Founding café programme open. First 50 cafés get growth tier free for three months.

my cuppa coffee
Privacy

Privacy Policy

How My Cuppa Coffee collects, uses, and protects your personal information under the Australian Privacy Act 1988.

Privacy Policy

My Cuppa Coffee Pty Ltd | ABN: 20 692 581 359 Last updated: 11 May 2026 Effective date: 11 May 2026

1. About this policy

My Cuppa Coffee (“MCC”, “we”, “us”, “our”) operates a café discovery, personality matching, and loyalty platform available at mycuppacoffee.com.au and through our mobile applications (together, the “Platform”).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We collect and process personal information differently depending on whether you use the Platform as a consumer (“Cuppa Lover”) or as a café business (“Café Owner”). This policy covers both.

By using the Platform, you acknowledge you have read and understood this Privacy Policy. Where we rely on consent as our legal basis for processing (including for personality quiz data), we will obtain that consent explicitly before collecting the relevant information.

2. Information we collect

2.1 Information you provide directly

All users:

  • Name, email address, and password (or authentication via Google)
  • Profile photo (optional)
  • Location preferences (suburb, city)

Cuppa Lovers (consumers):

  • Personality quiz responses and results: When you take our coffee personality quiz, we collect your answers to a series of questions about your preferences, habits, and values. These responses are used to determine your coffee personality type, which we use to match you with cafés that suit your style.
  • Saved cafés and favourites
  • Reviews, ratings, and written feedback
  • Loyalty card activity (stamps collected, rewards redeemed)
  • Premium subscription status

Café Owners (businesses):

  • Business name, ABN, contact details
  • Café address, phone number, website, social media
  • Business description, photos, menu information
  • Operating hours
  • Café amenities and attributes
  • Payment and billing information (processed by Stripe; we do not store card numbers)
  • Identity verification documents (processed by Persona; we do not store identity documents after verification)

2.2 Information collected automatically

When you use the Platform, we automatically collect:

  • Device information (browser type, operating system, device identifiers)
  • Log data (IP address, access times, pages viewed, referring URL)
  • Location data (approximate location derived from IP address; precise location only if you grant permission through your device)
  • Usage data (features used, buttons clicked, pages visited, search queries, filters applied)
  • Loyalty activity data (which cafés you visit, when you scan QR codes, stamp and reward history)

2.3 Information from third parties

  • Google OAuth: If you sign in with Google, we receive your name, email, and profile photo from Google.
  • Stripe: Payment confirmation and subscription status. We do not receive or store your full payment card details.
  • Google Maps: Geographic data for café locations and map display.

3. Personality quiz data, special disclosure

Our personality quiz asks you questions about your coffee preferences, social habits, aesthetic sensibilities, and lifestyle values. Your responses are processed to determine your coffee personality type.

What we do with quiz data:

  • Assign you a coffee personality type from our personality system
  • Calculate compatibility scores between you and cafés on the Platform
  • Display your personality profile to you (personality name, characteristics, preferences)
  • Show you personalised café recommendations based on your personality match
  • In aggregate and de-identified form, provide café owners with a breakdown of the personality types among their customers (e.g. “32% of your matched customers are atmosphere-focused”). Individual quiz responses are never shared with café owners.

What we do not do:

  • We do not sell your quiz data
  • We do not share your individual quiz responses or personality type with café owners or any third party
  • We do not use quiz data for purposes unrelated to café matching and discovery
  • We do not use quiz data for advertising profiling by third parties

Your control:

  • You can view your personality results at any time in your profile
  • You can retake the quiz to update your personality type
  • You can request deletion of your quiz data, which will remove your personality type and match scores (this will affect your ability to receive personalised café recommendations)

Consent: Before taking the quiz, you will be informed that your responses will be used to generate a personality profile and personalised café recommendations. Your explicit consent is obtained before quiz data is collected. You may withdraw this consent at any time by contacting us, though this will remove your personality-based features.

4. How we use your information

We use your personal information for the following purposes:

To provide the Platform:

  • Create and manage your account
  • Display your personality profile and café match scores
  • Operate the universal loyalty card system (tracking stamps, rewards, and café visits across all participating cafés)
  • Process subscription payments
  • Send transactional emails (account verification, password reset, reward notifications)

To improve the Platform:

  • Analyse usage patterns to improve features and user experience
  • Monitor Platform performance and fix technical issues
  • Develop new features based on aggregated usage data

To personalise your experience:

  • Recommend cafés based on your personality match
  • Adjust café recommendations over time based on your activity (visits, saves, reviews) through our learning system
  • Display relevant content and suggestions

To communicate with you:

  • Respond to your enquiries and support requests
  • Send marketing communications (with your consent, and only in compliance with the Spam Act 2003)
  • Notify you of changes to our Platform or policies

To support café businesses:

  • Provide café owners with aggregated, de-identified analytics about their customer base
  • Enable loyalty programme management
  • Facilitate review and response functionality

5. Automated decision-making

Our Platform uses automated systems to:

Personality matching: When you take our quiz, an algorithm processes your responses to determine your personality type and calculate match percentages with cafés. This affects which cafés appear in your recommendations and in what order.

Learning and adjustment: When you interact with the Platform (visiting cafés, collecting stamps, saving favourites, writing reviews), these interactions may influence future recommendations. This is designed to improve the accuracy of your matches over time.

What this means for you:

  • You can always browse all cafés regardless of match score
  • Match scores are one factor among many; you can filter and search by location, amenities, price, and other criteria
  • You can retake the quiz at any time to reset your profile
  • You can contact us to request information about how your match scores are calculated (we will explain the general logic without disclosing proprietary algorithmic details)

6. How we share your information

6.1 With café owners

Café owners on the Platform can see:

  • Aggregated analytics only: Personality type distribution of matched customers, general visit trends, loyalty programme statistics. These are shown in aggregate and are de-identified.
  • Reviews: If you write a review, the café owner can see your display name and review content. Café owners on eligible subscription tiers can respond to reviews.
  • Loyalty activity: When you scan a QR code at a café, the café knows you visited and collected a stamp. They can see your display name and stamp count for their specific programme.

Café owners cannot see:

  • Your quiz responses
  • Your match score with their café or any other café
  • Your visit history at other cafés
  • Your saved or favourite cafés
  • Your personality dimension scores

6.2 With service providers

We share personal information with the following third-party service providers, who process it on our behalf:

ProviderPurposeData sharedLocation
SupabaseDatabase and authenticationAccount data, quiz data, loyalty dataSingapore
VercelHosting and deploymentLog data, usage dataUnited States (with Australian edge)
StripePayment processingName, email, subscription detailsUnited States
ResendTransactional and marketing emailName, email addressUnited States
Google MapsMap display and geocodingCafé addresses, user search locationsUnited States
PersonaIdentity verification (café owners)Name, identity documentsUnited States

6.3 Other disclosures

We may disclose personal information:

  • Where required or authorised by Australian law or a court order
  • To protect the safety or security of any person
  • To investigate suspected fraud or unlawful activity
  • In connection with a sale, merger, or acquisition of MCC (with notice to you)

We do not sell your personal information. We do not share your personal information with advertisers for the purpose of targeted advertising outside the Platform.

7. Cross-café loyalty tracking

Our universal loyalty card system means that when you collect stamps at any participating café, your activity is recorded on a single MCC loyalty card. This means:

  • We maintain a record of which cafés you have visited and when
  • We track your stamp and reward history across all cafés
  • Each café can only see your activity at their own venue
  • Cross-café visit data is used in aggregate to improve the Platform (e.g. understanding which suburbs are popular)
  • You can view your complete loyalty history in your profile

This cross-café tracking is a core feature of the universal loyalty card. If you do not wish for your visits to be tracked across cafés, you may choose not to use the loyalty card feature. Your café discovery and personality matching features will continue to work without it.

8. Data retention

We retain your personal information for as long as your account is active, plus the following periods after account deletion:

  • Account data: Deleted within 30 days of account closure
  • Quiz data and personality type: Deleted with account closure
  • Loyalty data: Retained in de-identified form for 12 months for café analytics reconciliation, then deleted
  • Reviews: Retained and attributed to “Deleted User” unless you request full deletion
  • Payment records: Retained for 7 years as required by Australian tax law
  • Log and usage data: Retained for 12 months, then deleted or de-identified

9. Data security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our measures include:

  • Encryption in transit (TLS/SSL) and at rest
  • Row-level security policies in our database ensuring users can only access their own data
  • Secure authentication with password hashing
  • Regular security reviews of our infrastructure
  • Access controls limiting employee access to personal information on a need-to-know basis

No method of electronic storage or transmission is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

10. International data transfers

Some of our service providers are located outside Australia (see Section 6.2). Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles your information in accordance with the APPs, through contractual arrangements and assessment of the recipient’s privacy practices.

11. Children

The Platform is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

12. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information held by us
  • Correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading
  • Request deletion of your personal information (subject to legal retention obligations)
  • Withdraw consent for processing based on consent (such as quiz data and marketing communications)
  • Complain if you believe we have breached your privacy

To exercise any of these rights, contact us at mycuppacoffeeau@gmail.com.

We will respond to access and correction requests within 30 days. If we refuse a request, we will provide written reasons.

13. Cookies and tracking technologies

We use cookies and similar technologies to operate the Platform, remember your preferences, and understand how the Platform is used. For full details, see our Cookie Policy.

14. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on the Platform at least 14 days before the changes take effect. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

15. Complaints and contact

Privacy enquiries: mycuppacoffeeau@gmail.com

Contact us via email above for any privacy enquiries or complaints.

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC):

Last updated: 11 May 2026. Effective: 11 May 2026.