Privacy Policy

The Espresso · ZG Media · Last updated: May 2, 2026

1. Data Controller

ZG Media
Gianluca Zgur
Am Fendlbach 13 A
82211 Herrsching, Germany

Email: support@kitetheworld.net

This privacy policy applies to the mobile app The Espresso (iOS & Android) and the associated Firebase Hosting website.

2. What Data We Collect

Depending on how you use the app, we process the following categories of data:

3. Firebase Authentication & Sign-In Providers

Third-party service

For secure sign-in we use Google Firebase Authentication as well as the following optional sign-in providers:

During sign-in, name, email, and an authentication token are transmitted to Firebase depending on the provider chosen. Passwords are stored in encrypted form only. Firebase servers are located in the EU/USA. More information: firebase.google.com/support/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance)

4. Cloud Firestore & Firebase Storage

Third-party service

Your app data (profile, shot statistics, recipes) is stored in Google Cloud Firestore to enable cross-device synchronisation.

Images and videos (e.g. shot photos, profile picture) are stored in Firebase Cloud Storage. Uploads are limited to the following types:

All data is stored by Google encrypted with AES-256. You can delete your data at any time in the app settings. Legal basis: Art. 6(1)(b) GDPR

5. AI Analysis via OpenAI

Third-party service – Important

The Espresso offers an optional AI-assisted espresso analysis. When you use this feature, video frames and photos of your espresso shot as well as anonymised brew parameters (dose, time, temperature) are transmitted to the API of OpenAI, L.L.C., USA and analysed there by an AI model (GPT-4o).

What is transmitted:

What is NOT transmitted: Your name, email, or any other account data. The transmission contains no directly identifying information.

OpenAI processes incoming API data in accordance with its API Data Usage Policy and does not use this data to train models. OpenAI is certified under the EU-US Data Privacy Framework (DPF).

The analysis is voluntary – you can use the app fully without the AI analysis.

Legal basis: Art. 6(1)(a) GDPR (consent through use of the feature); Art. 6(1)(b) GDPR (contract performance)

6. RevenueCat (Subscriptions)

Third-party service

For managing Pro subscriptions we use RevenueCat, Inc., USA. RevenueCat processes your anonymous user ID, subscription status, and purchase IDs from Apple/Google. Payment data (credit card etc.) remains exclusively with Apple or Google and is never shared with RevenueCat or us.

RevenueCat privacy policy: revenuecat.com/privacy

Legal basis: Art. 6(1)(b) GDPR

7. Community Features

When you use community features (sharing recipes, posts, tips, following users), the following data is visible publicly or to signed-in users:

You can disable community features in the app's privacy settings. Deleted content is permanently removed.

Legal basis: Art. 6(1)(a) GDPR (consent)

8. Push Notifications

With your explicit permission, we send push notifications via Firebase Cloud Messaging (FCM). An anonymous device token is stored for this purpose, which contains no personal data. You can disable push notifications at any time in your iOS/Android settings.

Legal basis: Art. 6(1)(a) GDPR (consent)

9. Anonymous Analytics

We may collect anonymised usage data (e.g. which features are used) via Firebase Analytics to improve app stability. This data cannot be traced back to individual persons. No personal data is shared with third parties for advertising purposes.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests)

10. International Data Transfers

Some of our service providers (Google/Firebase, OpenAI, RevenueCat) are based in the USA. Data transfers are carried out on the basis of the following mechanisms:

Further information: dataprivacyframework.gov

11. Data Storage & Deletion

We store personal data only for as long as necessary for the stated purposes or as required by statutory retention obligations (commercial and tax law: 6–10 years).

You can permanently delete your account and all associated data at any time in the app settings under Account → Delete Account.

12. Your Rights

GDPR (EU/EEA): You have the right to access, rectification, erasure, data portability, restriction of processing, and the right to object. You can also lodge a complaint with the competent supervisory authority (Germany: bfdi.bund.de).

CCPA (California, USA): You have the right to know what personal data we hold about you, to request its deletion, and to opt out of its "sale" (which we do not conduct).

To exercise your rights, please contact us at support@kitetheworld.net.

13. Children's Privacy

The Espresso is not intended for children under 13 years of age. We do not knowingly collect data from children under 13. If you believe a child has created an account without permission, please contact us immediately.

14. Changes to This Policy

We update this privacy policy when our data processing practices change. The date of the last update is shown at the top of the page. For material changes we will notify you via push notification or at the next app launch.

15. Contact

For all privacy-related enquiries and to exercise your rights:

ZG Media – Gianluca Zgur
Am Fendlbach 13 A, 82211 Herrsching, Germany
Email: support@kitetheworld.net