Privacy Policy

Last updated: May 25, 2026

Introduction

This Privacy Policy describes how WeBean and its affiliates (“WeBean,” “we,” “our,” or “us”) collect, use, disclose, and protect information when you use our mobile application (the “App”). This Privacy Policy applies to all users of the App.

BY USING THE APP, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT USE THE APP.

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting. Your continued use of the App after changes constitutes acceptance of the modified Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Registration Information:

• Email address
• Username
• Password (encrypted and hashed)
• Profile picture (optional)
• Display name (optional)
• Date of birth (for age verification)

Profile and Preference Data:

• Coffee taste profile and preferences
• Brewing method preferences
• Favorite coffee types and roast levels
• Taste quiz responses and results
• Dietary restrictions or allergen information (optional)
• Coffee consumption habits

User-Generated Content:

• Coffee reviews, ratings, and written feedback
• Photos and images of coffee beans, packaging, and brewing
• Comments, replies, and discussions
• Coffee brewing logs and history
• Custom lists, collections, and favorites
• Any other content you choose to submit

Communication Data:

• Messages sent to our support team
• Survey responses and feedback
• Any correspondence with WeBean

1.2 Information Collected Automatically

Usage and Activity Data:

• Features and sections accessed
• Timestamps and duration of use
• Search queries and filters used
• Interaction with recommendations (views, clicks, dismissals)
• Content you view, like, save, or share
• Frequency and patterns of use
• In-app navigation and behavior

Device and Technical Information:

• Device type, model, and manufacturer
• Operating system type and version
• Unique device identifiers (UDID, advertising ID, IDFA, Android ID)
• Mobile network carrier and connection type
• IP address and approximate location based on IP
• Browser type and version (if applicable)
• Screen resolution and device settings
• Time zone and language settings

Location Information:

• Approximate location (city, state, region) derived from IP address
• Precise GPS location (only with your explicit permission)
• Location data is used to suggest nearby coffee shops, roasters, and cafes

OCR and Image Data:

• Photos and images you upload for scanning
• Text and data extracted through OCR processing
• Image metadata (may include EXIF data such as timestamp, device info, GPS coordinates if not stripped)
• Processing results and confidence scores
• Images may be stored, analyzed, and used to train and improve our OCR and machine learning models

Analytics and Performance Data:

• App performance metrics (load times, crashes, errors)
• Diagnostic and crash reports
• Error logs and debugging information
• Feature usage and adoption statistics
• A/B testing data and experiment results

Cookies and Similar Technologies:

• Session cookies and authentication tokens
• Local storage and cached data
• Analytics cookies and tracking pixels
• Preference cookies for settings

1.3 Information from Third Parties

Social Media Platforms:

• If you connect third-party accounts (Facebook, Google, Apple), we may receive:
• Profile information (name, email, profile picture)
• Friends list or social connections (if permitted)
• Public profile data according to your platform settings

Authentication Services:

• OAuth tokens and user identifiers
• Email addresses and verified account information from providers like Google Sign-In, Apple Sign-In, or similar services

Payment Processors (if applicable):

• Transaction IDs and payment confirmation
• Billing information (processed by third-party payment processors, not stored by us)
• Purchase history

Advertising and Analytics Partners:

• Device advertising IDs
• Attribution data for app installs and campaigns
• Aggregated demographic and interest data

Coffee Product Information:

• We may supplement your data with publicly available coffee product information, images, and descriptions from third-party sources

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Provide and Improve Services

• Create, maintain, and authenticate your account
• Display and process your reviews, ratings, and content
• Generate personalized coffee recommendations using algorithms and machine learning
• Build, update, and refine your taste profile
• Process OCR scans and extract text from images
• Track your brewing history and provide insights
• Enable communication and interaction with other users
• Develop, test, and improve existing features
• Research and develop new features and functionality
• Analyze usage patterns to optimize user experience
• Conduct A/B testing and experiments
• Train and improve machine learning models and algorithms

2.2 Communication and Notifications

• Send important service announcements and updates
• Respond to your inquiries, support requests, and feedback
• Send transactional emails (account verification, password resets, etc.)
• Send push notifications about new reviews, replies, follows, or recommendations (with your consent)
• Send promotional content, newsletters, and marketing communications (only with your explicit opt-in consent)
• Conduct surveys and request feedback

2.3 Security, Fraud Prevention, and Safety

• Detect, investigate, and prevent fraudulent activity, abuse, and security threats
• Monitor for violations of our Terms of Service
• Verify user identity and authenticate accounts
• Protect the rights, property, and safety of WeBean, our users, and the public
• Investigate and respond to user reports and complaints
• Enforce our policies and legal agreements

2.4 Legal Compliance and Protection

• Comply with applicable laws, regulations, and legal processes
• Respond to court orders, subpoenas, and government requests
• Establish, exercise, or defend legal claims and rights
• Prevent illegal activities and potential harm
• Maintain records as required by law

2.5 Analytics, Research, and Business Operations

• Understand how users discover and interact with the App
• Analyze demographics, preferences, and behavior patterns
• Conduct research on coffee preferences and trends
• Generate aggregated, anonymized statistics and reports
• Evaluate and improve our business operations
• Assess and optimize marketing effectiveness
• Support mergers, acquisitions, or business transfers

2.6 Advertising and Monetization (if applicable)

• Display personalized advertisements (with your consent where required)
• Measure advertising effectiveness and attribution
• Work with advertising partners and networks

We may use information for other purposes disclosed to you at the time of collection or with your consent.

3. How We Share Your Information

WE DO NOT SELL YOUR PERSONAL INFORMATION TO THIRD PARTIES.

We may share your information in the following circumstances:

3.1 Public Information

The following information is publicly visible to other users and may be indexed by search engines:

• Your username and profile picture
• Your public bio and profile information
• Your reviews, ratings, comments, and replies
• Your public lists and collections
• Your followers and following lists (if your profile is public)
• Any content you choose to make public
• Coffee beans you’ve logged (depending on your privacy settings)

You control the visibility of much of this information through your privacy settings.

3.2 With Other Users

• When you interact with other users (follow, comment, reply)
• When other users view your public profile or content
• When you participate in community features

3.3 Service Providers and Vendors

We share information with third-party service providers who perform services on our behalf, including:

• Cloud Infrastructure: Supabase (which hosts data on AWS)

• Analytics: Google Analytics, Firebase Analytics, or similar platforms for usage analytics

• Crash Reporting: Sentry, or similar tools for error tracking

• Customer Support: Zendesk, Intercom, or similar platforms for customer service

• Email Services: SendGrid, AWS SES, or similar providers for transactional and marketing emails

• Push Notifications: Firebase Cloud Messaging, Apple Push Notification Service, or similar services

• Authentication: Auth0, Supabase Auth, or similar identity management services

• Payment Processing: Stripe, PayPal, Apple Pay, Google Pay, or similar payment processors (if applicable)

• OCR and Machine Learning: Google Vision API, AWS Rekognition, or similar AI/ML services

• Content Delivery: Cloudflare, Fastly, or similar CDN providers

• Database Services: MongoDB Atlas, Amazon RDS, or similar database providers

• Advertising Partner: Google AdMob for serving advertisements, which may collect device identifiers and usage data for ad personalization

These service providers are contractually required to:

• Use your information only for specified purposes
• Protect your information with appropriate security measures
• Not disclose your information to unauthorized parties
• Comply with applicable data protection laws

3.4 Business Transfers and Corporate Transactions

Your information may be transferred in connection with:

• Mergers, acquisitions, or consolidations
• Sale of all or substantially all of our assets
• Bankruptcy, reorganization, or similar proceedings
• Corporate restructuring or changes in ownership

We will notify you before your information becomes subject to a different privacy policy.

3.5 Legal Requirements and Safety

We may disclose your information when required or permitted by law:

• In response to subpoenas, court orders, or legal processes
• To comply with government or regulatory requests
• To enforce our Terms of Service or other agreements
• To protect our rights, property, safety, or security
• To protect the rights, property, safety, or security of our users or the public
• To prevent fraud, abuse, or illegal activities
• To investigate potential violations of our policies
• In connection with legal claims or disputes

3.6 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

3.7 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably identify you, including:

• Overall usage and demographic statistics
• Popular coffee trends and preferences
• Industry reports and research
• Marketing and promotional materials

This data is not considered personal information and may be used and shared without restriction.

3.8 Publicly Available Information

Information you post publicly (reviews, comments, profile) may be:

• Viewed by anyone, including non-users
• Indexed by search engines (Google, Bing, etc.)
• Shared or reposted by other users
• Archived by third parties

4. Data Retention and Deletion

4.1 Retention Period

We retain your information for as long as:

• Your account is active
• Necessary to provide you with services
• Required to fulfill the purposes described in this Privacy Policy
• Required by law, regulation, or legal obligation
• Necessary for legitimate business purposes (fraud prevention, dispute resolution, etc.)

4.2 Account Deletion

When you request account deletion:

• Your personal information is deleted or anonymized within 3-7 business days of your request
• Some information may be retained in anonymized or aggregated form
• Backup copies may persist for up to 90 additional days before permanent deletion
• Your public reviews and content may remain visible but will be anonymized (disconnected from your identity)
• Information required for legal, security, or fraud prevention purposes may be retained longer

To request account deletion, contact us at support@webean.app or use the in-app account deletion feature.

To request account deletion:

• In-app: Go to Profile > Settings > Delete Account
• Online: Submit a request at our deletion request form
• Email: Contact us at support@webean.app

4.3 Extended Retention

We may retain certain information longer when:

• Required by law (tax records, transaction logs, etc.)
• Necessary to resolve disputes or enforce agreements
• Essential for security, fraud prevention, or safety purposes
• Stored in backup systems that are periodically purged
• Part of legal holds or ongoing investigations

4.4 Deletion Limitations

Even after deletion, information may persist:

• In cached or archived systems temporarily
• If shared with third parties prior to deletion (subject to their policies)
• In de-identified or aggregated form used for analytics
• As required by legal or contractual obligations

5. Your Privacy Rights and Choices

5.1 Access and Portability Rights

You have the right to:

• Access your personal information we hold
• Request a copy of your data in a structured, commonly used format
• Download your data for personal use or transfer to another service

5.2 Correction and Update Rights

You have the right to:

• Update your account information at any time through app settings
• Correct inaccurate or incomplete information
• Request correction if you cannot update information yourself

5.3 Deletion Rights

You have the right to:

• Request deletion of your account and personal information
• Understand that some information may be retained as described in Section 4
• Receive confirmation when deletion is complete

5.4 Opt-Out and Objection Rights

Marketing Communications:

• Unsubscribe from promotional emails via the unsubscribe link in each email
• Opt out of marketing communications in app settings
• You will continue to receive transactional emails (receipts, security alerts, etc.)

Push Notifications:

• Disable push notifications in your device settings
• Manage notification preferences in app settings

Personalized Recommendations:

• Opt out of personalized recommendations in app settings
• This may limit certain app functionality

Location Tracking:

• Disable location access in your device settings
• We will only access location with your permission

Advertising (if applicable):

• Opt out of personalized advertising through device settings (iOS: Limit Ad Tracking; Android: Opt out of Ads Personalization)
• Use NAI opt-out tools: http://www.networkadvertising.org/choices/
• Use DAA opt-out tools: http://www.aboutads.info/choices/

Analytics:

• Some analytics can be limited through app settings
• Complete analytics opt-out may limit app functionality

Cookies (web version):

• Adjust browser settings to refuse cookies
• Clear cookies and browsing data
• Note that some features may not function properly without cookies

5.5 Do Not Track

We do not currently respond to Do Not Track (DNT) signals. We may adopt a DNT standard if one is established in the future.

5.6 Regional Privacy Rights

A. For Users in the European Economic Area (EEA), UK, and Switzerland (GDPR)

You have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request confirmation of what personal data we process and obtain a copy
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data in certain circumstances
• Right to Restriction of Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a portable format and transmit it to another controller
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right Not to be Subject to Automated Decision-Making: Object to decisions based solely on automated processing, including profiling
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

Legal Basis for Processing: We process your data based on:

• Consent: For optional features, marketing, and certain data uses
• Contract Performance: To provide services you’ve requested
• Legitimate Interests: For analytics, security, and service improvement
• Legal Obligation: To comply with applicable laws

Data Transfers: We transfer data from the EEA to the United States and other countries. We use appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions
• Other lawful transfer mechanisms

Data Protection Officer: Contact our DPO at support@webean.app for GDPR-related inquiries.

B. For Users in California (CCPA/CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

• Categories of personal information collected
• Categories of sources from which information is collected
• Business or commercial purposes for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

Right to Delete:

• Request deletion of your personal information (subject to exceptions)

Right to Opt-Out:

• We do not sell your personal information
• We do not share your personal information for cross-context behavioral advertising
• If this changes, you will have the right to opt out

Right to Correct:

• Request correction of inaccurate personal information

Right to Limit Use of Sensitive Personal Information:

• We do not use or disclose sensitive personal information for purposes other than those specified in CCPA regulations

Right to Non-Discrimination:

• We will not discriminate against you for exercising your CCPA rights
• We will not deny goods or services, charge different prices, or provide different quality of service

Authorized Agents:

• You may designate an authorized agent to make requests on your behalf
• We may require verification of the agent’s authority

Categories of Personal Information Collected: See Section 1 for detailed information.

How We Use Information: See Section 2 for business and commercial purposes.

Retention Period: See Section 4 for retention periods.

Sensitive Personal Information: We may collect the following sensitive personal information:

• Precise geolocation data (with permission)
• Account login credentials (encrypted)

C. For Users in Nevada

Nevada residents have the right to opt out of the “sale” of their personal information as defined by Nevada law.

We do not sell personal information as defined by Nevada law.

If our practices change, we will update this Privacy Policy and provide Nevada residents with an opt-out mechanism.

D. For Users in Virginia, Colorado, Connecticut, Utah, and Other States with Privacy Laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, or another state with comprehensive privacy legislation, you may have additional rights including:

• Right to access personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to data portability
• Right to opt out of targeted advertising, sale of personal data, and profiling
• Right to appeal our decisions regarding your requests

5.7 Exercising Your Rights

How to Submit Requests:

• Email: support@webean.app
• In-App: Use the privacy request feature (if available)
• Mail: Shop It First LLC, 2054 S. Euclid St, Ste H, #3112, Anaheim, CA 92802

Verification: We may require verification of your identity before fulfilling requests to protect your privacy and security. Verification may include:

• Matching information you provide with information we have on file
• Requesting additional identifying information
• Asking you to confirm your request through your registered email

Response Time:

• We will respond to verified requests within the timeframe required by applicable law (typically 30-45 days)
• We may extend this period by an additional 30-45 days when reasonably necessary, with notice

Fees:

• We generally do not charge fees for requests
• We may charge reasonable fees for excessive, repetitive, or manifestly unfounded requests

Limitations: Some requests may be denied or limited if:

• We cannot verify your identity
• The request is legally not required or permitted
• Information is necessary for legal compliance
• Information is required for security or fraud prevention
• The request conflicts with our legal obligations

6. Data Security and Protection

6.1 Security Measures

We implement industry-standard security measures to protect your information, including:

Technical Safeguards:

• Encryption of data in transit using TLS/SSL (HTTPS)
• Encryption of sensitive data at rest (passwords, payment info)
• Secure authentication protocols and password hashing (bcrypt, Argon2, or similar)
• Firewall protection and intrusion detection systems
• Secure API design and access controls
• Regular security updates and patches
• Database security and access restrictions

Organizational Safeguards:

• Access controls and role-based permissions (least privilege principle)
• Employee training on data security and privacy
• Background checks for employees with access to sensitive data
• Confidentiality agreements and data handling policies
• Incident response and breach notification procedures
• Regular security audits and assessments
• Third-party security reviews and penetration testing

Physical Safeguards:

• Secure data centers with physical access controls
• Environmental controls and monitoring
• Redundant systems and backup power

Monitoring and Response:

• Continuous monitoring for security threats
• Automated threat detection and alerts
• Regular security assessments and vulnerability scans
• Incident response team and procedures

6.2 Limitations and Disclaimers

No Absolute Security:

• While we strive to protect your information, no method of transmission or storage is 100% secure
• We cannot guarantee absolute security against all potential threats
• Unauthorized access, hardware/software failure, and other factors may compromise security

Your Responsibility: You are responsible for:

• Keeping your password secure and confidential
• Using strong, unique passwords
• Enabling two-factor authentication (if available)
• Logging out from shared or public devices
• Not sharing your account with others
• Promptly reporting any unauthorized access or security concerns

Third-Party Security: We are not responsible for the security practices of third-party services, websites, or platforms linked from our App.

6.3 Security Incidents and Breach Notification

In the event of a data breach that may affect your personal information:

• We will investigate and assess the incident promptly
• We will notify affected users as required by applicable law
• We will notify relevant regulatory authorities when required
• We will take steps to mitigate harm and prevent future incidents
• Notification will include information about the breach, affected data, and steps you can take to protect yourself

To report a security vulnerability, contact us at support@webean.app.

7. Children’s Privacy

7.1 Age Restriction

The App is not intended for children under 13 years of age.

We do not knowingly collect, use, or disclose personal information from children under 13. If you are under 13, please do not use the App or provide any information.

7.2 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided personal information to us:

• Contact us immediately at support@webean.app
• Provide sufficient information to verify you are the child’s parent or guardian
• We will promptly delete the child’s information from our systems

7.3 Age Verification

We may implement age verification measures to prevent access by children under 13.

7.4 Teen Users (13-17)

For users between 13 and 17 years old:

• We recommend parental guidance and supervision when using the App
• Parents can review and request deletion of their teen’s information
• Certain features may be restricted for teen users

We encourage parents to monitor their children’s online activities and educate them about safe internet use.

8. International Data Transfers

8.1 Data Transfer

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, where our servers and service providers may be located.

These countries may have data protection laws that differ from those in your country.

8.2 Safeguards for International Transfers

When we transfer data internationally, we implement appropriate safeguards, including:

For EEA/UK/Switzerland:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement/Addendum
• Swiss-U.S. Data Privacy Framework (if applicable)
• Adequacy decisions by the European Commission
• Binding Corporate Rules (if applicable)
• Other legally valid transfer mechanisms

For Other Jurisdictions:

• Contractual protections with service providers
• Adherence to recognized international frameworks
• Additional security measures for sensitive data

8.3 Consent to Transfer

By using the App, you consent to the transfer of your information to countries outside your country of residence, including countries that may not provide the same level of data protection as your country.

9. Cookies and Tracking Technologies

9.1 Types of Technologies We Use

Cookies: Small text files stored on your device that help us recognize your browser and remember information about your visit.

Local Storage: Data stored locally within the App on your device.

Device Identifiers: Unique identifiers associated with your device (UDID, advertising IDs, etc.).

SDKs (Software Development Kits): Third-party tools and libraries integrated into our App for analytics, advertising, and other purposes.

Pixels and Beacons: Small images or code snippets that track activity (primarily used in emails and web versions).

9.2 How We Use These Technologies

Essential/Functional:

• Authenticate your account and maintain your session
• Remember your preferences and settings
• Enable core App functionality

Analytics and Performance:

• Understand how users interact with the App
• Measure feature usage and adoption
• Identify and fix bugs and performance issues
• Conduct A/B testing and experiments

Personalization:

• Provide personalized recommendations
• Customize content and features based on your preferences
• Remember your past interactions

Advertising (if applicable):

• Deliver targeted advertisements
• Measure ad performance and attribution
• Limit ad frequency

Security:

• Detect and prevent fraud and abuse
• Monitor for security threats
• Enforce our Terms of Service

9.3 Third-Party Tracking

We use third-party services that may set their own cookies or tracking technologies:

• Google Analytics
• Firebase Analytics
• Facebook/Meta SDKs (if applicable)
• Advertising networks (if applicable)
• Other analytics and marketing platforms

These third parties may collect information about your activities across different apps and websites over time.

9.4 Your Choices Regarding Tracking

App Settings:

• Adjust privacy and analytics preferences in app settings
• Some features may require certain tracking to function

Device Settings:

• iOS: Settings > Privacy > Advertising > Limit Ad Tracking
• Android: Settings > Google > Ads > Opt out of Ads Personalization
• Manage location permissions
• Manage push notification permissions

Web Browser (if applicable):

• Adjust browser cookie settings
• Use browser privacy features (Private/Incognito mode)
• Install browser extensions that block tracking

Opt-Out Tools:

• Network Advertising Initiative: http://www.networkadvertising.org/choices/
• Digital Advertising Alliance: http://www.aboutads.info/choices/
• Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout

Consequences of Opting Out:

• Disabling certain cookies or tracking may limit App functionality
• You may not receive personalized recommendations or content
• Some features may not work properly

10. Third-Party Links, Services, and Content

10.1 Third-Party Links

The App may contain links to third-party websites, services, or platforms, including:

• Coffee roaster and retailer websites
• Social media platforms
• Coffee-related content and blogs
• E-commerce platforms

10.2 No Responsibility

We do not control, endorse, or assume responsibility for:

• The privacy practices of third-party services
• The content or accuracy of third-party websites
• The terms of service of external platforms
• Data collected by third parties

10.3 Third-Party Privacy Policies

Each third-party service has its own privacy policy and terms of service. We encourage you to review these policies before providing information or using these services.

Your interactions with third parties are governed solely by their policies, not this Privacy Policy.

10.4 Social Media Features

The App may include social media features and widgets (e.g., Facebook Like button, Twitter share button). These features:

• May collect your IP address and page activity
• May set cookies to enable proper functionality
• Are hosted by third parties or directly on our App
• Are governed by the privacy policy of the company providing the feature

11. Changes to This Privacy Policy

11.1 Right to Modify

We reserve the right to modify, update, or replace this Privacy Policy at any time, at our sole discretion.

11.2 Notification of Changes

We will notify you of material changes by:

• Updating the “Last Updated” date at the top of this Privacy Policy
• Posting the updated Privacy Policy in the App
• Sending an email notification to your registered email address (for significant changes)
• Displaying a prominent in-app notice or push notification
• Requiring your acceptance for material changes (where required by law)

11.3 Effective Date of Changes

Changes become effective:

• Immediately upon posting for non-material changes
• 30 days after notification for material changes (or as otherwise specified)
• Upon your acceptance if required by law

11.4 Your Options

If you do not agree to changes:

• You may stop using the App
• You may request deletion of your account and information
• Continued use of the App after changes become effective constitutes acceptance of the modified Privacy Policy

11.5 Review Responsibility

It is your responsibility to periodically review this Privacy Policy for updates. We recommend checking this Privacy Policy regularly to stay informed about how we protect your information.

12. California-Specific Disclosures

12.1 California Consumer Privacy Act (CCPA) Metrics

In compliance with CCPA, we provide the following metrics for the previous calendar year:

Number of Requests Received:

• Right to Know requests: No requests received during the first year of operation
• Right to Delete requests: No requests received during the first year of operation
• Right to Opt-Out requests: No requests received during the first year of operation

Response Information:

• Average response time: No requests received during the first year of operation
• Requests complied with (in whole or in part): No requests received during the first year of operation
• Requests denied: No requests received during the first year of operation

12.2 California “Shine the Light” Law

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your consent.

12.3 Financial Incentives

We do not offer financial incentives or price differences related to the collection, sale, retention, or deletion of personal information.

13. Contact Information and Data Protection Officer

13.1 General Privacy Inquiries

Email: support@webean.app

Subject Line: Privacy Inquiry

13.2 Data Protection Officer (DPO)

For GDPR-related inquiries or to contact our Data Protection Officer:

Email: support@webean.app

Subject Line: GDPR/Data Protection Inquiry

13.3 Privacy Rights Requests

To exercise your privacy rights (access, deletion, correction, etc.):

Email: support@webean.app

Subject Line: Privacy Rights Request

Include: Your full name, registered email address, and specific request details

13.4 Security Concerns

To report security vulnerabilities or incidents:

Email: support@webean.app

Subject Line: Security Report [URGENT if applicable]

13.5 Mailing Address

WeBean

Shop It First LLC

2054 S. Euclid St, Ste H, #3112

Anaheim, CA 92802

13.6 EU Representative (if applicable)

For users in the European Union:

EU Representative: Not currently required

13.7 Supervisory Authority

For EEA/UK users: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

For California users: You may contact the California Attorney General’s Office regarding CCPA complaints.

14. Additional Information

14.1 Data Controller

For the purposes of GDPR and other data protection laws, the data controller is:

WeBean

Shop It First LLC

2054 S. Euclid St, Ste H, #3112

Anaheim, CA 92802

14.2 Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

• Consent: When you have given clear consent for specific purposes
• Contract: When processing is necessary to perform our contract with you
• Legal Obligation: When we must comply with legal requirements
• Legitimate Interests: When processing is in our or a third party’s legitimate interests (and not overridden by your rights)
• Vital Interests: When processing is necessary to protect someone’s life

14.3 Automated Decision-Making and Profiling

We use algorithms and automated systems to:

• Generate personalized coffee recommendations
• Create taste profiles based on your preferences
• Suggest content you might enjoy
• Detect fraud and abuse

You have the right to:

• Request human review of automated decisions
• Express your point of view
• Challenge automated decisions

14.4 Data Processing Addendum (DPA)

For business customers, partners, or enterprise users, a separate Data Processing Addendum (DPA) may be available upon request. Contact support@webean.app for more information.

14.5 Privacy by Design

We incorporate privacy considerations into our:

• Product design and development
• Data collection and processing practices
• Security architecture and infrastructure
• Business operations and decision-making

14.6 Transparency and Accountability

We are committed to:

• Being transparent about our data practices
• Providing clear, accessible privacy information
• Responding promptly to privacy inquiries and requests
• Regularly reviewing and updating our privacy practices
• Maintaining compliance with applicable privacy laws

15. Summary of Key Points

We want to make it easy for you to understand our privacy practices. Here are the key points:

✓ We collect account information, usage data, device info, and content you create

✓ We use your data to provide services, personalize recommendations, and improve the App

✓ We do NOT sell your personal information to third parties

✓ We share data with service providers, for legal compliance, and with your consent

✓ You have rights to access, correct, delete, and control your information

✓ We protect your data with encryption, access controls, and security measures

✓ We retain data while your account is active and as required by law

✓ We’re here to answer your privacy questions at support@webean.app

BY USING THE APP, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.