Privacy Notice

Last updated: 4 May 2026

Dose exists so you can keep a record of the coffee you drink — and share that record with others who care. To do that, we need to handle some information about you. This notice explains what we collect, why, and what choices you have. We've tried to write it in plain English, because we'd want the same from any app we use.

Who we are
What we collect
Why we collect it
Our legal basis for using your data
Who we share it with
International data transfers
Where we store it and for how long
How we protect it
Your rights
Children's privacy
Cookies on this website
Changes to this notice
How to contact us

1. Who we are

Dose is built and operated by NJ Samari, based in Manchester, United Kingdom. For the purposes of UK data protection law, I'm the data controller — which means I decide what personal data is collected and how it's used.

You can reach me at admin@dosecoffee.app for any privacy question, request, or complaint.

2. What we collect

The information Dose collects falls into a few categories. We've listed every category here — if it's not in this list, we don't collect it.

Information you give us when you sign up

Email address — used to log in, to verify your account, and to send transactional messages like password resets.
Password (stored as a salted hash by our authentication provider, never as plain text).
If you sign in with Google, we receive your email address and your name from Google's OAuth service. That's all.

Information you give us as you use Dose

Username and display name, which appear on your public profile.
Profile photo, if you choose to add one.
Bio and location (city, region, country), if you choose to fill them in.
Your equipment (grinder, espresso machine, brew methods).
Your coffee reviews: bean name, roaster, origin, roast level, brew details (dose, yield, time, grind size), tasting notes, rating, photos.
Social activity: who you follow, what you like, comments you make.

Information we collect automatically

Account timestamps — when you signed up, when you last logged in.
Crash and error reports, if you experience a bug. These are anonymised wherever possible and used only to fix problems.

What we don't collect: we don't track your location in the background. We don't use behavioural advertising trackers. We don't fingerprint your device. We don't sell anything to anyone.

3. Why we collect it

We use the information above for the following purposes, and nothing else:

To run the app — let you sign in, save your reviews, and follow other users.
To enable the social features you choose to use — show your public reviews on the explore feed, notify others when you follow them, deliver comments.
To communicate with you about your account — confirmation emails, password resets, security alerts.
To fix problems — diagnose crashes and bugs.
To improve Dose — understand which features are used so we can build the right things next. Where possible we look at this in aggregate, not by identifying individuals.

4. Our legal basis for using your data

Under UK GDPR, we need a "lawful basis" for everything we do with your personal data. Here's ours:

Contract: most of the data we hold is what we need to provide the service you signed up for. We can't run your account without your email address, for example.
Legitimate interests: we use crash reports and aggregate usage data to keep Dose working and to improve it. We've assessed this and believe it doesn't override your rights — but you can always object (see "Your rights" below).
Consent: where we ask for something specific — like a profile photo or location — we treat your choice to provide it as your consent. You can withdraw at any time.
Legal obligation: occasionally we may need to retain or disclose data to comply with a law (for example, responding to a court order).

We share data only with the small set of third parties that help us actually run Dose. We don't sell your data to anyone, ever.

Service providers

Supabase (database, authentication, file storage) — hosted in the European Union (Ireland). They process data on our behalf under a data processing agreement.
Resend (transactional email delivery) — used to send you confirmation and reset emails. Hosted in the European Union.
Google (only if you choose to sign in with Google) — Google verifies your identity and shares your email with us; nothing more.
Expo / Vercel (app and web hosting) — these companies host the app's code and the website you're reading. They don't have access to your account contents.

Other users

The whole point of Dose is to let you share your coffee reviews with other people who care about coffee. When you mark a review as public, other Dose users can see your username, your review, and your profile information. You decide what's public and what stays private.

Anyone we're legally required to share with

If we ever receive a valid legal request from a court or regulator, we may have to share information. We'll resist requests we believe are overreaching, and tell you about it where the law allows.

6. International data transfers

Most of your data stays in the European Union (Supabase is hosted in Ireland; Resend in the EU). If we ever transfer data outside the UK or EU — for example to a US-based provider — we'll do it under the safeguards UK GDPR requires (Standard Contractual Clauses or equivalent adequacy decisions).

7. Where we store it and for how long

We hold your account and its content for as long as your account is active. If you delete your account, we delete your reviews, photos, follows, likes, and comments along with it — usually within 30 days. Some backup copies may persist for up to 90 days for disaster recovery reasons, after which they're permanently erased.

Crash logs and aggregate usage data are kept for up to 12 months, then deleted.

8. How we protect it

We take security seriously. In practice that means: all data is transmitted over HTTPS; passwords are hashed using industry-standard algorithms; database access is restricted by Row Level Security so users can only access data they're allowed to; OAuth tokens are stored in secure device storage where the platform supports it.

No system is perfectly secure. If we ever discover a breach that affects your data, we'll notify you and the UK Information Commissioner within 72 hours, in line with the law.

9. Your rights

Under UK GDPR, you have the following rights over your personal data. To exercise any of them, email us at admin@dosecoffee.app.

Access — you can ask for a copy of the data we hold about you.
Correction — you can correct anything that's inaccurate, either from inside the app or by writing to us.
Deletion — you can ask us to delete your account and everything associated with it. You can also do this yourself from within the app.
Portability — you can ask for your data in a machine-readable format so you can take it elsewhere.
Objection — you can object to us using your data for any specific purpose (for example, analytics).
Restriction — you can ask us to pause processing your data while we resolve a question about it.
Withdrawal of consent — wherever we rely on your consent, you can change your mind at any time.

If you think we've handled your data badly, you can complain to the UK Information Commissioner's Office: ico.org.uk. We'd appreciate the chance to address your concern first, though.

10. Children's privacy

Dose is intended for people aged 13 and over. We don't knowingly collect personal data from anyone under 13. If you're a parent or guardian and believe your child has signed up, please contact us and we'll delete the account.

11. Cookies on this website

This website (dosecoffee.app) uses no analytics, tracking, or advertising cookies. The only cookies that may be set come from our hosting provider for basic security purposes. The Dose mobile app does not use cookies — it uses secure on-device storage for your login session, which works only on your own device.

12. Changes to this notice

If we make material changes to this notice, we'll let you know in the app and update the "last updated" date above. Continued use of Dose after a change means you accept the new version. We won't make changes that materially reduce your rights without giving you a real chance to read them first.

13. How to contact us

For any privacy question, request, complaint, or just to say hello, write to:
admin@dosecoffee.app

NJ Samari, Manchester, United Kingdom.