Privacy Policy

NextCoffee.ai helps students and early-career professionals prepare personalized networking, coffee chat, and follow-up emails. The product can use resume context, selected contacts, draft preferences, Gmail sending, and reply tracking to support the user's own outreach workflow.

Waitlist information such as name, email, school or firm, class year, source, and basic device or referral context.

Product workflow information such as resume text or extracted profile context, selected contacts, generated draft content, scheduled send times, outreach status, and follow-up state.

Site analytics such as page views, anonymous visitor IDs, session duration, scroll depth, device type, browser, referrer, and approximate geography from hosting headers.

Google account information only after the user explicitly connects Gmail through Google's OAuth consent flow.

When a user connects Gmail, NextCoffee.ai uses Google user data to show the connected Gmail account, send user-approved outreach emails, record sent message and thread identifiers, sync reply status from Gmail threads, and suggest or schedule follow-ups.

NextCoffee.ai does not sell Google user data, use Google user data for advertising, use Google user data to determine creditworthiness, or use Google user data to train generalized artificial intelligence or machine learning models.

Human access to Google user data is limited to what is necessary to operate, secure, debug, or support the user-facing product, or when the user gives explicit permission.

Resume and profile information is used to help generate more relevant outreach drafts and maintain the user's profile context inside the product.

Waitlist and analytics data is used to operate the beta, understand product demand, improve onboarding, and identify which user segments are interested in NextCoffee.ai.

Generated drafts, schedule records, and follow-up records are used to provide the product experience shown to the user.

Production secrets are stored in deployment environment variables and are not exposed to the browser.

Private beta contacts, connected Gmail refresh tokens, schedule records, and analytics records are stored server-side and are not published as public assets.

Browser-facing beta APIs intentionally mask raw contact emails and use admin gating, no-store headers, rate limits, and noindex rules.

We do not sell personal information or Google user data.

We may use infrastructure providers, such as hosting, storage, analytics, and AI service providers, only to operate and improve the product. These providers process data on our behalf and not for their own advertising or resale.

We may disclose information if required by law, to protect the service, or to prevent abuse.

We retain waitlist, analytics, resume/profile, outreach, and Gmail connection records only as long as needed to operate the beta, improve the product, comply with obligations, or resolve abuse and security issues.

A user can request deletion of their waitlist record, profile context, outreach records, or connected Gmail token by contacting us.

Users can revoke Gmail access at any time from their Google Account permissions page. Revoking access prevents future Gmail sends and reply sync from that account.

For privacy questions, access requests, deletion requests, or Google data questions, contact officialtrungnguyen@gmail.com.