Privacy Policy · Drippia

Drippia is a business platform operated by Vyntura Innovations, S.A. de C.V. (address: Av. Miguel Hidalgo y Costilla No. 1952). This Privacy Policy explains how we collect, use, and protect your information when you use the Drippia mobile application.

1. Information We Collect

To provide and improve Drippia, we collect the following types of data:

• Full name – used to identify and personalize your business account.
• Phone number – for account verification, support, and security.
• Contacts (optional) – only if you explicitly grant permission; used to share content or invite collaborators within the app.
• Google Sign‑in & Facebook Sign‑in – we receive your email address, public profile, and name based on your consent during login.
• Firebase authentication data – unique identifiers, tokens, and sign‑in methods managed via Firebase (Google).
• Push notification tokens – to send you relevant updates, reminders, and promotions.
• Future usage analytics (Firebase Analytics) – once enabled, we may collect anonymized interaction data (sessions, screen views, events) to improve the app. No personally identifiable information is shared through analytics.

Access to your contacts is always optional and requested only at the moment you try to use the share feature.

2. How We Use Your Information

Your data helps us deliver a seamless business experience:

• Create, authenticate, and manage your Drippia business account.
• Send push notifications (e.g., order status, promotional campaigns, brew lesson reminders).
• Enable sharing via your contact list (only after you grant permission).
• Analyze app performance and user engagement using Firebase Analytics (when launched – aggregated, non‑personal data).
• Process future purchases of coffee packages and brew lessons (expected in ~6 months).

3. Third‑Party Services & Firebase

Drippia relies on trusted third‑party tools to operate efficiently:

• Firebase (Google LLC) – authentication, push notifications, cloud storage, and future analytics. Firebase may collect device identifiers, app version, OS details, and crash data, but never your contacts or plain phone number beyond what’s required for authentication.
• Google Sign‑in – handled via Google’s OAuth 2.0 protocol. We only receive your name, email address, and profile image URL (if applicable).
• Facebook Sign‑in – managed by Meta; we receive public profile information and email address as per your Facebook permissions.

These services have their own privacy policies (Google/Firebase, Facebook). We encourage you to review them.

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. Limited data sharing occurs only in the following cases:

• With your explicit consent (e.g., sharing a referral with your contacts).
• To comply with legal obligations, court orders, or governmental requests.
• To protect the rights, property, or safety of Vyntura Innovations, our users, or the public.
• With service providers (like Firebase) who process data strictly on our behalf under confidentiality agreements.

5. Your Choices & Controls

You stay in control of your data:

• Contact access: can be enabled or revoked anytime via your device settings → Drippia → permissions.
• Push notifications: disable them through your device notification settings or directly inside the app (when the feature is available).
• Account deletion: request permanent deletion by contacting us (see section 7). After deletion, your data is removed from active systems within 30 days.
• Sign‑in methods: you may disconnect Facebook or Google from the app by adjusting your social account settings.

6. Data Retention

We retain your personal data (full name, phone number, sign‑in identifiers) as long as your Drippia account remains active. If you delete your account or stop using the service, we will delete or anonymize your personal information within 30 days, except where retention is required by law (e.g., tax or accounting obligations for future transactions).

7. Future Features: Coffee Packages & Brew Lessons

Approximately 6 months after the effective date of this policy, Drippia plans to introduce in‑app purchases for coffee packages and brew lessons. When those features launch:

• We will update this privacy policy with details about payment processing (likely Stripe or similar) and any additional data collected (e.g., shipping address for coffee packages).
• You will be notified of the changes via push notification and email, and your continued use after the update will constitute acceptance.
• No payment information is collected directly by Drippia; all transactions will be handled by secure third‑party payment processors.

8. Security Measures

We implement industry‑standard security practices, including encryption in transit (TLS) and Firebase’s secure authentication infrastructure. However, no online service is 100% secure. You are responsible for keeping your login credentials confidential.

9. Children’s Privacy

Drippia is intended for business users and individuals over the age of 18. We do not knowingly collect personal information from anyone under 13 years of age. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Privacy Policy

We may update this policy from time to time. If material changes are made, we will notify you through the app (e.g., pop‑up notice or email). The “Effective date” at the top of this page will be revised accordingly. We encourage you to review this policy periodically.