Ir directamente al contenido
  1. ENVIAMOS DENTRO DE LAS 24 HORAS LABORABLES DESDE EL MOMENTO DEL PEDIDO (48 HORAS UE)
  2. ENVÍO GRATIS EN ITALIA EN COMPRAS SUPERIORES A 69€ (UE 99€)

 +39 3472213724

 info@garagecoffeebros.com

País

Idioma

SensoCup CVA — Privacy Policy (EN)

Privacy Policy — SensoCup CVA

Privacy Policy — SensoCup CVA

Data Controller: Garage Coffee Bros. S.r.l. — Via Basso Acquar 30/C, 37135 Verona (VR), Italy
VAT IT04571890237 — info@garagecoffeebros.com
Last updated: June 2026

This privacy policy applies exclusively to the SensoCup CVA application available at cva.garagecoffeebros.com. For the Garage Coffee Bros. e-commerce website, please refer to the store privacy policy.

1. Who we are

SensoCup CVA is a professional coffee sensory assessment tool developed by Garage Coffee Bros. S.r.l. The application implements the CVA (Coffee Value Assessment) protocol of the Specialty Coffee Association (SCA) and enables professionals and enthusiasts to record, analyse and share coffee sensory evaluations.

2. Data we collect

2.1 Account data

  • First and last name
  • Email address
  • Password (stored in encrypted form via Supabase Auth)

2.2 Professional profile data

  • Professional category (e.g. roastery, importer, producer)
  • Age range
  • Country of origin and country of operation
  • Gender (optional)
  • SCA qualifications (Q Grader Evolved, Q Instructor) — optional

2.3 Sensory assessment data

  • Descriptive tab: aromatic intensities, CATA descriptors, sensory notes
  • Affective tab: CVA scores for fragrance, aroma, flavor, aftertaste, acidity, sweetness, mouthfeel, overall; calculated CVA Score
  • Extrinsic tab: origin data (country, region, farm, producer, variety, process, certifications, FOB/farm gate prices)
  • Physical tab: colour, moisture, defects (cat. 1 and 2), screen size distribution

2.4 Technical data

  • IP address (logged by Vercel/Supabase for security purposes)
  • Date and time of assessments
  • Device type and browser

3. Purposes and legal bases of processing

Purpose Legal basis
Service delivery (account, saving assessments, sessions) Performance of contract (Art. 6(1)(b) GDPR)
Authentication and security Legitimate interest (Art. 6(1)(f) GDPR)
Research and service improvement via anonymous aggregated data Consent (Art. 6(1)(a) GDPR) — given at registration
Tax and accounting obligations (subscriptions) Legal obligation (Art. 6(1)(c) GDPR)
Service communications (updates, technical issues) Legitimate interest (Art. 6(1)(f) GDPR)

4. Data sharing

4.1 Individual data

Individual user data (assessments, profile) is never sold, transferred or shared with third parties for commercial or marketing purposes.

4.2 Aggregated and anonymous data

Except for users on the Business plan (who explicitly opt for full privacy), assessment data may be included in aggregated and anonymised datasets used for:

  • Coffee quality research in collaboration with industry bodies (e.g. SCA)
  • Improvement of assessment algorithms
  • Publication of aggregated statistics without user identification

Aggregated data contains no identifying information (name, email, sensitive extrinsic data such as prices).

4.3 Sub-processors

Provider Service Location
Supabase Inc. Database, authentication, storage USA (SCCs applicable)
Vercel Inc. Application hosting USA (SCCs applicable)
Lemon Squeezy LLC Payments and subscriptions USA (SCCs applicable)

Transfers to the USA are based on Standard Contractual Clauses (SCCs) approved by the European Commission.

5. Data retention

  • Account and profile data: retained for the duration of the contractual relationship + 10 years for tax obligations
  • Assessment data: retained for the lifetime of the account; upon account deletion, removed within 30 days
  • Payment data: managed by Lemon Squeezy; retained according to their policy
  • Technical logs: retained for 90 days

6. Security

Data is protected by:

  • TLS encryption in transit
  • Encryption at rest (Supabase)
  • Row Level Security (RLS) on all data: each user accesses only their own data
  • Secure authentication via Supabase Auth (passwords never stored in plain text)
  • Limited and audited administrative access

7. Your rights

As a data subject you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure ("right to be forgotten") (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability in a structured format (Art. 20 GDPR)
  • Object to processing based on legitimate interest (Art. 21 GDPR)
  • Withdraw consent at any time for consent-based processing

To exercise these rights, write to: info@garagecoffeebros.com

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante) at www.garanteprivacy.it, or with the supervisory authority in your country of residence.

8. Cookies and tracking

SensoCup CVA uses only technical cookies necessary for the service to function (authentication session). No profiling, advertising tracking or third-party analytics cookies are used.

9. Minors

The service is not intended for persons under 16 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us at info@garagecoffeebros.com.

10. Changes to this policy

Material changes will be notified by email to registered users with at least 30 days' notice. Continued use of the service after that period constitutes acceptance of the changes.

11. Contact

Garage Coffee Bros. S.r.l.
Via Basso Acquar 30/C — 37135 Verona (VR) — Italy
Email: info@garagecoffeebros.com
Tel: +39 347 221 3724

SensoCup CVA — by Garage Coffee Bros. S.r.l. — Version 1.0 — June 2026

Anunciar códigos de descuento, envío gratuito, etc.

Carrito

just focus on puppy, the slogan close to him

Su carrito actualmente está vacío

Empezar a comprar