Privacy Policy

Last updated: 16 March 2026

1. Who we are

Go.Sip ("Go.Sip", "we", "us", or "our") is a curated monthly coffee-roulette platform that pairs female entrepreneurs for 30-minute conversations. We are the data controller for the personal data described in this policy.

You can reach us at hello@gosip.app. We do not currently have a statutory obligation to appoint a Data Protection Officer, but you may direct all privacy queries to the address above.

2. Data we collect

Account & profile data

Name, email address, city, postcode, business name, industry, and any answers you provide to optional profile questions (e.g. current struggles, goals). This is collected when you register or update your profile.

Billing data

Subscription status, plan type, and the reference IDs issued by Stripe (our payment processor). We never store raw card numbers — all payment card data is held exclusively by Stripe. See Stripe's Privacy Policy for details of how they handle payment data.

Matching & usage data

Your match history (who you have been paired with and when), snooze/pause preferences, and match-feedback responses. This data powers the Circle Method algorithm that prevents you from being matched with the same person twice.

Technical & log data

IP address, browser type, device type, pages visited, and timestamps. Collected automatically when you use the platform. Analytics cookies are only set with your consent (see Section 8).

Communications

Emails you send to us and any feedback you submit through the platform. We retain these to resolve disputes and improve the service.

3. Lawful basis for processing

We rely on the following lawful bases under UK GDPR Article 6:

  • Contract (Art. 6(1)(b)): Processing your account, profile, matching, and billing data is necessary to deliver the Go.Sip subscription service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): We process technical/log data to keep the platform secure, detect fraud, and improve the service. Our legitimate interests are balanced against your rights — this processing is minimal and you would reasonably expect it.
  • Legal obligation (Art. 6(1)(c)): We retain certain billing records to comply with tax and accounting obligations.
  • Consent (Art. 6(1)(a)): Optional analytics cookies and any direct marketing communications are only sent with your explicit consent. You can withdraw consent at any time.

4. How we use your data

  • To create and manage your account and subscription.
  • To run the monthly matching algorithm and send you email introductions with your match's name, business context, and conversation starters.
  • To process payments and manage subscription renewals via Stripe.
  • To honour snooze and pause requests and track your matching history.
  • To send transactional emails (e.g. match notifications, payment receipts, account changes). These are not marketing emails and cannot be opted out of while your account is active.
  • To send optional marketing communications (e.g. community updates, product news) — only with your consent, which you can withdraw at any time.
  • To monitor and improve platform performance, security, and reliability.
  • To comply with legal and regulatory obligations.

We do not sell, rent, or trade your personal data to any third party.

5. Third-party processors

We share your data only with the following sub-processors, each bound by a Data Processing Agreement:

Supabase

Our database, authentication, and storage provider. Your account, profile, and matching data is stored in Supabase's EU-hosted infrastructure (Frankfurt, Germany), protected by Row Level Security. See the Supabase Privacy Policy.

Stripe

Our payment processor. Stripe handles all card transactions and stores payment card data on our behalf. Stripe is PCI DSS Level 1 certified. See the Stripe Privacy Policy.

Vercel

Our hosting and deployment platform. Vercel processes request logs and may temporarily cache edge responses. See the Vercel Privacy Policy.

Upstash Redis

Used for idempotency keys to prevent duplicate webhook processing. Upstash stores minimal transient data (Stripe event IDs) for up to 24 hours. See the Upstash Privacy Policy.

We may also disclose your data where required by law, court order, or to protect the rights and safety of Go.Sip, our members, or others.

6. International data transfers

Your core account and matching data is stored in the EU (Supabase Frankfurt). Some sub-processors (Stripe, Vercel) operate globally and may transfer data to the United States. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO, or the UK International Data Transfer Agreement (IDTA) where applicable.

7. Data retention

  • Active account data: Retained for the duration of your subscription.
  • Post-cancellation account data: Retained for 90 days after cancellation to allow reactivation, then deleted or anonymised.
  • Billing records: Retained for 7 years to comply with UK tax and accounting regulations.
  • Matching history: Retained for the lifetime of the account and anonymised upon deletion.
  • Log data: Retained for up to 90 days.
  • Support emails: Retained for 2 years.

8. Cookies

We use the following categories of cookies:

Strictly necessary

Session and authentication tokens required for the platform to function. These cannot be disabled without breaking core functionality.

Analytics (consent required)

Used to understand how members use Go.Sip so we can improve the service. Only set after you accept analytics cookies in the cookie banner.

Marketing (consent required)

May be used to measure the effectiveness of marketing campaigns. Only set with your explicit consent.

You can review and update your cookie preferences at any time via the cookie settings link in the footer.

9. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): Request deletion of your data where there is no overriding legal basis to retain it.
  • Restriction: Ask us to restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email hello@gosip.app with the subject line "Data Subject Request". We will respond within 30 days. We may ask you to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by calling 0303 123 1113.

10. Security

We take reasonable technical and organisational measures to protect your personal data, including:

  • Row Level Security (RLS) enforced at the database layer via Supabase.
  • Encryption in transit (TLS) for all data exchanges.
  • Encryption at rest for all database storage.
  • Access to production systems restricted to authorised personnel only.
  • Payment data handled exclusively by Stripe (PCI DSS Level 1) — we never receive or store raw card numbers.

No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at hello@gosip.app.

11. Children's privacy

Go.Sip is intended for adults (18+) running a business. We do not knowingly collect personal data from anyone under 18. If you believe a minor has registered, please contact us and we will delete the account promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent notice on the platform at least 14 days before the change takes effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

13. Contact us

For any privacy-related queries or to exercise your data rights, contact us at:

Go.Sip
hello@gosip.app
← Back to Go.Sip
Privacy Policy — Go.Sip | Go.Sip