BeanBudget ("we", "us") is a coffee-coaching service operated from Malaysia. This policy explains what we collect, why, and the rights you have over your data. We design our practices with Malaysia’s Personal Data Protection Act 2010 (PDPA) in mind and, where applicable, the General Data Protection Regulation (GDPR).
1. What we collect
- Account data: email address, display name, optional country of residence.
- Brewing and usage data you enter, such as beans, recipes, taste notes, shot measurements, and equipment details.
- Media you choose to upload, along with related metadata such as duration or capture time.
- Technical data: approximate location information derived from technical signals (used for localisation, security, and product functionality), browser and device information, error and performance logs. We do not intentionally retain precise IP-based location history for user profiling.
- Authentication cookies that keep you signed in. We do not currently use advertising cookies or cross-site tracking technologies.
2. Why we use it
- Provide coaching, recommendations, and related product functionality.
- Show you your own history and progress.
- Send transactional emails (sign-in links, account notifications).
- Diagnose issues, maintain security, and improve the service.
- Comply with legal obligations.
We do not sell your personal data or share it with advertisers. We do not use your private content to train general-purpose AI models without your permission.
3. AI processing
To provide coaching and recommendations, BeanBudget may process your uploaded content and brewing data using third-party AI and cloud providers acting on our behalf. We take reasonable steps to work with providers that offer appropriate security and data-processing commitments.
Uploaded media may be temporarily stored and processed to generate coaching results, and is typically deleted after processing within a reasonable retention period. Derived insights and structured data associated with your account may remain stored as part of the service experience.
4. Who else processes your data
We work with third-party providers for services such as hosting, authentication, analytics, email delivery, AI processing, monitoring, and infrastructure security. Each is bound by their own data-processing terms. Where possible, we select providers with appropriate security and data-handling commitments. A current list of major processors may be provided on request.
For product analytics we use PostHog, hosted in the European Union. We track anonymous usage events (page views, button clicks, feature engagement) to understand how the product is used and where it falls short. We do not feed personal content such as email bodies, taste notes, or shot media into PostHog, and we explicitly mark sensitive form fields (access codes, email inputs) to be excluded from event capture.
5. International transfers
BeanBudget is operated from Malaysia. Some processing may occur outside your country of residence. Where required by applicable law, we rely on appropriate contractual or legal safeguards for international data transfers.
6. How long we keep it
- Uploaded media: typically deleted after processing within a reasonable retention period.
- Brewing data, beans, recipes: kept for as long as your account is active.
- Account data: kept until you delete your account. After a deletion request, we anonymise or remove personal data within a reasonable timeframe, except where law requires us to retain it longer.
- Error and analytics logs are retained for a limited period appropriate to operational and security needs.
7. Your rights
You have the right to:
- Access the data we hold about you.
- Correct inaccurate data (most fields can be edited in-app).
- Export your data in a machine-readable format.
- Delete your account and associated personal data.
- Withdraw consent at any time (deletion has the same effect).
- Lodge a complaint with your local supervisory authority — in Malaysia this is the Jabatan Perlindungan Data Peribadi (JPDP); in the EU/EEA, your national data-protection authority.
To exercise any right, use the Delete my account button in your profile, or email beanbudget.hello@gmail.com. We’ll respond within a reasonable timeframe as required by applicable law.
8. Security
We use technical and organisational measures designed to protect your data, including HTTPS encryption, access controls, and internal security practices designed to limit unnecessary data access. No system is perfectly secure; if we ever discover a breach affecting your data, we will notify you and the relevant authorities as required by law.
9. Children
BeanBudget is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we’ll delete it.
10. Changes to this policy
We’ll update this page when our practices change and bump the effective date at the top. Material changes will also be announced in-app or by email. The specific technologies, providers, and infrastructure we use may change over time as the service evolves.
11. Contact
Data controller: BeanBudget, operated from Malaysia.
Email: beanbudget.hello@gmail.com