Privacy Policy

• Customers — people who use the Kaffio mobile app to collect stamps and rewards.
• Businesses — café and food-business operators who use the Kaffio dashboard.
• Website visitors — anyone browsing kaffio.app.

Information you give us

• Mobile phone number (used for one-time-code sign-in)
• Full name
• Email address (business accounts)
• Business details — ABN, trading name, address (business accounts only)
• A suburb or location label you add to your profile (optional)

Information collected automatically

• Approximate device location, only while you are using the app, to show nearby cafés on the map. You can decline this in your device settings.
• Loyalty activity — stamps earned, rewards redeemed, deals claimed, QR scans.
• Device and diagnostic data — app version, operating system, crash reports.
• A unique account identifier.

Information we do not collect

• We do not collect precise location in the background.
• We do not track you across other companies’ apps or websites.
• We do not collect photos, contacts, health, financial, or biometric data. Face ID / Touch ID is handled by your device and never leaves it.

• Authenticate you and keep you signed in securely.
• Record stamps, rewards, and redemptions between you and participating businesses.
• Show you nearby cafés, deals, and programs you have joined.
• Send transactional notifications (e.g. “Reward ready to redeem”) if you have opted in.
• Diagnose crashes, prevent fraud and abuse, and improve the service.
• Comply with legal obligations.

We do not sell your personal information. We share limited data with the following service providers, who act on our instructions:

• Supabase Inc. — authentication, database, and edge-function hosting (data stored in AWS regions).
• Expo / EAS (Expo Application Services) — push notification delivery and crash diagnostics.
• Apple Inc. and Google LLC — app distribution, push notification transport, and, on Android, map tiles.

We also share data with a participating business when you scan their QR code or join their loyalty program — they can see your name and your activity with them, so they can deliver the reward you earned. They cannot see your activity with other businesses.

We may disclose information if required by law, to enforce our terms, or to protect the rights, property, or safety of Kaffio, our users, or the public.

Your data is stored on servers operated by Supabase in AWS data centres, primarily in the Asia-Pacific region. Some providers may process data outside Australia (including the United States). We take reasonable steps to ensure overseas recipients handle your data consistently with the Australian Privacy Principles.

We use TLS encryption in transit, at-rest encryption on managed databases, HMAC-signed QR redemptions, and device Secure Enclave / Keystore for session credentials. No system is perfectly secure — if you think your account has been compromised, contact us immediately at contact@kaffio.app.

• Access and correction — view and update your profile in the app, or email us.
• Delete your account — from the mobile app: Profile → Settings → Delete Account. Deletion removes your profile, stamps, and redemption history within 30 days. Some records may be retained where required by law (e.g. financial records for businesses).
• Push notifications — toggle in your device settings at any time.
• Location — the map will still work without location; you just won’t see “near you” distances.
• Complaints — contact us first. If unresolved, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au.

Kaffio is not directed at children under 13 and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us and we will delete it.

Our marketing website uses only essential cookies required for the site to function. We do not run third-party advertising or analytics trackers on this site.

We may update this policy from time to time. When we do, we will change the “Last updated” date above and, where changes are material, notify you in the app.

For any privacy question, data-access request, or complaint:

• Kaffio
• ABN: [ABN TO BE ADDED]
• Email: contact@kaffio.app