Privacy Policy
Last updated: 8 May 2026 Effective date: 10 May 2026
1. Introduction
Sai Teja Reddy, proprietor of Qoffee ("we", "our", "us") operates the Qoffee mobile application (the "App"), a daily reading and podcast experience. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data.
By installing or using Qoffee, you agree to the practices described here. If you do not agree, please do not use the App.
This policy applies to the Qoffee mobile app on Android and iOS, the website at getqoffee.com, and any related services we provide.
2. Information we collect
2.1 Information you provide
- Account information. When you sign in with Google, we receive your email address, display name, and profile picture from Google. We do not access your Gmail, Drive, or any other Google service.
- Subscription information. When you purchase a Qoffee Premium subscription, our payments partner (RevenueCat, integrated with Google Play Billing) shares purchase metadata with us — product ID, transaction date, renewal status, and a pseudonymous user identifier. We do not receive your card number, billing address, or any payment instrument details.
- Referral codes. If you redeem a referral code from a friend, we record the pairing between your account and theirs solely to credit the referral.
2.2 Information collected automatically
- Reading activity. We record which articles you open, how long you spend on them, and whether you bookmark or share them, to power the For You feed and your reading stats.
- Listening activity. For podcasts, we record which episodes you start, pause, complete, or skip, to improve audio recommendations.
- Device information. App version, operating system version, device model, language preference, and a Firebase-issued installation ID. We use this to debug crashes and ensure compatibility.
- Push notification token. A Firebase Cloud Messaging (FCM) token, used solely to deliver the daily briefing notification to your device.
- Analytics events. Aggregated usage events (screen views, feature taps) via Firebase Analytics. These events are tied to a Firebase pseudonymous user ID, not your name or email.
- Crash diagnostics. If the app crashes, Firebase Crashlytics captures the stack trace, device state at the moment of the crash, and a pseudonymous user ID, to help us fix bugs.
- Advertising identifier. On Android, the Google Advertising ID (GAID) is read by the Google Mobile Ads SDK and may be transmitted to Google AdMob. Free-tier users see contextually relevant native ads inside the feed; Premium subscribers do not see ads, but the SDK is still initialised at app launch (see Section 11 for details). You can reset or limit the GAID at any time from your device's Privacy or Ads settings.
2.3 Information we do not collect
- We do not collect your contact list, photos, location, microphone audio, or SMS history.
- We do not sell your personal data to data brokers.
- We do not profile you for purposes outside of the App's core experience (curation, recommendations, support).
3. How we use your information
| Purpose | Lawful basis (DPDP / GDPR) |
|---|---|
| Authenticate you and keep you signed in | Performance of contract |
| Curate your For You feed and reading stats | Performance of contract |
| Process subscription purchases and renewals | Performance of contract |
| Send you the daily briefing push notification | Consent (you can disable in Settings) |
| Detect crashes and improve stability | Legitimate interest |
| Render contextual ads in the free tier | Legitimate interest |
| Respond to support requests | Performance of contract |
| Comply with legal obligations | Legal compliance |
4. Who we share your information with
We share data only with the service providers required to operate the App:
| Provider | What they receive | Why |
|---|---|---|
| Google Firebase (Auth, Analytics, Crashlytics, Cloud Messaging) | Account email, device identifiers, app events, crash logs | Sign-in, analytics, push notifications, crash reporting |
| Supabase (PostgreSQL hosted in Singapore / EU) | Account data, bookmarks, reading history | Primary application database |
| Cloudflare R2 | Audio files | Podcast streaming |
| RevenueCat | Pseudonymous user ID, subscription state | Subscription management |
| Google Play Billing | Purchase tokens | Payment processing |
| Google AdMob | GAID, app instance ID | Native feed ads in the free tier |
| Railway | Server-side request metadata | Backend hosting |
| OpenAI / Google Gemini / Anthropic | Article text and prompts | Content generation pipeline (server-side only; your personal account data is not sent to LLM providers) |
We do not authorise these providers to use your information for any purpose other than delivering Qoffee's service to you.
5. International data transfers
Some of our service providers are located outside India. When we transfer your data internationally, we rely on the standard contractual safeguards required under DPDP and GDPR, including data processing agreements with each provider.
6. How long we keep your data
| Data type | Retention period |
|---|---|
| Account profile (email, display name) | For as long as your account is active. Deleted within 30 days of account deletion. |
| Reading and listening history | For as long as your account is active, capped at 365 days for personalisation; older entries may be aggregated and anonymised. |
| Bookmarks | Until you remove them, or 30 days after account deletion. |
| Subscription and payment records | 7 years (statutory tax retention requirement). |
| Crash logs and analytics events | 14 months (Firebase default). |
| FCM push token | Until you sign out, uninstall the app, or 90 days of inactivity (whichever is sooner). |
7. Your rights
Depending on where you live, you have the following rights:
- Access. You can request a copy of the personal data we hold about you.
- Correction. You can correct inaccurate information from inside the App (Settings → Profile) or by contacting us.
- Deletion. You can delete your account at any time from inside the App at Settings → Privacy → Delete account, or by visiting
getqoffee.com/delete-account. Deletion removes your profile, bookmarks, reading history, and FCM token from our active systems within 30 days. Subscription and payment records are retained for the statutory period above. - Withdraw consent. For data processed on the basis of consent (e.g., push notifications, analytics), you can withdraw consent in Settings.
- Portability. You can request an export of your data in a machine-readable format.
- Objection. You can object to processing based on legitimate interest (e.g., ads, analytics).
- Grievance redressal (India). Users in India can contact our Grievance Officer at the address below.
To exercise any of these rights, email support@getqoffee.com. We respond within 30 days.
8. Children
Qoffee is rated 13+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it.
9. Security
We protect your data with industry-standard measures including TLS encryption in transit, encryption at rest on Supabase and Cloudflare R2, principle-of-least-privilege access controls for our team, and Firebase App Check to deter abuse. No system is perfectly secure; if you discover a vulnerability, please contact us at support@getqoffee.com.
10. Third-party services
The App may contain links to external websites (e.g., publishers we cite) or to the Google Play Store. We are not responsible for the privacy practices of third-party services. Please review their privacy policies separately.
11. Advertising
The free tier of Qoffee shows native ads inside the feed via Google AdMob. AdMob may use the Google Advertising ID (GAID) on your device for contextual targeting.
Premium subscribers do not see ads in the App. However, the Mobile Ads SDK is initialised at app launch for all users (including Premium subscribers), which means your GAID is read by the SDK and may be transmitted to Google AdMob even if no ad is rendered. We are working to gate SDK initialisation on Premium status in a future release. In the meantime, you can:
- Limit ad tracking by your device by visiting Settings → Privacy → Ads (Android) and resetting or opting out of personalised ads.
- Reset your GAID at any time from the same screen.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the App and update the "Last updated" date at the top. Your continued use of the App after the change takes effect constitutes acceptance of the updated policy.
13. Contact us
For privacy questions, requests, or complaints:
- Email:
support@getqoffee.com - Grievance Officer (India):
Sai Teja Reddy,support@getqoffee.com - Postal address: Sai Teja Reddy, proprietor of Qoffee, 3rd Floor, Crescent 4, Prestige Shantiniketan, ITPL Main Rd, Thigalarapalya, Whitefield, Bengaluru, Karnataka 560048
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India under the DPDP Act, or with your local supervisory authority under the GDPR.