Privacy Policy

Last modified

November 18, 2024

This Privacy Policy explains how We, at The Breakfast, collect, use, share, and protect information We have about Our Users and the choices Users have regarding this information. This Privacy Policy forms an integral part of Our Terms of Service and aims to be simple and easy to understand.

Definitions

Website: All content and links on Our Website, accessible at thebreakfast.app.

App: The application available on the Apple App Store or Google Play Store.

Services: The Website and App together, including accessing, browsing, registering, support correspondence, chats, and product and service information.

We, The Breakfast, Our, Us: "The Breakfast Application, LDA," Tax ID PT515165786, registered at Avenida do Atlantico, 16, escritorio 5.07, 1990−019 Lisboa, Portugal.

User, You, Your: Any individual registered within the Services and using them.

Personal Data: Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier.

We encourage You to read this Privacy Policy carefully before using the Services.

Users can access, print, download, and save this Privacy Policy at any time. The Privacy Policy will be permanently accessible on the Website and in the App. Using the Services implies acceptance of all conditions outlined in this Privacy Policy. By using any of the Services, You confirm that You accept this Privacy Policy and agree to comply with it. If You do not agree, You must not use the Services.

The Breakfast legally reserves the right to deny access, at any time and without prior notice, to Users who do not comply strictly with this Privacy Policy.

Data Collection and Minimization

We follow the principle of data minimization, collecting and processing only Personal Data that is:

  • Required to provide You with Our Services

  • Necessary for account security and fraud prevention

  • Essential for legal compliance

  • Specifically authorized by You for optional features

We regularly review Our data collection practices to ensure We maintain only necessary information and delete any excessive data.

What Personal Data We Collect

You are responsible for providing accurate and up-to-date Personal Data. Some fields are mandatory for using the Services; optional fields are marked accordingly.

Data You Provide

  • Account Information: Full name, email address, location, photo (must be of You and meet Our guidelines) and year of birth (non-public)

  • Profile Details: Personal introduction, intentions, favorite breakfast places, occupation, professional areas, personality traits, and languages

  • Social Profiles: Links to Instagram, LinkedIn, X, and other platforms (non-public)

  • Chat Content: Messages stored on Sendbird servers

  • Support Communications: Emails or in-App chats with Our support team

Data Collected Automatically

  • App Usage Data: Login times, IP address, device ID, App version, error reports, usage patterns, operating system information, notification preferences, performance analytics and crash logs

  • Website Usage Data: Browsing patterns, cookies, session duration, and referral sources (via Google Analytics)

How We Use Your Data

Lawful Bases for Processing

We process Your Personal Data based on the following legal grounds:

  • Consent: When You explicitly agree to specific data processing

  • Contract: When necessary to provide You with Our Services

  • Legitimate Interests: When We have a justified business purpose that doesn't override Your privacy rights

  • Legal Obligations: When required by applicable laws

You can withdraw Your consent at any time by:

  • Using in-App settings for specific features

  • Contacting support@thebreakfast.app for general consent withdrawal

  • Following unsubscribe links in marketing communications

Note that withdrawing consent:

  • Does not affect the lawfulness of processing based on consent before withdrawal

  • May impact Our ability to provide certain Services

  • Will be processed within 7 business days

Core Services Delivery

  • Creating a community of real people interested in meaningful conversations

  • Verifying Your identity and profile authenticity

  • Connecting You with other Users via Our BRIOCHE algorithm

  • Providing customer support

  • Processing Your membership

BRIOCHE Algorithm and Automated Decision-Making

Our BRIOCHE algorithm helps create meaningful connections between Users by:

  • Analyzing location and availability

  • Considering stated preferences and interests

  • Processing feedback from previous meetings

Your Rights Regarding Automated Decisions:

  • You can choose to skip any suggested introduction

  • You control whether to proceed with meetings

  • You can contact support for human review of suggestions

  • Algorithm decisions do not affect Your membership status

Communications

Essential Communications (cannot opt-out):

  • Security alerts

  • Technical updates

  • Service changes

  • Administrative notices

Marketing Communications (opt-out available):

  • New features

  • Community updates

  • Promotional content

  • Local events

Security and Improvement

  • Prevent fraud and enhance security

  • Analyze performance and fix errors

  • Improve User experience

  • Monitor compliance with Our Terms

Data Storage and Security

Data Storage and Processing

We store Your Personal Data across these trusted providers:

  • Sendbird: Chat functionality and messages

  • Google Workspace & Mailchimp: Email communications

  • Amazon Web Services (AWS): All other Personal Data

  • RevenueCat: Membership management

  • Mixpanel: App performance analytics

  • New Relic: App monitoring

  • Slack: Internal communication

All providers process data in compliance with GDPR and applicable privacy laws.

Security Measures

We maintain administrative, physical, and technical safeguards to protect Your data. While We implement appropriate security measures, We cannot guarantee absolute security during Internet transmission or storage.

Data Breach Protocol

In the event of a data breach affecting Your Personal Data, We will:

  • Notify You within 72 hours via email or App

  • Explain what happened and data affected

  • Detail Our response measures

  • Provide steps for Your protection

  • Cooperate with authorities as required

Data Retention Periods

  • Active accounts: Duration of activity

  • Deleted accounts: 30 days after deletion

  • Chat messages: Duration of account plus 30 days

  • Support correspondence: 2 years from last interaction

  • Analytics data: 24 months (anonymized)

  • Payment records: 7 years (legal requirement)

International Data Transfers

Your Personal Data may be transferred to, stored, and processed in countries outside the European Union (EU) where We or Our service providers maintain facilities.

Data Transfer Safeguards:

  • For US transfers: EU-US Data Privacy Framework

  • For other transfers: EU-approved countries or equivalent protection measures

By using Our Services, You acknowledge these international transfers under applicable data protection laws.

Data Sharing

We share Personal Data only under these circumstances:

Service Providers:

  • Chat hosting (Sendbird)

  • Data storage (AWS)

  • Email communications (Google Workspace/Mailchimp)

  • Analytics and monitoring (Mixpanel/New Relic)

Legal Requirements:

  • Comply with legal obligations

  • Respond to lawful requests

  • Cooperate with law enforcement

Protection of Services:

  • Enforce Our Terms

  • Prevent fraud

  • Address technical issues

  • Protect Users

Cookies and Tracking

The Breakfast uses cookies and similar technologies to enhance Your experience and analyze usage patterns. These are small files stored on Your device that help Us provide functionality, improve performance, and personalize content.

Types of Cookies:

  • Essential: Required for basic functionality

  • Performance: Help analyze how You use Our Services

  • Functional: Remember Your preferences

  • Marketing: Personalize content and measure campaigns

You can manage cookie preferences through Your browser settings, though disabling certain cookies may limit functionality.

Your Rights and Controls

Profile Visibility and Control

  • Your first name, photo, and basic profile information are visible to Users

  • Information marked non-public stays private

  • You control optional information sharing

  • You can edit Your profile anytime

App Permissions?

We request access to:

  • Location services

  • Photo library

  • Push notifications

Manage these through Your device settings. Some features may be limited if permissions are denied.

Marketing Preferences

Control marketing communications:

  • In App: Settings > Notifications

  • Email: Unsubscribe link in messages

Changes processed within 7 business days

Your Data Rights

Right to Access:

  • Request Your data copy

  • View profile information

  • Access usage history

Processed within one month

Right to Be Forgotten:

  • Request data deletion

  • Terminate account

  • Remove personal information

We retain only anonymized data

Right to Data Portability:

  • Receive Your data in usable format

  • Transfer to another service

  • Access Your contribution history

Age Restrictions

  • Services limited to ages 18+

  • Age verification may be required

  • Underage accounts terminated immediately

  • No intentional data collection from minors

Legal Information

Warranties and Disclaimers

  • You are responsible for provided information

  • We do not verify User-provided content

  • Exercise caution when sharing details

  • We are not liable for User interactions

  • We may remove inappropriate content

  • No warranty for uninterrupted service

  • No guarantee against security breaches

Changes to Privacy Policy

As laws and standards evolve, and as Our Services develop, We may, at Our sole discretion, revise this Privacy Policy and periodically update this document with the changes. We encourage You to review Our Privacy Policy regularly to stay informed.

If We make changes that materially alter Your privacy rights, We will provide additional notice via email or through the Services. If You disagree with the changes to this Privacy Policy, You should stop using the Services, deactivate Your account, and let Us know. It is Your responsibility to review and comply with the latest version of the Privacy Policy whenever You use the Services.

Governing Law

  • Portuguese law governs this Policy

  • Disputes settled by arbitration in Lisbon

  • Arbitration conducted in English

  • Applies to all Users worldwide

Contact Information

Privacy Questions and Requests:

To Lodge a Complaint

Comissão Nacional de Proteção de Dados (CNPD):

  • Address: Av. D. Carlos I, 134 — 1.º, 1200−651 Lisboa, Portugal

  • Phone: (+351) 21 392 84 00

  • Website: www.cnpd.pt