Privacy Policy

This Privacy Policy explains how Roastly (“we”, “us”, “our”) collects, uses, and protects your personal data when you use the Roastly mobile app, website (getroastly.com), and related services (collectively, “the Service”). Roastly is operated by a sole proprietor based in the Netherlands.

By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

Roastly
The Netherlands
Email: info@getroastly.com

3.1 Account data. When you create an account, we collect your email address, username, and password. If you sign in with Apple, we receive the information you authorize Apple to share (typically your name and email address).

3.2 Profile data. You may optionally provide a profile avatar and bio.

3.3 User content. Coffee reviews, ratings, and other content you create within the Service.

3.4 Social data. Information about which users you follow and who follows you.

3.5 Waitlist data. If you sign up for the waitlist on our website, we collect your email address.

3.6 Device and analytics data. We may collect technical information such as device type, operating system, app version, and usage patterns to improve the Service.

We use your data to:

• Provide, maintain, and improve the Service.
• Authenticate your account and keep it secure.
• Send transactional emails (account confirmation, password resets).
• Contact waitlist subscribers about availability.
• Analyze usage to improve performance and features.
• Comply with legal obligations.

We process your personal data on the following legal bases:

• Contract. Processing necessary to provide the Service you signed up for (account data, user content, social data).
• Legitimate interest. Analytics and Service improvement, provided these interests are not overridden by your rights.
• Consent. Waitlist sign-up and any optional communications. You may withdraw consent at any time.
• Legal obligation. Where required by applicable law.

We use the following categories of third-party services:

• Apple. App distribution (App Store) and authentication (Sign in with Apple). See Apple's privacy policy.
• Analytics providers. We may use analytics tools to understand how the Service is used. These tools may collect anonymized or pseudonymized usage data.
• Resend. We use Resend to deliver transactional emails such as account confirmations and password resets.

We do not sell or share your personal data with third parties for their marketing purposes.

Your data is stored on self-hosted servers located in Germany. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse. However, no system is completely secure, and we cannot guarantee absolute security.

We retain your personal data for as long as your account is active. If you request account deletion, we will delete your data within a reasonable timeframe, unless we are required by law to retain it longer. Waitlist data is retained until you unsubscribe or the waitlist is no longer needed.

If you are in the European Economic Area, you have the following rights:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Request correction of inaccurate or incomplete data.
• Erasure. Request deletion of your personal data.
• Data portability. Request your data in a structured, machine-readable format.
• Restriction. Request that we restrict processing of your data under certain circumstances.
• Objection. Object to processing based on legitimate interest.
• Withdraw consent. Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@getroastly.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

You may request deletion of your account and all associated data by emailing info@getroastly.com. We plan to offer in-app account deletion in a future update.

The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. For users under 16 in the European Union, parental or guardian consent may be required in accordance with GDPR. If we learn that we have collected data from a child without appropriate consent, we will delete it promptly.

The getroastly.com website may use cookies for analytics purposes. You can control cookies through your browser settings. The mobile app does not use cookies.

The Service does not currently display advertisements. If we introduce advertising in the future, we will update this Privacy Policy to reflect any associated data practices before doing so.

Your data is stored on servers in Germany within the European Economic Area. If any third-party service processes data outside the EEA, we ensure appropriate safeguards are in place as required by GDPR.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. The “Effective” date at the top indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

This Privacy Policy is governed by the laws of the Netherlands.

For questions or concerns about this Privacy Policy or your personal data, contact us at info@getroastly.com.