← Back to Tamp

Privacy Policy

LAST UPDATED: APRIL 4, 2026

Tamp ("we", "us", "our") is operated by Idea Fabriek, based in Amsterdam, the Netherlands. We respect your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR).

What We Collect

When you create a Tamp account, we collect:

• Email address — to identify your account and send transactional emails (e.g., sign-in links).
• Display name — shown on your profile within the app.
• Authentication provider — whether you signed in via Apple, Google, or email. If you use Apple Sign-In or Google Sign-In, we receive and store a provider user ID and verify your identity token server-side. We do not receive or store your Apple or Google password.

When you use the app, we collect:

• Coffee journal data — beans you log (name, origin, process, roast level, rating, tasting notes) and brew logs (method, grind setting, ratio, water temperature, brew time, notes). This data is created entirely by you.
• Bean photos — images you attach to beans are stored in Cloudflare R2 object storage.

When you use the roaster map feature, your device location is used ephemerally to show nearby roasters. Location data is processed on-device and is never sent to or stored on our servers.

When you join the Tamp waitlist, we collect:

• Email address — to notify you when Tamp launches and send you waitlist updates.
• Signup date — to track your position on the waitlist.

When you use the contact form, we collect:

• Name and email address — so we can respond to your message.
• Your message — the content of your inquiry.

We also process your IP address temporarily for rate limiting to prevent abuse. This is not stored.

Legal Basis

We process your data under the following legal bases (Article 6(1) GDPR):

• Consent (Article 6(1)(a)) — for account creation, waitlist signup, and contact form submissions.
• Legitimate interest (Article 6(1)(f)) — for operating and securing the service (e.g., rate limiting, fraud prevention, infrastructure monitoring).

Why We Collect It

We use your data solely to:

• Provide the Tamp coffee journal service — storing your beans, brew logs, and preferences.
• Authenticate your identity and secure your account.
• Sync your data across devices via cloud backup.
• Send transactional emails (sign-in links, account notifications).
• Respond to messages you send through the contact form.
• Notify waitlist subscribers when Tamp is available to download.

We will not send marketing emails, share your data with third parties for their marketing purposes, or use your data for any purpose other than what is stated above.

How Long We Keep It

• Account and journal data — kept for as long as your account is active. When you delete your account, all data (beans, brew logs, images) is permanently deleted.
• Bean photos — stored in Cloudflare R2 for as long as the associated bean or account exists. Deleted when you remove the bean or delete your account.
• Waitlist data — kept until 30 days after Tamp's public launch, then permanently deleted.
• Contact form messages — kept for up to 12 months, then deleted.

Third Parties

We use the following services to process your data:

• Cloudflare (USA) — hosting, API infrastructure, database (D1), image storage (R2), and caching. Privacy Policy
• Resend (USA) — email delivery for sign-in links and transactional emails. Privacy Policy
• Apple (USA) — identity verification for Apple Sign-In. Privacy Policy
• Google (USA) — identity verification for Google Sign-In. Privacy Policy
• Sentry (Germany / EU) — crash reporting and session replay so we can fix bugs that hit real users. IP addresses are not collected. Privacy Policy
• PostHog (Germany / EU) — product analytics, hosted in Frankfurt. Used only when you enable "Help improve Tamp" in Settings → Privacy. Captures event names (e.g. "bean_logged") and small property bags (e.g. roaster id) — never tasting notes, brew details, or images. You can revoke at any time by toggling the setting off. Privacy Policy
• RevenueCat (USA) — subscription and payment processing (future). Privacy Policy

EU-hosted services (Sentry, PostHog) keep your data in the EU. Other providers process data under Standard Contractual Clauses (SCCs) or equivalent mechanisms for EU-to-US data transfers.

Data Export

You can export all of your data (beans, brew logs, and account information) in JSON format from the app settings at any time.

Account Deletion

You can delete your account from within the app settings. Account deletion is permanent and irreversible. It removes all of your data, including beans, brew logs, tasting notes, and bean photos stored in Cloudflare R2.

Your Rights

Under GDPR, you have the right to:

• Access — request a copy of the data we hold about you, or use the in-app data export feature.
• Rectification — ask us to correct inaccurate data, or edit it directly in the app.
• Erasure — delete your account and all associated data from the app settings. For the waitlist, you can use the unsubscribe link in any email we send.
• Data portability — export your data in a structured, machine-readable format (JSON) from the app.
• Withdraw consent — at any time, by deleting your account, unsubscribing, or contacting us.
• Lodge a complaint — with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Cookies

This website uses no tracking cookies, analytics scripts, or third-party trackers. We only store your theme preference (light/dark mode) in your browser's local storage, which is not personal data.

Contact

For any privacy-related questions or to exercise your rights, contact us via the contact form on our website.

Data Controller

Idea Fabriek
Amsterdam, the Netherlands