← Home

Privacy Policy

Last updated: 6 April 2026

What we collect

When you sign in with Google, we receive and store:

  • Your display name, email address, and profile photo
  • A unique user identifier (UID) assigned by Firebase Authentication

When you use RoastTime, we store:

  • Your kitchen setup (appliance types and names)
  • Your roast plans (dishes, serve times, timelines, completions)
  • People names and dish preferences (if you use people tracking)
  • Plating positions and completion state

How we store it

All data is stored in Google Cloud Firestore, part of the Firebase platform, hosted in the provider's data centres. Data is encrypted in transit (TLS) and at rest. Firestore security rules ensure only you can read and write your own data. Administrators can access user data for support and moderation purposes.

What we don't do

  • We do not sell or rent your data to anyone
  • We do not share your data with third-party advertisers
  • We do not display ads
  • We do not use tracking pixels or third-party analytics
  • We do not store passwords (authentication is handled entirely by Google via Firebase Auth)

Cookies and local storage

RoastTime uses Firebase's authentication tokens stored in browser local storage to keep you signed in. We do not use marketing or analytics cookies. No cookie consent banner is required because we only use strictly necessary storage.

Third-party services

We use the following third-party services:

  • Firebase Authentication (Google) — handles sign-in and identity
  • Cloud Firestore (Google) — stores your data
  • Cloud Functions for Firebase (Google) — runs server-side logic for admin and tier operations
  • Cloudflare Pages — hosts the static web app

Each provider has its own privacy policy. We encourage you to review them. We do not send your data to any services beyond those listed above.

Data retention

Your data is kept for as long as your account exists. Archived roasts remain accessible to you unless you delete them. If you delete a roast, it is permanently removed from Firestore.

Your rights

You can:

  • View all your data within the app at any time
  • Delete individual roasts from your dashboard
  • Request full deletion of your account and all associated data by contacting us
  • Request a copy of your data in a portable format

If you are in the UK or EU, you have additional rights under GDPR including the right to access, rectification, erasure, and data portability. Contact us to exercise these rights.

Children

RoastTime is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the app. Continued use after changes constitutes acceptance.

Contact

Privacy questions or data requests? Visit our Contact page.