Privacy Policy

Coffee Language — Educational App for Turkish Coffee Cup Reading

Effective Date: March 1, 2026

Last Updated: March 7, 2026

Company: Dinkel AI & MEDIA TECH GmbH

Jurisdiction: European Union (GDPR), Austria

Application: Coffee Language (com.dinkelai.fincan) — iOS, Apple App Store

1. Introduction and Important Information

Dinkel AI & MEDIA TECH GmbH (hereinafter "Company", "we", "us", "our") respects your privacy and is committed to protecting your personal data in accordance with European Union and Austrian law.

This Privacy Policy ("Policy") describes:

What data we collect
How we use it
How we protect it
Your rights regarding your data

IMPORTANT: Coffee Language is an educational application that teaches the tradition of Turkish coffee cup reading (UNESCO Intangible Cultural Heritage, 2013). The App provides structured courses with video lessons, a symbol library, and AI-powered practice where users can photograph their coffee cups and receive AI-generated interpretations. Interpretations are for cultural, educational, and entertainment purposes and are not professional advice, medical diagnosis, legal or financial advice, or fortune-telling.

This Policy applies to the iOS application Coffee Language distributed via the Apple App Store.

2. Data Controller Information

Legal Entity:

Name: Dinkel AI & MEDIA TECH GmbH
Type: Gesellschaft mit beschränkter Haftung (GmbH)
Country of Registration: Austria
Jurisdiction: European Union

Contact Information:

Website: https://dinkel.it.com/fincan.html
Email for privacy questions: partners@sonaya.ai
Support email: support@sonaya.ai

Regulator:

Austrian Data Protection Authority (DSB): https://www.dsb.gv.at/

3. What Data We Collect

3.1. Data You Provide to Us

Authorization Data (Optional)

If you choose to sign in with Apple ID:

Data	Source	Purpose	Legal Basis
Apple User ID	Sign in with Apple	User identification, subscription binding	Consent (Art. 6(1)(a) GDPR)
Email address (if shared)	Apple ID	User contact, account recovery	Consent (Art. 6(1)(a) GDPR)
Profile name (if available)	Apple ID	Display in app	Consent (Art. 6(1)(a) GDPR)

Important: Sign in with Apple is optional. You can use the app anonymously with Device ID / Persistent Device ID (stored in iOS Keychain).

Data You Actively Upload

Data	Description	Purpose	Storage
Cup photographs (3 photos)	Photos of coffee cup sediment from different angles	Analysis via OpenAI (GPT Vision) for AI practice interpretation	Deleted immediately after analysis (max 24 hours)
Text question (optional)	Question or thought you share	Context for AI interpretation	Stored in history until account deletion

3.2. Educational Progress Data (Stored Locally)

The following data is stored locally on your device (AsyncStorage) and is not transmitted to our servers unless you choose to sign in:

Data	Description	Purpose
Completed lessons	Which lessons you have finished	Track course progress
XP (experience points)	Points earned from completing lessons and practice	Gamified learning progress
Level and title	Your current level (e.g. "Interpreter", "Master")	Motivation and achievement tracking
Streaks	Consecutive days of activity	Engagement tracking
Quiz results	Scores from lesson quizzes	Learning assessment

If you sign in with Apple ID, this progress data may be synced to our server to enable cross-device access and backup.

3.3. Technical Data Collected Automatically

Data	Purpose	Legal Basis	Storage
Device ID / Persistent Device ID	Subscription binding, fraud protection, stable identity after reinstall (iOS Keychain)	Legitimate Interest (Art. 6(1)(f) GDPR)	Until account deletion
IP address	Region for pricing, security	Legitimate Interest (Art. 6(1)(f) GDPR)	30 days in logs
Device type, OS version	Bug debugging, compatibility	Legitimate Interest (Art. 6(1)(f) GDPR)	Anonymous, 12 months
App version	Bug debugging, support	Legitimate Interest (Art. 6(1)(f) GDPR)	Anonymous, 12 months

Our legitimate interest in collecting technical data is to ensure the security, stability, and proper functioning of the App, prevent fraud, and provide customer support. You have the right to object to processing based on legitimate interest (see Section 5).

3.4. Payment Data

IMPORTANT: We do NOT process payment data directly. Card numbers, CVV, and other payment details are processed exclusively by Apple (App Store). We only receive transaction status, purchase ID, subscription expiry, and currency via RevenueCat.

3.5. Data We DO NOT Collect

❌ Photos of your face or personal photos (except coffee cup photos)
❌ Real-time location (only region by IP)
❌ Contacts from your phone
❌ Health information

4. Third Parties and Data Transfer

4.1. OpenAI, Inc.

Purpose: Image analysis (GPT Vision) and interpretation text generation.

Data transferred: Coffee cup photographs (3), optional question text, anonymized identifier.

Storage country: USA. Transfer safeguard: EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). We have a Data Processing Agreement (DPA) with OpenAI. Privacy Policy: https://openai.com/policies/privacy-policy/

4.2. RevenueCat, Inc.

Purpose: Subscription management and payment validation for iOS.

Storage country: USA. Transfer safeguard: EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). We have a Data Processing Agreement (DPA) with RevenueCat. Privacy Policy: https://www.revenuecat.com/privacy

4.3. Apple, Inc.

Purpose: In-app purchases, Sign in with Apple. Payment data is processed by Apple (PCI-DSS). Apple acts as an independent data controller for payment processing.

4.4. DigitalOcean, LLC (Content Delivery)

Purpose: Hosting and delivery of educational video content (course lesson videos) via CDN (Content Delivery Network).

Data involved: No personal user data is collected or processed. Video files are static content served over HTTPS. Standard web server logs (IP address, request timestamp) may be generated by the CDN infrastructure.

Storage country: USA / EU (nearest CDN edge). Privacy Policy: https://www.digitalocean.com/legal/privacy-policy

4.5. TikTok (ByteDance Ltd.) — Conversion Tracking

Purpose: Measuring the effectiveness of advertising campaigns on TikTok. The TikTok Business SDK tracks anonymized conversion events (e.g. purchase completed, content viewed, registration).

Data transferred: Anonymized event data (event type, timestamp, purchase amount/currency). No personal identifiers, photos, or content data is shared with TikTok.

Storage country: USA / Singapore. Transfer safeguard: Standard Contractual Clauses (SCCs). Privacy Policy: https://www.tiktok.com/legal/privacy-policy

You can limit ad tracking in iOS Settings → Privacy & Security → Tracking.

4.6. Infrastructure (e.g. Railway / AWS)

Purpose: App backend hosting. Database: PostgreSQL with encryption at rest. Transfer safeguard: Standard Contractual Clauses (SCCs) and Data Processing Agreement (DPA) for transfers to the USA.

5. Your Rights Under GDPR

You have the right to: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Data portability (Art. 20), Object (Art. 21).

How to exercise: Email partners@sonaya.ai (subject: "GDPR request – Coffee Language") or use in-app Settings → Account / Privacy where available. We respond within 30 days.

Complaint: Austrian Data Protection Authority (DSB): https://www.dsb.gv.at/, dsb@dsb.gv.at, +43 1 521 52-0.

6. Data Security and Retention

Security: Encryption in transit (HTTPS/TLS 1.3), encryption at rest (AES-256).

Retention: User/account data until deletion; interpretation history until account deletion; cup photos max 24 hours; educational progress (local) until app deletion or account deletion; payment receipts 7 years (Austrian tax law); IP logs 30 days.

7. AI Usage

Coffee Language uses OpenAI GPT Vision as part of its AI Practice feature to analyze photographs of coffee cup patterns and generate text interpretations based on the traditional Turkish coffee cup reading tradition. Each interpretation is generated for that session; we do not use your data for profiling or training our own models. This is a cultural and educational experience, not a predictive or diagnostic service.

The educational courses and symbol library content is created by human instructors and does not involve AI generation.

8. Children and Age

App Store rating: 4+ (per App Store classification). Recommended age: 14+.

Users under 14 (the age of digital consent in Austria under GDPR) must have verifiable parental or legal guardian consent before using the App. Parents and guardians are responsible for monitoring their children's use of the App. If we become aware that we have collected personal data from a child under 14 without parental consent, we will take steps to delete that data promptly.

9. Cookies and Tracking

We do not use cookies in the Coffee Language app. We use local storage (AsyncStorage) for app settings and educational progress, and a device/persistent identifier for subscription and access control. We do not use IDFA for advertising tracking. The TikTok Business SDK tracks anonymized conversion events for advertising measurement only (see Section 4.5).

10. Policy Changes

We may update this Policy. The "Last Updated" date will be revised. For material changes that affect your rights or how we process your personal data, we will notify you in the app and request your explicit consent before applying the changes. Minor clarifications or formatting updates do not require renewed consent.

11. Contact

Privacy: partners@sonaya.ai — Support: support@sonaya.ai

Thank you for using Coffee Language.