Privacy Policy

This Privacy Policy explains how personal data is collected, used, and protected when you use the Cofira loyalty mobile application (the "App").

Joint Data Controllers: Cofira, Unit 3a, Bridge Court, 51/55 Bulwark Road, Bulwark, Chepstow, NP16 5JW; and Made Responsively Ltd.

Cofira and Made Responsively Ltd jointly determine the purposes and means of processing personal data in relation to the Cofira loyalty mobile application.

• Cofira is responsible for operating the loyalty scheme, in-store use, staff access, and reward fulfilment.
• Made Responsively Ltd is responsible for the design, development, hosting, and technical operation of the App and its data systems, including the infrastructure.

Made Responsively Ltd is registered with the UK Information Commissioner's Office (ICO).

• The App is intended for use within the United Kingdom only.
• The loyalty scheme operates at a single Cofira café location.

We aim to collect the minimum data required to operate the loyalty scheme.

Personal Data: Email address (where provided via Google or Apple sign-in), phone number (where provided via phone number sign-in), a unique loyalty identifier linked to your account.

Loyalty Data: Stamps collected; rewards earned and redeemed; timestamps related to loyalty activity.

Usage and Technical Data: Anonymous usage data to understand how the App is used, collected using Google Analytics; crash and error diagnostics to maintain reliability and performance, collected using Sentry; push notification delivery and engagement data, delivered using OneSignal.

We do not collect payment details or precise location data.

Your data is used to:

• Operate and administer the Cofira loyalty scheme
• Issue and redeem digital loyalty stamps and rewards
• Provide customer support
• Monitor app performance and stability
• Understand how the App is used through aggregated analytics

Under UK GDPR, personal data is processed based on: contractual necessity (to provide the loyalty service you request); legitimate interests (to operate, improve, and secure the App and loyalty scheme); consent (where required for push notifications or analytics).

As Joint Data Controllers, Cofira and Made Responsively Ltd have agreed their respective responsibilities for compliance with data protection law.

• Loyalty and account data is stored securely using Google Firebase and Google Firestore, hosted on industry-standard cloud infrastructure located in the United Kingdom.
• Secure authentication methods are used to protect access to accounts.
• Appropriate technical and organisational measures are applied to safeguard personal data against unauthorised access, loss, or misuse.

• Your data is never sold to third parties.
• Data is accessible only by authorised Cofira staff and Made Responsively Ltd for operational, support, and technical purposes.
• Data is shared with trusted third-party service providers where necessary to operate the App, including Google Firebase and Firestore (data storage and authentication), Google Analytics (usage analytics), Sentry (crash reporting), and OneSignal (push notifications).

All service providers are required to process data in line with applicable data protection laws.

• Users can delete their account directly within the App.
• Personal data and identifiable loyalty data are deleted immediately upon account deletion or on request.
• Requests can also be made by contacting hello@maderesponsively.com.
• We may retain anonymous and aggregated loyalty statistics that cannot be linked back to an individual.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing activities
• Lodge a complaint with the Information Commissioner's Office (ICO)

The App is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13.

• The App may send operational or promotional push notifications related to loyalty rewards and offers.
• You can disable push notifications at any time through your device settings.

We may update this Privacy Policy from time to time. Any changes will be reflected in the App, and continued use of the App indicates acceptance of the updated policy.

For privacy or data protection queries, you may contact either Joint Data Controller: Cofira, Unit 3a, Bridge Court, 51/55 Bulwark Road, Bulwark, Chepstow, NP16 5JW; or Made Responsively Ltd, Email: hello@maderesponsively.com.

Requests may be handled directly or forwarded to the appropriate party as required.

If you do not agree with this Privacy Policy, please discontinue use of the App.