CoffeePals Privacy Regulation Compliance

There are significant changes happening in the data privacy regulatory environment, as you may already know about the EU's GDPR that came into effect on May 25, 2018, and various other regulations that are currently in place or being developed worldwide. To consolidate useful information regarding our products and privacy regulations in one location, we have created a reference document. In addition, our comprehensive Privacy Policy is also available for your perusal. If you have any queries, feedback, or apprehensions regarding our Privacy Policy, your data, or your rights concerning your information, please reach out to us at

EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) went into effect on May 25, 2018. CoffeePals is compliant.

Does GDPR affect me?

The scope of GDPR is extensive if you operate in or have dealings within the EU. In case you have any personal data of EU residents in your CoffeePals account, like names, email addresses, or any other identifiable information, GDPR applies to you. As per GDPR regulations, you are considered a Controller of personal data and must sign a GDPR-compliant Data Processing Addendum (DPA) with all online service providers and third-party vendors you utilize, including CoffeePals.

Data Processing Addendum

For processing personal data of individuals in the EU, it is mandatory to have a contract that complies with GDPR regulations. To ensure that GDPR privacy principles, rights, and obligations are upheld in all instances of personal data processing, we offer a standard Data Processing Addendum (DPA). The DPA is applicable when you use CoffeePals services to process Customer Data as defined in the DPA and the General Data Protection Regulation is applicable. The DPA incorporates the Standard Contractual Clauses of the European Commission to extend GDPR privacy principles, rights, and obligations.

How do I execute the DPA?

1. Download the Data Processing Addendum
2. Complete and sign the DPA as described under “HOW TO EXECUTE THIS DPA”
3. Send the DPA to
4. We'll sign the DPA and return it to you


To deliver our services, CoffeePals employs third-party subprocessors such as customer support software and cloud computing providers. We have signed GDPR-compliant data processing agreements with each of these subprocessors and also insist that they have the same in place. Please refer to the list of CoffeePals subprocessors for more information.

California Consumer Privacy Act (CCPA)

The CCPA makes a crucial distinction between "service providers," "businesses," and "third parties." You can review the definitions of these terms on the website of the California Attorney General at

According to the CCPA, CoffeePals is classified as a "service provider." Therefore, we only process the data you provide us for the specific purpose you signed up for. Our business model is straightforward: we charge our customers a recurring subscription fee, and we do not use your data for any commercial purposes or sell your personal information unless you have given us explicit consent.

Moreover, the CCPA grants additional rights to California residents concerning their data. We extend those rights to all our customers, and they are explained in detail in our Privacy Policy. Our Privacy Policy also outlines the data we collect for providing our services and clearly specifies the only situations where we access or share your information.

Adapted from the Basecamp open-source policies / CC BY 4.0