy.

4.2. RevenueCat, Inc.

Purpose: Subscription management and payment validation

Storage country: USA

Privacy Policy: https://www.revenuecat.com/privacy

4.3. Railway / AWS (Infrastructure)

Purpose: App server hosting (Backend)

Storage country: USA or EU (depending on configuration)

Database: PostgreSQL with encryption at rest

4.4. Cross-border Data Transfer

We use Standard Contractual Clauses (SCCs) for data transfers to the USA, ensuring GDPR compliance.

Additional security measures:

Data encryption in transit (TLS 1.3)
Data encryption at rest (AES-256)
Access restriction (only necessary personnel)
Regular security audits

5. Your Rights Under GDPR

5.1. Right of Access (Article 15)

You can request a copy of ALL data we store about you.

How to exercise: Email partners@sonaya.ai with subject "Request for access to personal data under Article 15 GDPR"

Timeframe: We will respond within 30 days

Cost: Free

5.2. Right to Rectification (Article 16)

If your data is inaccurate, you can correct it via Settings → Account → Edit Profile, or email us.

5.3. Right to Erasure (Article 17) — "Right to be Forgotten"

You can request deletion of all your data.

How to exercise: Settings → Account → Delete Account, or email partners@sonaya.ai

Exception: We must retain payment receipts for 7 years per Austrian tax law.

5.4. Right to Restriction (Article 18)

You can ask us NOT to process your data while we store it.

5.5. Right to Data Portability (Article 20)

You can download all your data in JSON or CSV format via Settings → Data & Privacy → Download My Data.

5.6. Right to Object (Article 21)

You can object to data processing for marketing or profiling purposes.

5.7. Complaint to Regulator

Austrian Data Protection Authority:

Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Phone: +43 1 521 52-0

6. Data Security and Protection

Technical Security Measures

Encryption in transit: All data transmitted via HTTPS / TLS 1.3
Encryption at rest: PostgreSQL database uses AES-256 encryption
Passwords: Stored as bcrypt hashes (cannot be recovered)

Data Retention Periods

Data Type	Retention Period	Reason
User ID, Email	Until account deletion or 3 years	User identification
Fortune history	Until account deletion	User history
Cup photographs	24 hours maximum	Debugging, then deleted
Payment receipts	7 years	Austrian tax law
IP address logs	30 days	Security and debugging

7. Data Breach Notification

If a data breach occurs, within 72 hours we will:

Notify the Austrian Data Protection Authority (regulator)
Notify all affected users by email
Publish information on our website

8. AI Usage

How AI works in the app:

You upload a cup photo
OpenAI analyzes the image (identifies figures, patterns)
GPT-5.2 generates prediction text based on analysis + your question
Result is sent to the app

This is NOT profiling: We don't try to learn more about you. Each prediction is independent of previous ones. This is entertainment with random results and no scientific basis.

9. Children and Age Restrictions

Minimum age: 4+ years (per App Store / Google Play)

Users under 13 are recommended to use with parental consent and supervision.

If we discover a child under 13 is using the app without consent, we will notify the parent and request consent within 30 days, or delete the child's data.

10. Cookies and Tracking

Good news: We do NOT use cookies in the mobile app.

We use only:

Local Storage — only for your settings (language, theme)
Device ID — anonymous identifier of your device

We DO NOT use:

❌ IDFA (Apple ID for Advertising)
❌ Google Advertising ID
❌ Facebook/Google tracking pixels
❌ Cross-domain tracking

11. Policy Changes

If we change this Policy:

Last update date is indicated at the top of the document
For critical changes we will notify you via app (popup)
For non-critical changes we will simply update the document

If you don't like the new policy, you can delete your account and request deletion of all data.

12. Contact Information

Privacy Questions

Email: partners@sonaya.ai

We will respond within 30 days.

Technical Support

Email: support@sonaya.ai

We will respond within 1-7 business days.

13. Policy Versions

Version	Date	Main Changes
1.0	January 1, 2026	First version for launch

Thank you for using Coffee Prophet! ☕