Privacy Policy
Last updated: July 11, 2025
Your privacy matters. This page explains what data we collect, why we collect it, and what you can do about it. By using MatchaRestock ("we," "us," "our," or "the Service"), you agree to the practices described below. If anything here worries you, please email matcharestock@gmail.com before continuing.
1. The Very Short Version
- We only collect what we need: your email, a Google OAuth ID if you sign in with Google, and a Stripe customer token if you have a paid plan.
- We don't sell or rent your details.
- We don't see your card number. Stripe handles all payments.
- You're in control: unsubscribe or delete your account at any time.
If you want the full story, read on.
2. Who We Are
MatchaRestock is an independent web tool that emails you when selected matcha products come back in stock. Our website is at https://matcharestock.com.
3. Personal Data We Collect
| Category | What it is | Why we need it | Can you remove it? |
|---|---|---|---|
| Email address | The address you enter at sign-up | • Create your account • Send restock alerts • Account messages (password reset, policy updates) | Yes – click "unsubscribe" or delete your account |
| Google OAuth ID (optional) | Secure token from Google if you use "Continue with Google" | Let you log in without a password | Yes – delete your account |
| Stripe customer token (paid users only) | Random identifier from Stripe | • Manage billing & receipts • Identify your subscription tier | Yes – cancel plan & delete account |
No other personal details (name, address, birth date, etc.) are required.
4. How We Use Your Data
- Provide the Service – create your account, send alerts, show your dashboard.
- Customer support – reply to questions or troubleshoot problems.
- Legal compliance – keep tax records or respond to lawful requests.
We do not use your info for ads, profiling, or data-brokering.
5. Legal Bases for Processing (GDPR)
| Purpose | Legal basis |
|---|---|
| Creating and running your account | Contract – we need the data to deliver what you asked for. |
| Email alerts | Legitimate interest – alerts are the core product; they're expected. |
| Marketing emails (e.g., new features) | Consent – we'll only send these if you opt in. |
| Fraud prevention & legal obligations | Legal duty / legitimate interest |
6. Cookies & Similar Tech
We keep it simple:
| Cookie | Lifespan | Purpose |
|---|---|---|
| Supabase auth tokens | Until you log out or 7 days (whichever is sooner) | Keeps you signed in securely |
| Stripe checkout cookies | As set by Stripe | Needed for secure payment flow |
No analytics or third-party ad cookies. You can block cookies in your browser, but the site may not work correctly.
7. Third-Party Service Providers
| Provider | What they do | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, subscription tier, payment token |
| Google OAuth | Optional password-free login | Email address & OAuth ID |
Each provider is vetted for security and privacy.
8. Data Retention
- Active accounts: we keep your data until you delete the account.
- Deleted accounts: your email & tokens are wiped within 7 days; invoices required for tax stay for 7 years (U.S. law).
9. Keeping Your Data Safe
- HTTPS everywhere.
- Database & backups encrypted at rest.
- Access limited to the founder and automated deployment systems.
- Regular security patches and routine penetration tests.
- Incident-response plan: if a breach occurs, we'll notify affected users within 72 hours (GDPR standard).
10. Your Rights
Depending on where you live, you may have the right to:
| Right | What it means |
|---|---|
| Access | Ask what data we hold about you. |
| Correction | Fix inaccurate data. |
| Deletion | Delete your account ("right to be forgotten"). |
| Portability | Get a copy of your data in CSV/JSON. |
| Withdraw consent | Opt out of marketing emails at any time. |
| Complain | Contact your local data-protection authority. |
Email matcharestock@gmail.com and we'll respond within 30 days.
11. Children's Privacy
MatchaRestock is not directed to children under 13. We do not knowingly collect data from them. If you believe a child has provided personal info, email us; we'll delete it.
12. Changes to This Policy
If we make material changes, we'll:
- Post the new version here with a new "Last updated" date.
- Email all registered users before the change takes effect.
Continuing to use the Service after that means you accept the updated policy.
13. Contact Us
Questions or requests: matcharestock@gmail.com
By using MatchaRestock, you acknowledge that you have read and understood this Privacy Policy.