Last updated: May 26, 2026
This Privacy Policy explains how Creative Adventures Lab ("we", "us", "our") collects, uses, discloses, and protects information in connection with the Matcha mobile application (available on the App Store and Google Play, also referred to as "Matcha" or "the App"). It also describes your rights under applicable data protection law, including the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA").
Please read this policy carefully. By installing or using the App, you acknowledge that you have read and understood it.
1. Our Core Privacy Principle
Matcha is designed to be private by default and local-only. Your matcha cellar, brew sessions, taste profiles, ritual check-ins, custom prep profiles, freshness clocks, app preferences, and every other piece of content the App generates on your behalf are stored exclusively on your device — none of this content is ever stored, transmitted to, or visible to us or anyone else, because no Matcha-operated server exists.
The App uses no account system of any kind. There is no sign-in screen, no email/password registration, no Sign in with Apple, no Sign in with Google, no anonymous backend session, and no identity-based login. Each device runs its own independent copy of the App with its own local database. We do not maintain a server-side record of you.
The only data flow that leaves your device at all is the in-app purchase receipt that Apple StoreKit (iOS) or Google Play Billing (Android) generates and verifies on its own infrastructure to confirm your Matcha Pro entitlement. This receipt is handled entirely between your device and Apple or Google — we do not operate a verification server, we do not sit between your device and the platform store, and we do not receive your name, email, payment method, billing address, or any other identifier from the transaction.
We do not collect your email address, phone number, postal address, location, IP address, contacts list, browsing history, or any behavioural analytics from your use of the App. We do not run any third-party analytics, telemetry, advertising, crash-reporting, or tracking SDK in the App. We do not call any AI or LLM provider.
2. Data We Collect and Why
2.1 No Server-Side Account, No Server-Side Personal Data
The App does not create any user record on a Matcha-operated server, because no such server exists. When you first launch the App, no identity is generated on our infrastructure, no UUID is sent to us, and no row is inserted in any database we operate.
You never need to provide an email address, password, name, phone number, photograph, or third-party identity (such as Apple ID or Google Account) to use the App. The App does not present any sign-in screen of any kind.
If you would like a written confirmation that we hold no server-side record of you, email us at the address in Section 12 with the subject line "Matcha — Data Confirmation Request" and we will reply confirming that the App does not maintain any server-side personal-data record tied to your installation.
2.2 Subscription Verification — Handled by Apple and Google
When you start the 7-day free trial, make a Matcha Pro purchase, or tap "Restore Purchases" on the paywall, the platform store (Apple App Store or Google Play Store) processes the transaction on its own infrastructure under its own privacy policy. Our App uses the expo-iaplibrary to: