Ngopi Privacy Policy

Ngopi ("we") respects your privacy. This page explains what data we collect, how we use it, and your rights. This policy is based on Indonesian Law No. 27/2022 on Personal Data Protection (UU PDP) and the spirit of GDPR.

1. Data We Collect

When you use Ngopi, we collect:

Account data: email (via Supabase Auth), username, display name, optional profile photo.
Preferences: language, flavor affinity, gear profile (captured during onboarding).
Brew logs + photos: your brew records, including photos you optionally upload. You can mark them private or public.
Community content: posts, comments, likes, follows, moderation reports.
AI chat queries: questions you send to the AI assistant. Stored anonymized (no name, only hashed user_id) for cost tracking, debugging, and quality review.
Technical telemetry: truncated IP, user agent, pages viewed (via Cloudflare Web Analytics + optional PostHog EU with anonymization).

We do not collect: national ID numbers, biometric data, precise GPS location (unless you explicitly grant it for the nearby-roaster map feature).

2. How We Use Data

Run core features: brew log, recipes, calculators, AI chat, community, roaster directory.
Non-invasive personalization: recipe recommendations based on flavor affinity.
Moderation & safety: detecting spam, violations of terms.
Aggregate & anonymous analytics: understanding which features are used without tracking individuals.
Debug & improve AI quality: anonymized query samples reviewed for retrieval tuning.

We do not sell data to third parties. Period.

3. Where Data Is Stored

Supabase (Auth, database, storage metadata): Singapore or EU region.
Cloudflare R2 (photos, assets): global edge, encrypted at rest.
Upstash Redis (AI semantic cache + rate limit): EU region.
OpenRouter + Google AI (AI chat + embeddings): US/EU; queries forwarded, responses cached.
MapTiler (basemap): tile requests contain no user data.

Data is retained while your account is active. If you delete your account, data is purged from the primary database within 30 days. Supabase backups rotate at most 30 days.

4. Your Rights

Under UU PDP, you have the right to:

Access: request a copy of the data we hold about you.
Correct: update wrong data via your profile page or contact the admin.
Delete: permanently delete your account. Some anonymous aggregate data may remain.
Portability: export your brew logs + recipes (self-serve feature coming; meanwhile contact admin).
Withdraw consent: cancel permissions for specific processing at any time.

To exercise these rights, email privacy@ngopi.app (placeholder — will be updated before launch).

5. Cookies & Tracking

We only use:

Session cookies (HTTP-only, secure, set by Supabase) for authentication.
localStorage for local UI state (brew draft, onboarding flag, install prompt).
Cloudflare Web Analytics: cookieless, no fingerprinting.
PostHog EU (optional, if admin enables): with person_profiles: "identified_only" and IP masking.

We do not use third-party advertising cookies.

6. Third Parties

Supabase — supabase.com/privacy
Cloudflare — cloudflare.com/privacypolicy
Google (OAuth + AI embedding) — policies.google.com/privacy
Anthropic (via OpenRouter) — anthropic.com/legal/privacy
MapTiler — maptiler.com/privacy
Upstash — upstash.com/trust/privacy

7. Security

All traffic over TLS 1.3.
Passwords hashed in Supabase Auth (bcrypt).
Row Level Security active on every table — users can only read/write their own data.
Signed URLs for photo uploads (5-minute expiry).

8. Minors

Ngopi is intended for users 13 and above. If you're under 18, make sure you have parental consent before signing up. We will delete accounts known to belong to users under 13.

9. Policy Changes

If there's a material change, we will:

Update the date above.
Email all users (via Supabase Auth).
Give a 30-day notice period before the change takes effect.

10. Contact

Email: privacy@ngopi.app (placeholder)
GitHub: github.com/ngopiapp/ngopi/issues

This policy is governed by the laws of the Republic of Indonesia.