Privacy Policy

Last Updated: May 6, 2026

Kavast (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, process, and disclose information when you use our application and services (the “Service”).

By using Kavast, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Account Information

• Name
• Email address
• Profile picture
• Username / nickname

1.2 User Content

Data you create while using the Service, including:

• coffee cupping sessions
• tasting notes and scores
• sensory attributes
• brewing parameters
• custom forms and professional data

Such data may be processed in anonymized or aggregated form as described in Section 6.

1.3 Technical Information

• IP address
• Device identifiers (e.g., UDID)
• Device metadata (OS version, model, etc.)

1.4 Usage Data

• interactions within the app (screens visited, actions taken)
• timestamps and session activity

1.5 Directory Participation

If you publish content to the Directory, your username and selected session data may be visible to other users.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your data under the following legal bases:

2.1 Contractual Necessity

We process your data to provide the Service you signed up for.

2.2 Consent

We rely on your consent for:

• session replay recording
• advanced analytics features

You may withdraw consent at any time via the app settings.

2.3 Legitimate Interest

We process data where necessary for our legitimate interests, including:

• maintaining and improving the Service
• ensuring security and preventing abuse
• analyzing performance and usage patterns

2.4 Legitimate Interest (De-Identified Data)

We process anonymized and aggregated data to develop analytics, benchmarks, and commercial products, provided that such data does not identify any individual.

3. Automated Data Collection & Analytics

We use tools and technologies to understand how users interact with the Service.

We collect:

• device and system information
• behavioral usage data
• interaction patterns

Session Replays

We use PostHog to record and replay user sessions for debugging and UX improvement.

You can opt out at any time in Settings.

Sensitive fields are excluded or masked where possible.

4. Third-Party Services

We use trusted third-party providers:

• Supabase — authentication and database
• RevenueCat — subscriptions and purchases
• PostHog — analytics and session replay
• Apple / Google — authentication and payments

These providers process data on our behalf under appropriate data protection agreements.

5. How We Use Your Information

We use your data to:

• provide, operate, and maintain the Service
• manage accounts and subscriptions
• enable sharing via the Directory
• communicate updates, support, and service-related notices
• monitor performance and fix issues
• improve functionality and user experience

6. Use of De-Identified and Aggregated Data

We may create and use data derived from user activity in a form that does not identify you personally (“De-Identified Data”).

Definition

De-Identified Data is information that has been anonymized, aggregated, or otherwise processed so that it cannot reasonably be used to identify an individual, directly or indirectly.

Examples include:

• cupping scores and tasting data
• sensory and evaluation metrics
• brewing and processing parameters
• statistical usage patterns

We may use this data to:

• improve and develop the Service
• create analytics, benchmarks, and insights
• conduct research and publish reports
• develop and commercialize data-driven products
• share aggregated datasets with partners or third parties

Important

• This use applies regardless of your in-app sharing settings.
• No personal data (such as name, email, username, location, or age) is included.
• We implement safeguards to prevent re-identification.

7. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data, including:

• encryption in transit and at rest
• access controls and authentication
• minimization of collected data

We store data only as long as necessary to provide the Service and fulfill legal obligations.

8. Data Retention

We retain:

• account data — while your account is active
• user content — until deletion or account termination
• technical data — for limited periods for analytics and security

De-identified data may be retained indefinitely, as it cannot be linked to an individual.

9. Your Rights (GDPR)

You have the right to:

• Access — request a copy of your data
• Rectification — correct inaccurate data
• Deletion — Request deletion of your data
• Portability — receive your data in a structured format
• Objection — object to certain processing
• Withdraw Consent — at any time

To exercise your rights, contact us at the email below.

10. International Data Transfers

Your data may be processed outside your country of residence.

Where required, we use appropriate safeguards such as Standard Contractual Clauses.

11. Children’s Privacy

The Service is not intended for users under 13 years of age.

We do not knowingly collect personal data from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

We will notify you of significant changes via email or in-app notification.

13. Contact Information

If you have any questions or requests regarding this Privacy Policy:

Email: lev@kavast.app
Address: Vilharjeva cesta 38, 1000 Ljubljana, Словения

← Back to Compliance Overview