<

Privacy Policy

OchaBox

Effective date: January 2026

1. Introduction

OchaBox operates the website ochabox.ca and the OchaBox mobile application (together, the "Service"). OchaBox is a Canada-based tea tasting and research-oriented platform.

This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

By using OchaBox, you consent to the practices described in this policy.

2. Information We Collect

We collect only information that is reasonably necessary to operate and improve the Service.

a) Information you provide directly

  • Email address (used for account access via one-time password)
  • Tea tasting notes, ratings, preferences, tags, and comments
  • Photos you upload related to tastings
  • Profile information such as an avatar or display name
  • Messages or feedback you send to us

We do not collect passwords, payment information, or government-issued identification.

b) Information collected automatically

Website (ochabox.ca):

  • Basic technical data such as browser type and device type
  • Cookies required for site functionality
  • Vercel Web Analytics for basic site usage (page views, referrers, device type)

This data is used only for performance and reliability and is not used for advertising.

Mobile application:

  • The app does not use cookies
  • Limited technical data may be processed for security and reliability (such as IP address)

c) Subscription information (if applicable)

If you purchase OchaBox Pro or other in-app subscriptions, payment is processed by the Apple App Store or Google Play. We do not receive your payment card details.

We receive subscription status, product identifiers, and purchase timestamps so we can provide access and support.

3. Account Authentication

OchaBox uses passwordless authentication via one-time passcodes (OTP).

  • Login codes are sent to your email address
  • No passwords are stored by OchaBox
  • Authentication is handled securely through Supabase

4. How We Use Personal Information

We use personal information to:

  • Provide and maintain the Service
  • Authenticate users and manage accounts
  • Save, display, and organize tasting data and photos
  • Improve features, usability, and performance
  • Conduct internal analysis and research on tea tasting trends
  • Communicate with users about service-related matters

OchaBox does not sell personal information and does not use personal data for advertising.

5. Research and Aggregated Data

OchaBox includes a research component.

  • Tasting data may be analyzed in aggregated or anonymized form
  • Individual users are not identified in research outputs
  • Aggregated insights may inform product development, internal analysis, or publication

Researchers or academics interested in this data must contact us directly. Personal information is not shared without appropriate safeguards and consent.

6. Cookies and Similar Technologies

  • The website uses cookies required for basic functionality
  • The mobile application does not use cookies

You can manage cookies through your browser settings. Disabling cookies may affect website functionality.

7. Data Storage and Cross-Border Processing

  • Website hosting is provided by Vercel
  • Database, authentication, and file storage are provided by Supabase
  • The primary database is hosted in Canada

Some service providers may process limited technical data (such as logs or infrastructure metadata) outside Canada, including in the United States. When this occurs, personal information is protected using contractual and technical safeguards consistent with PIPEDA.

8. Sharing of Information

We do not sell personal information.

We may share limited information only with:

  • Service providers required to operate the Service (hosting, authentication, storage)
  • Authorities where required by law

Service providers are required to protect personal information and use it only for authorized purposes.

To help keep OchaBox safe and appropriate, we may use automated tools to detect and prevent abusive, explicit, or otherwise inappropriate content in uploaded photos. This may involve sending uploaded images, or links to those images, to a third-party service provider for content analysis solely for moderation and safety purposes. These providers are not permitted to use the images for advertising or unrelated purposes.

9. Data Retention and Backups

Personal information is retained only as long as necessary to provide the Service and to meet legal, operational, or research requirements.

When an account is deleted, associated personal data is removed from active systems. Backup copies may persist for a limited period (typically up to 30 days) before being permanently deleted.

10. Your Rights Under Canadian Law

Under PIPEDA, you have the right to:

  • Access your personal information
  • Request corrections
  • Withdraw consent, subject to legal or operational limitations
  • Request deletion of your account

Requests can be made by contacting: delete@ochabox.ca

You can also use the account deletion page at https://ochabox.ca/delete.

11. Children’s Privacy

OchaBox is not intended for children under the age of 13. We do not knowingly collect personal information from children.

12. Changes to This Policy

This Privacy Policy may be updated from time to time. The most current version will always be available on this page with the effective date updated accordingly.

13. Contact Information

For privacy-related questions or concerns, contact:

OchaBox
Email: contact@ochabox.ca