Privacy Policy

Effective Date: February 8, 2026

Tamp&Timbre ("we," "our," or "us") is a coffee note-taking app that helps you log your brews using voice input. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

Data We Collect

Account Information

• Email address (used for authentication and account recovery)
• Password (securely hashed by our authentication provider)

Brew Notes

• Coffee and brewing details you enter (beans, grinder settings, temperature, ratio, brewing notes)
• Notes and ratings

Preferences

• Temperature unit preference (Celsius or Fahrenheit)

Voice Data

• Audio recordings you submit for transcription are processed in real-time by Cloudflare Workers AI
• We do not store your audio recordings — they are transcribed and immediately discarded. Cloudflare processes the audio for inference only and does not retain it (Cloudflare Workers AI Data Usage).
• To decline voice data collection, deny microphone permissions or do not use the voice-to-recipe feature

How We Use Your Data

• To provide and improve the Tamp&Timbre service
• To authenticate you and secure your account
• To send you transactional emails, such as account verification and password resets
• To transcribe your voice recordings into text using AI
• To parse your spoken notes into structured brew data

AI-Powered Features

Tamp&Timbre uses artificial intelligence to power its voice-to-recipe feature. These AI capabilities are provided by Cloudflare Workers AI.

What our AI does:

• Speech-to-text: Converts your voice recordings into text
• Recipe parsing: Extracts structured brew data (beans, temperature, ratio, etc.) from your transcribed notes

How your data is handled:

• Audio and text are sent to Cloudflare for processing
• Processing happens in real-time — neither we nor Cloudflare retain your audio after transcription
• AI outputs (transcriptions and parsed recipes) are returned to you, and only stored if you choose to save them

To decline the use of AI features, deny microphone permissions or do not use the voice-to-recipe feature.

Third-Party Services

We use the following third-party services to operate Tamp&Timbre:

Supabase

• Provides authentication and database hosting
• Your data is stored securely with access controls
• Data is encrypted at rest and in transit
• Data is hosted in the United States
• Supabase Privacy Policy

Cloudflare

• Hosts our API using Cloudflare Workers
• Provides AI services for voice transcription and text parsing
• Cloudflare processes your audio and text for inference only — they do not retain your input data after processing or use it to train AI models (Cloudflare Workers AI Data Usage)
• Cloudflare Privacy Policy

Resend

• Sends transactional emails on our behalf, such as account verification and password resets
• We do not send marketing or promotional emails
• Resend Privacy Policy

No Analytics or Advertising

We do not use any analytics services, advertising networks, or tracking tools. We do not sell your data to third parties.

Data Retention

• Account and brew data: Retained until you delete your account
• Voice/audio: Not retained — processed in real-time only

Account Deletion

You can delete your account at any time from the Settings screen in the app. When you request deletion:

• Your account enters a 14-day grace period during which you can cancel the deletion by signing back in
• After 14 days, your account and all associated data are permanently deleted
• This deletion is irreversible and includes all brew notes, preferences, and account information

Your Rights

You have the right to:

• Access your data through the app
• Correct your data by editing your brews and preferences
• Delete your account and all associated data
• Cancel a pending account deletion within the 14-day grace period

GDPR (European Users)

If you are in the European Economic Area (EEA) or UK, the General Data Protection Regulation (GDPR) requires us to explain the legal bases for processing your data:

Legal Bases for Processing

• Performance of a Contract: We process your account information, brew notes, and preferences because it is necessary to provide you with the Tamp&Timbre service you signed up for. Voice transcription and recipe parsing are processed to fulfill your use of these features.
• Legal Obligations: We may process your data where required to comply with applicable laws, regulations, or legal requests.

Your GDPR Rights

• Data portability: You can request a copy of your data by contacting us. We will respond within 30 days.
• Right to object: You can object to processing by deleting your account
• Right to erasure: You can delete your account and all associated data
• International transfers: Your data is processed in the United States by our service providers (Supabase and Cloudflare). These transfers are protected by standard contractual clauses and the service providers' compliance frameworks.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly.

CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act provides you with specific rights:

• Right to know: You can request information about the data we collect (described above)
• Right to delete: You can delete your account from the app settings
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
• Do Not Sell: We do not sell your personal information to third parties

Children's Privacy

Tamp&Timbre is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected data from a child under 18, please contact us immediately.

Local Storage

The Tamp&Timbre app stores data locally on your device to maintain your login session and store your preferences. This data remains on your device and is cleared when you sign out or delete the app.

Security

We take reasonable measures to protect your data, including:

• Encrypted data transmission
• Encrypted data storage
• Secure password hashing
• Access controls to protect your data

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Effective Date" at the top of this page. Your continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

[email protected]

We will respond to all privacy-related inquiries within 30 days.