Home

Privacy Policy

How we collect, use, and protect your personal information.

Last updated · May 14, 2026

This Privacy Policy explains what information Coffee or Tea on Me Inc. ("Coffee or Tea on Me", "we", "us", or "our") collects when you use our mobile application (the "Service"), how we use that information, who we share it with, and the rights you have over your data. By using the Service you accept this Privacy Policy. If you do not agree, do not use the Service.

1. What we collect

1.1 Identity data

  • Legal name, extracted via optical character recognition (OCR) from your government-issued photo ID. Your given name is displayed on your profile and cannot be hidden — your matches see who they are talking to.
  • Date of birth, extracted from your ID. We use date of birth to confirm you are 18 or older and to calculate the "age" displayed on your profile.
  • ID document image — the front and (where applicable) back of your government-issued ID. This image is uploaded to our verification pipeline and deleted within 7 days after verification succeeds. We retain only the OCR-extracted text fields and the facial vector derived from the ID portrait.
  • Facial vector (biometric data), derived from a portrait extracted from your ID and from your live face scan. The facial vector is a numerical embedding (not an image) used by AWS Rekognition to (a) confirm the live person is the person on the ID and (b) prevent the same human from creating more than one account. The facial vector is retained for as long as your account exists. When you delete your account or invoke the face vector deletion option in Settings, the vector is permanently removed from our verification index.
  • Liveness video frames — short clips captured during the AWS Rekognition Face Liveness check. These are processed to detect spoofing (still photos, masks, replays, deepfakes) and are not retained beyond the verification call.

1.2 Profile data

  • Photos you upload (up to 6). Each photo passes through our review pipeline before it appears on your profile: AWS Rekognition moderation for nudity / suggestive content / violence, face match against your verified ID, EXIF and metadata sanity checks, and a perceptual-hash blocklist of previously-rejected images.
  • Bio, prompt answers, and interests you write or pick.
  • Lifestyle attributes you choose to disclose: smoking, drinking, has children, wants children, pets.
  • Vitals: gender (male or female, matching your ID), height, city.
  • Relationship goal: marriage, long-term, friendship, not sure, casual.

1.3 Behavioural data

  • Swipes (likes and passes) and any like-with-comment content you attach to a like.
  • Matches (mutual likes) and conversation threads with their messages, attachments, and reactions.
  • Last-active timestamp, used to display recency of activity to your matches and to filter inactive users out of discovery.
  • Push notification tokens, used to deliver match and message notifications.

1.4 Device data

  • IP address, used at signup and periodically thereafter to determine your country and region. We do not retain IP addresses tied to your profile beyond what our hosting provider keeps in operational logs (typically 30 days).
  • iOS DeviceCheck and App Attest tokens — Apple-issued attestations used to detect emulated or compromised devices at signup. These tokens cannot be tied back to your Apple ID by us; we receive an opaque key only.
  • Device model, iOS version, app version, and timezone, sent with API requests for compatibility and debugging.

Note on location: the app does not access your device's location. The city shown on your profile is text you type in yourself during onboarding; it is used to estimate distance between you and potential matches. We do not request the iOS location permission and we do not collect GPS coordinates.

1.5 Analytics

  • We do not embed any product-analytics or crash-reporting SDK in the app. The app sends no third-party telemetry. Because we do not perform any cross-app or cross-website tracking, the iOS App Tracking Transparency prompt is not required and we do not show one.
  • We do not use Facebook SDK, Google Analytics, AppsFlyer, PostHog, Sentry, or any third-party advertising network. We do not run ads in the app. Our backend keeps operational request logs (see Section 4) for debugging and abuse prevention; these are first-party and short-lived.

2. How we use your information

We use the information described above to:

  • Provide the Service — show you potential matches that fit your filters, deliver messages, send push notifications, render your profile.
  • Verify your identity — confirm you are a real, live, 18+ human and that the ID you scanned matches the face we saw.
  • Prevent abuse — detect duplicate accounts, fraudulent IDs, scams, and harassment patterns.
  • Operate and debug the Service — diagnose errors and outages using short-lived first-party server logs.
  • Enforce our terms — investigate reports, apply moderation actions, comply with legal requests.
  • Communicate with you — verification status, match notifications, security alerts, occasional service updates. We do not send marketing emails without your explicit opt-in.

We do not sell your personal information. We do not rent your personal information. We do not share your personal information with advertisers, data brokers, or marketing networks.

3. Who we share information with

We share information with a small set of service providers strictly to operate the Service:

  • Supabase Inc. — Postgres database hosting, authentication, file storage, and realtime channels. Data is hosted in their infrastructure on AWS in the AWS US-East region.
  • Amazon Web Services, Inc. (AWS) — Rekognition for face liveness, face comparison, and face indexing; Textract for ID document OCR; S3 for ID and photo storage; Lambda for processing pipelines; Bedrock for moderation classification (not for generating user-facing content). All AWS resources are isolated to the Coffee or Tea on Me account namespace and accessible only via scoped IAM roles.
  • Resend, Inc. — transactional email delivery (verification emails, security alerts, support replies). Resend does not have permission to use your email for marketing.
  • Apple Inc. — App Store hosting, in-app purchases (StoreKit 2), push notifications (APNS), DeviceCheck and App Attest. Apple's handling of this data is governed by Apple's Privacy Policy.

We do not use a third-party analytics or crash-reporting provider; no such SDK is embedded in the app.

We may also share information when required by law, in response to valid legal process (subpoena, court order, search warrant), to protect the rights or safety of users or the public, or in connection with a corporate transaction (merger, acquisition, sale of assets) — in the latter case, your information will continue to be governed by a privacy policy at least as protective as this one.

We do not transfer personal information to ad networks, data brokers, or any third party for advertising or marketing.

4. Retention

  • ID document images: deleted within 7 days of successful verification.
  • OCR results (name, date of birth, document fields): retained while your account exists.
  • Facial vector: retained while your account exists. When you delete your account or invoke Settings → Privacy → Delete face vector, the vector is permanently removed from our verification index. Removal is irreversible — once removed, the matching dedup signal is gone, and a future signup with the same face will not be auto-blocked unless we re-index it.
  • Profile data, photos, swipes, matches, messages: retained while your account exists. On account deletion, this data is hard-deleted from our database within 30 days, except where retention is required for legal, safety, or fraud-prevention reasons (see Section 7).
  • Operational logs (IP addresses, request timing, error traces): retained up to 30 days by our hosting providers, then rotated. We keep no separate third-party analytics event store.
  • Reports of objectionable content or abusive users: retained indefinitely so we can recognize repeat offenders and meet our 24-hour SLA on review.

5. Your rights

Subject to applicable law, you have the right to:

  • Access the information we hold about you. Email support@coffeeorteaonme.com from the address associated with your account.
  • Correct inaccurate information. Most profile fields can be edited directly in the app; for legal-name corrections (which require a re-verification with an updated ID), email support.
  • Delete your account in three taps from Profile → Settings → Delete account. Server-side deletion completes within 30 days. The face vector deletion is included automatically; if you wish to delete the face vector without deleting the account (for example, to opt out of biometric retention while keeping the verified-human badge), use Settings → Privacy → Delete face vector, but note this will revoke your verified-human status.
  • Port your data — request an export of your profile, photos, and conversation history in machine-readable format (JSON for structured data, original media for photos).
  • Object to certain processing, restrict certain processing, and withdraw consent to biometric processing at any time. Withdrawing consent to biometric processing is equivalent to deleting your account, because biometric verification is a condition of using the Service.
  • Lodge a complaint with a supervisory authority — for example, the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, or your local data-protection authority in the European Economic Area.

We will respond to valid requests within 30 days, and within shorter periods where required by applicable law.

6. Children

Coffee or Tea on Me is for adults aged 18 and over. We do not knowingly collect information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it immediately. If you believe a child is using the Service, contact support@coffeeorteaonme.com.

7. Legal and safety retention

Notwithstanding the deletion timelines in Section 4, we may retain limited data if it is necessary to:

  • Comply with a legal obligation, regulatory inquiry, or court order.
  • Investigate, prevent, or respond to fraud, abuse, harassment, or illegal activity.
  • Enforce our EULA and protect the rights and safety of users and the public.
  • Protect against the re-registration of a banned user — specifically, the facial vector of a terminated user remains in our deduplication index unless and until a successful deletion request is made.

8. International transfers

Coffee or Tea on Me operates from Canada and uses cloud infrastructure in the United States and Canada. By using the Service, you understand that your information will be transferred to and processed in those jurisdictions. We rely on standard contractual clauses, vendor-side compliance certifications (SOC 2, ISO 27001), and applicable cross-border transfer safeguards.

9. Security

We protect your information with industry-standard safeguards: TLS 1.2+ in transit, AES-256 at rest for ID images and facial vectors, scoped IAM roles, row-level security in our database, and least-privilege access for our small team. No system is perfectly secure; if we discover a security incident affecting your data, we will notify you and the relevant authorities promptly, in accordance with applicable law.

10. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated in-app and by email at least 14 days before they take effect. The current version is always available in Settings → Legal → Privacy Policy.

11. Contact

Privacy questions, data requests, or complaints: support@coffeeorteaonme.com.

Coffee or Tea on Me Inc. Montreal, Quebec, Canada