Privacy Policy

Profresso (“we”, “us”, “our”) operates the espresso profiling and community platform available at profresso.com. We are the data controller for personal data collected through the platform.

For privacy-related enquiries, contact us at support@profresso.com.

Account data — collected via Clerk, our authentication provider: your name, email address, and (if provided) profile picture. We do not store passwords directly.

Profile and content data — espresso profiles, shot logs, coffee entries, grinder records, and any other content you create on the platform. This is the core data needed to provide the service.

Usage data — we use PostHog, a product analytics platform, to collect anonymised usage data such as pages visited, features used, and general interaction patterns. PostHog sets cookies on your device to distinguish sessions and returning visitors. This data is used solely to improve Profresso and is not shared with advertisers or used for cross-site tracking. We also collect basic server-side request logs (IP address, browser type) generated by Cloudflare as part of standard hosting.

AI interaction data — prompts and responses when you use the Profresso AI assistant. These are used to deliver the response and may be used in aggregate to improve the feature.

Payment data — if you subscribe to Profresso Pro, payment is processed by Stripe. We receive confirmation of your subscription status but do not store card details.

To provide the service — creating your account, storing your profiles and shots, and delivering personalised features like AI profile generation.

To improve the platform — aggregated usage analytics help us understand which features are valuable and where to invest.

To communicate with you — transactional emails (account confirmations, password resets) and, with your consent, product updates.

To enforce our terms — detecting abuse, spam, or violations of our Terms of Service.

Contract — processing your account data and content to deliver the service you signed up for (Art. 6(1)(b) GDPR).

Legitimate interests — aggregated analytics, spam prevention, and platform security (Art. 6(1)(f) GDPR).

Consent — marketing emails and non-essential cookies. You may withdraw consent at any time (Art. 6(1)(a) GDPR).

We use the following sub-processors to operate the platform:

• Clerk — user authentication and session management (United States, EU-US Data Privacy Framework).
• Convex — real-time database and serverless backend (United States, standard contractual clauses).
• Cloudflare — hosting (Cloudflare Pages), edge CDN, object storage (R2), and content moderation via Workers AI (United States / global edge, standard contractual clauses).
• Stripe — payment processing for Pro subscriptions (United States, EU-US Data Privacy Framework).
• PostHog — product analytics to understand feature usage and improve the platform (United States, standard contractual clauses).
• Anthropic — AI language model powering the Profresso AI assistant (United States, standard contractual clauses).
• Resend — transactional email delivery for notification digests and support messages (United States, standard contractual clauses).

Account and content data — retained for the lifetime of your account. When you delete your account, your data is removed within 30 days except where retention is required by law.

Usage analytics — event data retained for up to 24 months, then automatically deleted.

AI interaction logs — retained for 90 days for debugging and safety review, then deleted.

If you are in the European Economic Area, you have the following rights:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — limit how we process your data.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, email support@profresso.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

We use essential cookies for authentication (managed by Clerk) and analytics cookies (managed by PostHog) to understand how the platform is used. Analytics cookies require your consent and can be managed via Cookiebot. See our Cookie Policy for full details and to manage your preferences.

Profresso is operated from the European Union. Some of our third-party sub-processors (listed in section 5) are based in the United States. Where data is transferred outside the EU/EEA, we rely on standard contractual clauses or the EU-US Data Privacy Framework to ensure an adequate level of protection.

Profresso is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@profresso.com and we will delete it promptly.

We may update this policy when the platform changes. Significant changes will be notified via email or an in-app notice. Continued use of the platform after a change constitutes acceptance.