1) Who We Are
The controller of your personal data is Dentappl Inc. (United States).
Address: 8 The Green, Dover, DE 19901
Contact email: info@dentappl.com.
2) Scope
This Privacy Policy describes how we collect, use, disclose, and protect information when you use our
mobile application that helps users discover coffee shops, view them on a map, save places,
submit ratings/reviews, and allows owners to claim and manage listings and premium features.
App-only policy: this document covers the mobile app. If we later operate a separate website with cookies or similar technologies,
it will have its own cookie disclosures/controls as required by law.
3) Data We Collect
3.1 Information you provide
- Account data: name, email, and authentication identifiers (via Sign in with Apple / Google Sign-In).
- Profile data: optional username, photo, preferences, saved places.
- User content: ratings, reviews, comments, photos you upload, and support requests.
- Coffee shop submissions: shop name, address/location, hours, services/tags, links (menu/delivery), photos.
- Owner/Business data (if applicable): business name, role, verification info, contact details, billing contact.
3.2 Information collected automatically
- Device & app data: device type, OS version, app version, language, time zone, IP address, identifiers.
- Usage data: screens viewed, taps/clicks, feature usage, performance and crash diagnostics.
- Approximate location (from IP) for security/abuse prevention (where applicable).
3.3 Location data
With your permission, we may collect precise location (GPS) to show nearby coffee shops,
calculate distance, and improve map results. You can disable location access in device settings.
Some features may not work without location.
3.4 Payments (Stripe)
If you purchase premium features (e.g., owner subscriptions), payments are processed by Stripe.
We typically do not store full payment card numbers. We may store limited billing metadata such as your Stripe customer ID,
subscription status, plan, invoices/receipts timestamps, and payment outcome information.
3.5 Push notifications
If you enable push notifications, we may use a device token to deliver notifications (e.g., important service updates).
You can turn notifications off in device settings.
4) How We Use Data
- Provide and operate the Service (accounts, maps, listings, search, saved places).
- Authenticate you and keep your account secure.
- Process submissions, reviews/ratings, and owner listing management.
- Enable premium features and manage billing/subscriptions via Stripe.
- Personalize content (e.g., show nearby shops, improve ranking/recommendations).
- Customer support and communications (service updates, security alerts).
- Analytics, debugging, performance monitoring, and improving the Service.
- Safety, security, fraud prevention, and enforcing our Terms.
- Comply with legal obligations and respond to lawful requests.
5) Legal Bases (GDPR/EEA/UK)
If you are in the EEA/UK, we process personal data under one or more legal bases:
- Contract: to provide the Service you request (account, features, subscriptions).
- Consent: where required (e.g., precise location, optional notifications, certain tracking).
- Legitimate interests: improving the Service, security, preventing fraud, analytics (balanced with your rights).
- Legal obligation: compliance, tax/accounting, responding to lawful requests.
6) How We Share Data
We may share information in the following cases:
-
Service providers (processors): hosting, databases, analytics/crash reporting, email/support tools,
image storage, map providers, authentication providers, and Stripe for payment processing.
-
Public content: reviews/ratings and certain coffee shop listing details may be visible to other users
(e.g., shop name, address, hours, photos, and your review display name).
- Business transfers: merger, acquisition, financing, or sale of assets (with appropriate safeguards).
- Legal: to comply with laws, enforce Terms, protect rights, safety, and prevent fraud/abuse.
California notice (CCPA/CPRA)
We do not sell your personal information in the traditional sense. We also do not knowingly share personal information for
cross-context behavioral advertising. If our practices change, we will update this Policy and provide required opt-out mechanisms.
7) Authentication Providers (Sign in with Apple / Google Sign-In)
We offer sign-in using third-party authentication providers:
Apple Inc. (“Sign in with Apple”) and Google LLC (“Google Sign-In”).
7.1 Data we receive from Apple/Google
Depending on what you choose to share, we may receive:
- Basic account info: name (may be provided once), email address, and a unique identifier for your sign-in.
- Email privacy: with Sign in with Apple, you may use Apple’s private relay email; we will treat it as your account email in the Service.
- Authentication tokens: we receive tokens/credentials necessary to verify your identity and keep you signed in.
We do not receive your Apple ID password or Google password.
7.2 How we use this data
- To create your account, authenticate you, and secure your access to the Service.
- To prevent fraud/abuse and protect the integrity of accounts.
- To communicate with you about your account and the Service (using the email associated with your account).
7.3 Provider policies
Apple and Google process certain data as independent providers under their own privacy policies.
Your use of their sign-in is also subject to their terms.
8) App Tracking & SDKs
The app may use SDKs for analytics, performance, and crash diagnostics. These tools may collect device/app events and identifiers.
- App Tracking Transparency (iOS): If we ever use tracking that requires ATT permission (e.g., IDFA for advertising),
we will request your permission in-app. If you deny permission, we will not access IDFA for that purpose.
- Attribution: If we run marketing campaigns, we may measure aggregate installs and usage to understand campaign performance.
9) Data Retention
We keep personal data as long as necessary to provide the Service and for legitimate business purposes:
maintaining accounts, complying with legal obligations, resolving disputes, and enforcing agreements.
- Account data: retained while your account is active; deleted or anonymized after deletion requests where feasible.
- User content: may remain visible if shared publicly (e.g., reviews); we can remove or de-identify where required by law.
- Billing records: retained as required for tax/accounting/legal compliance.
10) Security
We use administrative, technical, and organizational measures designed to protect data.
No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
11) Your Rights
11.1 EEA/UK (GDPR)
- Access, correction, deletion, portability
- Restrict or object to processing
- Withdraw consent (where processing is based on consent)
- Lodge a complaint with your local data protection authority
11.2 California (CCPA/CPRA)
- Know what personal information we collect, use, and disclose
- Request deletion (with exceptions)
- Correct inaccurate information
- Non-discrimination for exercising your rights
11.3 How to exercise rights
Contact us at info@dentappl.com with your request. We may verify your identity and/or account ownership.
12) International Transfers
We may process and store information in the United States and other countries where we or our providers operate.
If you are in the EEA/UK and data is transferred outside your region, we use appropriate safeguards such as
Standard Contractual Clauses (and/or UK addendum) where required.
13) Children
The Service is not directed to children under 13 (or under 16 in certain jurisdictions).
We do not knowingly collect personal information from children. If you believe a child provided data, contact us to remove it.
14) Changes
We may update this Policy. If changes are material, we will provide notice in the app.
The “Effective date” above indicates when this Policy was last updated.
