Legal

Privacy Policy

Effective date: February 20, 2026

At Roastli, your privacy matters to us. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We are committed to complying with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Who We Are

Roastli operates the Roastli application (the "Service"), a specialty coffee tracking platform. If you have any questions about this policy, contact us at hello@roastli.com.

2. Information We Collect

We collect information in the following ways:

Information You Provide

  • Account information: When you sign in with Google, we receive your name, email address, and profile photo from Google.
  • Coffee and brew data: Information you enter about your coffee collection, brewing sessions, tasting notes, and ratings.
  • Scanned images: Photos of coffee bags you submit for AI scanning. These images are processed and are not permanently stored by us.
  • Waitlist information: Email address and name if you join the waitlist.

Information Collected Automatically

  • Usage data: Information about how you use the Service, such as features accessed and time spent.
  • Device information: Browser type, operating system, and device identifiers.
  • Analytics: We use Vercel Analytics and Speed Insights to understand aggregate usage patterns.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Authenticate your identity and manage your account.
  • Process AI coffee bag scans using Google Gemini.
  • Enforce usage rate limits and prevent abuse of the Service.
  • Notify you when you have been granted access from the waitlist.
  • Improve the Service through aggregated usage analytics.
  • Respond to your support requests and communications.
  • Comply with applicable legal obligations.

We do not sell your personal information to third parties.

4. How We Share Your Information

We share your information only in the following limited circumstances:

  • Service Providers: We use trusted third-party services to operate the Service, including:
    • Google Firebase — authentication, database (Firestore), and security (App Check).
    • Google Gemini API — AI-powered coffee bag scanning.
    • Vercel — hosting, analytics, and performance monitoring.
  • Legal Requirements: We may disclose your information if required by law, regulation, or legal process.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Community & Public Features

Certain features of the Service, such as the Global Feed, may display your activity (e.g., brews you have logged or coffees you have added) to other users. Your username and activity may be visible within the application. You can control your profile visibility in your account settings.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.

7. Your Rights & Choices

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your account and associated data.
  • Object to certain processing of your personal information.
  • Export your data (data portability).

To exercise any of these rights, please contact us at hello@roastli.com. We will respond to your request within 30 days.

8. Security

We take reasonable and appropriate technical and organizational measures to protect your personal information from unauthorized access, use, loss, or disclosure. These measures include Firebase Security Rules, Firebase App Check (to prevent automated abuse), server-side authentication token verification, and encrypted data transmission (HTTPS/TLS). No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at hello@roastli.com and we will take steps to delete it.

10. Cookies & Tracking

We use a single session cookie (roastly-session) to maintain your login state. We do not use third-party advertising cookies or tracking pixels. Our analytics (Vercel) are privacy-friendly and do not use cookies to track individuals.

11. International Transfers

Roastli is operated from Canada. By using the Service, you understand that your information may be transferred to and processed in countries outside your country of residence, including the United States, where our third-party providers (Google, Vercel) operate. We rely on appropriate safeguards for such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Roastli

Toronto, Ontario, Canada

hello@roastli.com
Terms of ServiceBack to Roastli© 2026 Roastli