Privacy Policy

Effective Date: March 16, 2026

AIMesh Labs ("we," "us," or "our") operates the AI Coffee Toolkit at coffee.aimeshlabs.ai. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

1. Information We Collect

Account Data

When you create an account, we collect your email address and display name. Authentication is handled through Supabase (including Google OAuth if you choose that sign-in method).

Coffee Business Data

Depending on which tools you use, you may provide us with menu items, customer reviews, roast profiles, equipment information, waste logs, and other coffee business data for AI analysis.

Images

You may upload images of coffee beans, latte art, espresso shots, or other coffee-related photos for AI-powered quality analysis and scoring.

POS Data

If you connect a point-of-sale system (Square, Toast), we access sales data, inventory levels, and customer visit frequency to provide business intelligence and recommendations.

Usage Data

We collect information about which features you use, when you use them, and how often, to improve our service and understand usage patterns.

2. How We Use Your Data

  • AI Analysis and Recommendations — Your business data and images are processed by AI models to generate actionable insights, quality scores, content suggestions, and operational recommendations.
  • Service Improvement — Aggregated and anonymized usage data helps us improve our models and features.
  • Usage Analytics — We track feature usage to manage subscription limits and provide usage reports on your settings page.

We do not sell your personal data to third parties.

3. Data Storage and Security

Infrastructure

Your account and business data are stored on Supabase, which is hosted on Amazon Web Services (AWS) infrastructure with encryption at rest and in transit.

Image Processing

Images you upload are sent to AI APIs (Anthropic Claude, OpenAI) for analysis. These providers process images in real time and do not permanently store them. See their respective privacy policies for details.

POS Data

Raw POS data is used for analysis and then aggregated or anonymized. We do not permanently store raw POS transaction records beyond what is needed for the analysis you requested.

4. Data Retention

  • Account data is retained for as long as your account is active.
  • Analysis results are retained until you choose to delete them.
  • Uploaded images are processed and discarded after analysis. They are not permanently stored on our servers.

After account closure, we retain your data for 30 days to allow export, then permanently delete it within 90 days.

5. Your Rights

You have the right to:

  • Access your data — view all data associated with your account.
  • Export your data — download your analysis history and business data.
  • Delete your data — request complete deletion of your account and associated data.
  • Disconnect POS integrations at any time through your settings page.
  • Close your account — contact us and we will delete your account and all associated data.

To exercise any of these rights, contact us at privacy@aimeshlabs.ai.

6. Cookies

We use minimal cookies for authentication session management only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

7. Third-Party Services

We use the following third-party services to operate Cupreo:

  • Supabase — Authentication and database
  • Stripe — Payment processing
  • Square — POS integration
  • Anthropic (Claude) — AI analysis
  • OpenAI — AI analysis (fallback)
  • Google Places API — Business location data

Each of these services has its own privacy policy governing how they handle data. We encourage you to review their policies. We maintain data processing agreements with our sub-processors in compliance with GDPR Article 28.

8. California Residents (CCPA)

We do not sell or share your personal information as defined by the California Consumer Privacy Act (CCPA/CPRA). If you are a California resident, you have the right to request disclosure of the categories of personal information we collect, the purposes for collection, and the categories of third parties with whom we share it. You may also request deletion of your personal information. If you wish to exercise your rights under CCPA, contact us at privacy@aimeshlabs.ai.

9. European Users (GDPR)

If you are located in the European Union, you have the right to access, rectify, port, and erase your personal data. You also have the right to object to or restrict certain processing of your data. Our legal bases for processing include: your consent (provided when you create an account), contract performance (to provide the service you subscribed to, including payment processing and POS data integration), and our legitimate interest in operating and improving the service. Contact privacy@aimeshlabs.ai to exercise your rights.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours via email and comply with all applicable breach notification laws.

11. Children

Cupreo is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at the address associated with your account. The updated policy will be posted on this page with a revised effective date.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

AIMesh Labs
Massachusetts, USA
Email: privacy@aimeshlabs.ai