Cherrybook

Legal

Privacy Policy

Last updated: 2026-04-25

This policy explains what personal data Cherrybook (“we”, “us”) collects when you use cherrybookcoffee.com, why we collect it, who we share it with, and the rights you have over it. If you only use Cherrybook without signing in, we collect almost nothing about you.

What we collect

If you create an account, we collect and store:

  • Email address — required to send you magic-link sign-in emails and, if enabled, back-in-stock alerts.
  • Wishlist activity — the coffees you save.
  • Tasted log — the coffees you mark as tasted, liked, disliked, plus any rating or notes you add.
  • Palate quiz answers — your taste preferences from the quiz, used to personalize recommendations.
  • Stock alerts — the coffees you’ve asked us to notify you about when they come back in stock.
  • Authentication session — a signed, httpOnly cookie (cb_session) that keeps you signed in for 30 days.

If you browse Cherrybook without signing in, we do not store any personal data about you. Standard web-server logs (IP address, user-agent, request path) are retained for 30 days for operational purposes.

If you submit a DMCA notice or counter-notice through our DMCA page, we collect the personal information the statute requires (name, address, phone, email). See “Legal requests and DMCA correspondence” below for how that data is handled and shared.

We also record anonymous browsing events within Cherrybook — which coffees you viewed, searched for, compared, or saved — keyed to a per-browser session ID held in an httpOnly cookie (cb_sid). We use this to inform our discovery features and to publish anonymous, aggregated demand intelligence to roasters and importers. Individual browsing histories are never exposed to those audiences. See “Demand events and analytics” below.

How we use it

  • Authenticate your account and keep you signed in.
  • Deliver the features you signed up for (wishlist, alerts, personalized recommendations).
  • Diagnose errors and improve reliability via aggregated logs.
  • Send you account-related email (magic links; back-in-stock alerts if you requested them).

We do not sell your personal data. We do not share it with advertisers. We do not build behavioral profiles for ad targeting.

Sub-processors

We rely on a small number of service providers (“sub-processors”) to operate Cherrybook. Each one sees only the data it needs to do its job, and each is bound by its own privacy commitments:

  • Google Cloud (Vertex AI) — runs the LLM pipelines that extract structured data from roaster catalogs. The input is public product information scraped from roaster websites. It does not include your personal data.
  • Postmark (ActiveCampaign) — delivers magic-link sign-in emails. Receives your email address and the email body. Transactional-only sender; no marketing use. Back-in-stock alert delivery is not yet wired; when it ships, it will use the same Postmark path and we will update this disclosure.
  • Supabase — hosts the Postgres database that stores account + activity data. Located in Supabase’s privacy policy.
  • Railway — hosts the backend application servers + scheduled refresh jobs. No direct access to your data beyond standard hosting logs.
  • Vercel — hosts the frontend web application. Vercel sees request metadata (IP, user-agent) but not account contents.
  • Cloudflare — DNS + edge proxy for cherrybookcoffee.com. As an edge proxy, Cloudflare sees request metadata (IP, user-agent, headers) and briefly handles encrypted request and response bodies in transit. They do not retain account contents; we do not enable any of their analytics or scraping products on this account.
  • Sentry (if enabled) — error telemetry. Receives stack traces, request paths, and limited request metadata. We run a redaction hook that strips email addresses, session cookies, and authentication tokens from reports before they leave our servers. Sensitive fields in custom log messages are also redacted.

Retention

We keep account and activity data for as long as your account is active. If you delete your account, all personal data associated with it is removed within 30 days. Aggregated analytics that don’t identify individuals may be retained longer.

Your rights

Wherever you live, you can:

  • Access — request a copy of all data we hold about you.
  • Correct — ask us to fix anything that’s wrong.
  • Delete — remove your account and all personal data tied to it.
  • Export — receive your data in a machine-readable format.

If you’re in the EU or UK, these map to GDPR Articles 15, 16, 17, and 20. If you’re in California, they map to the equivalent CCPA rights (access, correction, deletion, portability).

To exercise any of these rights, email privacy@cherrybookcoffee.com or use the data controls on your account settings page. We aim to respond within 30 days.

Legal requests and DMCA correspondence

When someone submits a DMCA takedown notice or counter-notice via our DMCA page, we collect the personal information the statute requires: name, address, phone number, and email of the notifier. We retain that correspondence for at least three years for compliance and audit reasons, and we may forward it — in whole or in redacted form — to the user or roaster whose material is implicated, as required by 17 U.S.C. § 512. We may also disclose this information in response to a valid legal process (subpoena, court order, government request) or where we believe it’s necessary to protect rights, property, or safety. This is the only category of personal data on Cherrybook that may be shared outside the sub-processors named above.

Demand events and analytics

To improve discovery and to power Cherrybook’s demand- intelligence reports for roasters, we record anonymous events when you interact with the site: which coffees were rendered to you, which you viewed, searched for, compared, saved, or clicked through to buy. Each event is keyed to a per-browser session ID (cb_sid), not to any personally identifying information by default. If you’re signed in, the event is also linked to your account so you can request deletion of your event history alongside the rest of your data.

Raw event records are retained for 90 days, then aggregated into hourly / weekly rollups and the original rows are deleted. Aggregations exposed to roasters or importers always suppress cells with fewer than 10 distinct sessions, so individual users cannot be inferred from low- volume signal. Roasters and importers never see user IDs, email addresses, IP addresses, or any other identifier that could trace back to you. They see only counts, search-query text, and comparison patterns at the cohort level.

Under the California Consumer Privacy Act (CCPA), this category is “internet or other electronic network activity information.” You can request deletion of your event history via the data controls on your account settings page. Anonymous events without a session linked to an account remain in our 90-day rolling window and are aggregated out thereafter.

Cookies

We use two first-party cookies, both httpOnly + SameSite=Lax:

  • cb_session — signed JWT that keeps you signed in. Set when you sign in, expires after 30 days.
  • cb_sid — anonymous browser session identifier used for the demand-events analytics described above. Set on first request, expires after 1 year, contains no personal information.

We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

Children

Cherrybook is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have such data, contact us and we will delete it.

Changes to this policy

When we make material changes, we update the “Last updated” date at the top and, if you have an account, send you an email notice at least 14 days before the change takes effect.

Contact

Privacy questions: privacy@cherrybookcoffee.com.