Privacy Policy

Effective date: March 2026 · Urban Cafe

📋 Overview

Urban Cafe operates the Urban Cafe mobile app and website at urbancafe.cc. This page explains what personal information we collect, how we use it, and the choices you have.

By using the app or website you agree to this policy. If you do not agree, please stop using the service.

🗂️ Information We Collect

Account information — your name, email address, and (optionally) your phone number and address, provided when you sign up or edit your profile.
Authentication identifiers — a hashed user ID created when you sign in with Google or email.
Loyalty data — points balance and transaction history (points earned and redeemed) associated with your account.
Profile photo — only if you voluntarily upload one.
Device & usage information — your device type and general browser / OS version, collected automatically to ensure the app works correctly. We do not collect precise location.

🎯 How We Use Your Information

To create and manage your account.
To operate the loyalty points programme — awarding and tracking points.
To display your order history and profile information within the app.
To send important service notifications (e.g., app updates).
To improve and debug the application.

We do not sell your personal information to third parties, and we do not use it for targeted advertising.

🤝 Third-Party Services

We use the following trusted third-party services to operate the app:

Supabase — our backend database and authentication provider. Your data is stored securely in Supabase (EU West). Supabase Privacy Policy →
Google Sign-In — optional authentication method. If used, Google shares your name and email with us. Google Privacy Policy →
Cloudflare / Vercel — content delivery and hosting. They may log basic request metadata (IP, timestamp) for security purposes.

🔒 Data Security

We implement industry-standard security measures:

All data is transmitted over HTTPS (TLS 1.2+).
Passwords are never stored — authentication is handled via OTP codes and OAuth.
Loyalty tokens are short-lived and single-use.
Database access is protected by Row-Level Security (RLS) policies — users can only access their own data.
Sensitive credentials are stored encrypted on your device.

🗑️ Data Retention & Deletion

We retain your account data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us (see below). We will process your request within 30 days.

Deleted accounts and their data cannot be recovered.

👶 Children's Privacy

Urban Cafe is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

🔄 Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Effective date" at the top of this page. Continued use of the app after changes constitutes acceptance of the new policy.

📞 Contact Us

If you have any questions about this privacy policy, or wish to exercise your rights (access, correction, or deletion of your data), please contact our privacy team:

Email: owner@urbancafe.cc
In-app: Profile → Contact Us

We aim to respond to all privacy-related requests within 30 days.