Sipor Privacy Policy
Last Updated: March 30, 2026
This Privacy Policy governs the collection, use, storage, sharing, and protection of your personal data when you use the Sipor mobile application (the "App")—a conversational AI hand drip coffee teaching tool developed and operated by Shaoshan Xueqian Trading Co., Ltd. (referred to as "we," "us," or "our"). This App is intended solely for individuals aged 18 and older. By accessing, installing, or using the App, you confirm that you are at least 18 years old and fully consent to the data practices described in this Privacy Policy.
We adhere to global data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) applicable in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Florida Privacy Act (FADP), and Liechtenstein General Data Protection Act (LGPD). This policy clearly outlines your rights under these regulations and explains how we handle your personal information in a transparent, lawful, and secure manner.
1. Data Controller and Data Protection Officer (DPO)
Data Controller: Shaoshan Xueqian Trading Co., Ltd.
Address: 1st Floor, Building 14, Baoma Resettlement Area, Qingxi Town, Shaoshan, Hunan Province
Contact Email: ellygradymccickens@gmail.com
Data Protection Officer (DPO): Our designated DPO oversees compliance with data protection laws and addresses all user inquiries related to personal data. You may contact the DPO directly via the email address above for any privacy-related questions, requests, or complaints.
2. Information We Collect
The App does not require user registration, login, or account creation. You can access and use the App’s core features simply by agreeing to this Privacy Policy and our User Terms. We collect only the minimum personal data necessary to provide and improve the App’s services, as detailed below.
2.1 Device and Technical Information
When you use the App, we automatically collect both identifiable and non-identifiable technical data, including:
• Device type, operating system version, and unique device identifiers (including advertising identifiers)
• App installation source, version, and usage statistics
• Network status and basic diagnostic data to ensure service stability
• App information and external storage access logs to support functional operation
2.2 Information Collected via Device Permissions
We only request access to certain device permissions when necessary to provide specific App features. You may grant or deny these permissions at any time through your device settings; denying permissions may limit certain functionality but will not impact your ability to use the App’s basic features.
Camera Permission
We access your device’s camera exclusively when you voluntarily use the feedback feature to capture photos of your coffee brewing equipment, beans, or finished brew, and submit those photos as attachments to support requests. We never take photos or record video in the background without your explicit consent and active participation.
Photo Library / Storage Permission
We access your device’s photo library and external storage only when you voluntarily select existing images from your gallery to attach to feedback submissions. This permission is used solely to retrieve and upload the images you choose for support purposes.
Microphone Permission
We access your device’s microphone exclusively during AI voice conversation sessions, to capture your voice input for real-time voice interaction and brewing guidance. Audio data is processed temporarily to deliver voice responses and is not stored long-term unless you explicitly authorize permanent storage.
Advertising Identifier Permission
We collect advertising identifiers to support personalized service improvements and compliant advertising delivery (if applicable). You may reset or opt out of personalized advertising at any time through your device settings.
2.3 User-Provided Feedback Information
When you submit feedback, support requests, or brewing-related content via the App, we collect the text, images, audio recordings, and other data you voluntarily provide. This information is used solely to respond to your inquiries, resolve issues, and enhance our coffee brewing guidance services.
3. Purposes of Data Collection and Use
We collect and use your personal data only for lawful, specific, and legitimate purposes, including:
• Provide Core Services: Deliver personalized AI hand drip coffee guidance, including recommendations for grind size, water temperature, powder-water ratio, pouring rhythm, and extraction time based on your input.
• Process Feedback and Support Requests: Review and respond to your submissions, resolve technical issues, and address taste or brewing-related questions.
• Improve App Performance and Features: Analyze usage patterns to optimize AI algorithms, enhance service stability, and develop new brewing guidance tools.
• Ensure Security and Prevent Fraud: Protect the App from unauthorized access, misuse, and technical vulnerabilities, and maintain the integrity of our services.
• Compliance with Legal Obligations: Comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Personalized User Experience (Optional): Tailor brewing suggestions to your taste preferences, equipment, and bean types, with full user control over personalization settings.
4. Legal Bases for Data Processing (GDPR & Similar Regulations)
For users located in the EEA, Liechtenstein, and other regions governed by GDPR-aligned laws, our legal bases for processing personal data are as follows:
• Consent: You have voluntarily granted explicit consent for specific data processing activities (e.g., voice recording, image uploads).
• Contractual Necessity: Processing is necessary to provide the services you request through the App.
• Legitimate Interests: Processing is necessary for our legitimate business interests—including service improvement, security, and customer support—without overriding your fundamental rights and freedoms.
• Legal Compliance: Processing is necessary to comply with our legal and regulatory obligations.
You may withdraw your consent at any time through your device settings or by contacting us via the designated email. Withdrawal of consent will not affect the lawfulness of data processing that occurred before the withdrawal.
5. Data Sharing, Transfer, and Disclosure
We do not sell, rent, or lease your personal data to third parties for commercial purposes without your explicit written consent. We may share your data only in the following circumstances:
• Authorized Service Providers: Third-party vendors who assist us in operating the App, providing cloud storage, technical support, data analysis, and customer service—all of whom are bound by strict confidentiality obligations.
• Legal Requirements: When required by law, subpoena, court order, or governmental regulation, or to protect our legal rights, property, safety, and the safety of users and the public.
• Business Transfers: In connection with a merger, acquisition, or asset sale, with prior notice to users regarding changes to data handling practices.
Any cross-border data transfer will comply with applicable data protection laws, and we will implement appropriate safeguards to ensure your data remains secure.
6. User Rights Regarding Personal Data
You retain full rights over your personal data, as outlined below, in compliance with global privacy regulations (GDPR, CCPA, CPRA, VCDPA, LGPD, FADP, etc.). You may exercise these rights by submitting a written request to our DPO via the contact email listed above.
6.1 Right to Access and Rectification
You have the right to request access to the personal data we hold about you and to request correction of any inaccurate, incomplete, or outdated personal data free of charge.
6.2 Right to Erasure (Right to be Forgotten)
You may request the permanent deletion of your personal data, subject to legal or legitimate business retention requirements. We will respond to valid deletion requests promptly and securely erase your data from our systems.
6.3 Right to Restriction of Processing
You may request that we restrict processing of your personal data under specific conditions, such as if you contest the accuracy of the data or object to our processing activities.
6.4 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to request the transfer of such data to another data controller where technically feasible.
6.5 Right to Object to Processing
You may object to the processing of your personal data based on our legitimate interests or for direct marketing purposes at any time.
6.6 Right to Opt Out of "Sale" of Personal Data
We do NOT sell your personal data to third parties for monetary or other valuable consideration. You have the absolute right to opt out of any unauthorized sale of your personal data. To confirm your opt-out preference or submit a formal opt-out request, please contact us via the designated email.
6.7 Right to Opt Out of Data Sharing
You may request to withdraw from data sharing with third-party service providers by sending a written request to ellygradymccickens@gmail.com. We will review and implement valid requests promptly, in accordance with applicable laws.
6.8 Right to Lodge a Complaint
If you believe our processing of your personal data violates applicable privacy laws, you have the right to lodge a complaint with a competent data protection authority in your country or region of residence. We encourage you to contact us first to resolve any concerns directly.
7. Data Retention Period
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once data is no longer needed, it will be securely deleted, anonymized, or destroyed to prevent unauthorized access or use.
• Voice and image data from feedback submissions: Retained for 90 days after resolution of the support request, unless extended for legal purposes.
• Technical and usage data: Retained for up to 12 months for service improvement and security analysis.
• Data required by law: Retained for the mandatory statutory retention period.
8. Data Security Measures
We implement industry-standard technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, destruction, or loss. These measures include data encryption, access controls, secure server infrastructure, regular security audits, and staff confidentiality training. While we take reasonable steps to safeguard your data, no electronic storage system or transmission method is 100% secure; we cannot guarantee absolute security.
9. Age Restriction
The App is intended solely for individuals aged 18 and older. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a user under 18, we will immediately delete such data from our systems. If you believe we have collected data from a minor, please contact us promptly.
10. Third-Party Services
The App may contain links to third-party websites, services, or integrations. This Privacy Policy does not apply to third-party platforms, and we are not responsible for the privacy practices, content, or security of third-party services. We encourage you to review the privacy policies of any third-party services you access through the App.
11. Updates to This Privacy Policy
We reserve the right to update or modify this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. Material changes will be posted within the App with a revised effective date. Your continued use of the App after the effective date constitutes acceptance of the updated policy. We recommend reviewing this policy regularly for any changes.
12. Contact Information
If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data handling practices, please contact us at:
Data Controller / DPO Contact Email: ellygradymccickens@gmail.com
Company Address: 1st Floor, Building 14, Baoma Resettlement Area, Qingxi Town, Shaoshan, Hunan Province
We will respond to all valid data privacy requests within the time frame required by applicable law.