Privacy Policy — Redshift Coffee Roasters (Mobile: Android & iOS)

This unified policy applies to the Redshift Coffee Roasters mobile application on Android and iOS.

App nameRedshift Coffee Roasters

PlatformsAndroid & iOS

Android packagedev.ridbrain.redshift

Developer / Legal entityCode by Vitaly Yakovlev

Effective dateAugust 21, 2025

Contact (privacy)vitaly@redshift.coffee

Mailing address22851 Lake Forest Dr, B, CA 92630

1) Scope

This Privacy Policy explains how Code by Vitaly Yakovlev (“we”, “us”) collects, uses, shares, and protects information when you use the Redshift Coffee Roasters mobile application and related services on Android and iOS. It also describes your privacy rights and choices.

We use trusted third‑party providers to deliver core features, including Square for payments and order processing and Google Firebase for infrastructure (e.g., database, crash reporting, push notifications, Remote Config).

2) What we collect

We only collect data needed to operate the app and provide services you request.

A. Account & identity information

Phone number (for sign‑in via SMS or account recovery, where available).
Profile details you optionally provide (name, email).
Loyalty identifiers or customer IDs if we enable loyalty features.

B. Order & transaction information

Items ordered, modifiers, notes, prices, taxes, discounts, tips.
Payment status.
Non‑sensitive payment metadata (e.g., last four digits of your card, card brand) that may appear on receipts.
We do not store full payment card numbers. Card data is processed by Square.

C. Device & app diagnostics

Device model, OS version, app version, language, basic app‑ or installation‑scoped identifiers.
Crash logs and performance data (e.g., via Firebase Crashlytics).
Basic IP‑derived information for security/anti‑fraud and service reliability.

D. Location

Approximate location (if you grant permission or if derived from IP) to show store information, tailor menus, or estimate delivery/pickup context.
We do not collect precise GPS location unless you explicitly enable features that require it.

E. Communications

Push notification tokens, in‑app support messages (if you contact us), and your communication preferences.

F. Cookies & similar technologies

Mobile SDKs may use local storage and similar technologies to operate features (e.g., remember your session, Remote Config, messaging).

3) How we use information

Provide, maintain, and improve the app and our services.
Process and manage orders, payments, and receipts.
Authenticate users (phone number sign‑in, where enabled).
Personalize available menus, offers, and app content (e.g., Remote Config).
Send service communications (e.g., order status) and, if you opt in, marketing notifications.
Monitor performance, fix crashes, and enhance security and anti‑fraud measures.
Comply with legal, tax, and accounting obligations.

We do not sell personal information. We do not use third‑party advertising SDKs.

4) Legal bases (where applicable)

We process data to perform a contract (fulfilling orders), with your consent (e.g., notifications, certain analytics), to comply with legal obligations, and for our legitimate interests (security, service reliability, product improvement).

5) Data sharing and disclosure

Payment processing (Square): We send order and payment details to Square. Square acts as our payment processor and a controller for cardholder data. We do not store full card numbers.
Google Firebase (Google LLC): We use Firebase services (Firestore/Datastore, Cloud Messaging, Crashlytics, Remote Config) to host data, deliver notifications, manage app configuration, and collect crash/diagnostic information.
Maps / navigation: When you tap directions, we pass the destination to your chosen maps app (e.g., Google Maps, Apple Maps). Your maps provider processes location data under its own policy.
Service providers: Carefully selected vendors (IT, analytics limited to diagnostics, cloud hosting) under contracts requiring confidentiality and appropriate security.
Legal and safety: If required by law or to protect rights, safety, or the integrity of our services.
Business transfers: In a merger, acquisition, or asset sale, data may be transferred consistent with this Policy.

We do not share data with third‑party ad networks.

6) Data retention

Account data: kept while you maintain an account and for a reasonable period after deletion to address disputes, prevent fraud, or comply with law.
Order/transaction records: retained for tax, accounting, and regulatory purposes (typically 7 years in the U.S.).
Crash/diagnostic logs: generally retained by our providers for a limited period needed to investigate and resolve issues.

We retain data only as long as necessary for the purposes described in this Policy unless a longer retention is required by law.

7) Your rights and choices

Access, correction, deletion: You may request a copy of your data, ask us to correct it, or delete your account/data (subject to legal retention requirements).
Notifications: You can opt in/out in system settings or within the app.
Location: Control permissions in your device settings.
Marketing: Opt out of marketing messages at any time.
Data portability: We will provide your data in a portable format where required by law.

To submit a privacy request, email vitaly@redshift.coffee.

8) Children’s privacy

Our app is intended for use by adults. We do not knowingly collect personal information from children under 13 (or under the relevant age in your jurisdiction). If you believe a child has provided personal information, contact us and we will take appropriate steps to remove it.

9) Security

We implement technical and organizational measures to protect information, including encryption in transit and access controls. We rely on the industry‑standard security of our providers (e.g., Firebase and Square). No system is 100% secure; please keep your device and account secure.

10) International transfers

We are based in the United States. Your information may be processed and stored in the U.S. and other countries where our providers operate. These locations may have different data protection laws than your country of residence.

11) Third‑party privacy disclosures

Square (payments & buyer features): Buyer Features • Privacy Notice
Google Firebase: Privacy & Security in Firebase • Crashlytics
Maps providers: Google Privacy Policy • Apple Privacy Policy

12) Changes to this Policy

We may update this Policy from time to time. When we do, we will change the “Effective date” above and may notify you in the app or by other appropriate means. Your continued use of the app after an update signifies acceptance of the revised Policy.

13) How to contact us

Controller / Developer: Code by Vitaly Yakovlev
Email: vitaly@redshift.coffee
Mailing address: 22851 Lake Forest Dr, B, CA 92630

Platform‑specific disclosures

Android (Google Play Data Safety — summary)

Collected: personal info (phone number; optional name & email); app activity (orders/items/modifiers/notes); device or other IDs (app‑scoped IDs, Firebase installation IDs); diagnostics (crash/performance); approximate location (if enabled or IP‑derived).
Shared: with Square (payments/order mgmt), Firebase (hosting/messaging/config/diagnostics), maps providers (when user opens navigation).
Purposes: app functionality, account management, order fulfillment, diagnostics, fraud prevention, compliance.
Practices: data encrypted in transit; user can request deletion; no sale of personal data; no third‑party ad SDKs.

iOS (App Privacy — summary)

We disclose in App Store Connect the categories of data collected (e.g., contact info you provide, identifiers, diagnostics), processing purposes (app functionality, analytics/diagnostics, customer support), and data linked to you vs. not linked. The disclosures reflect the behavior of the current iOS build.