Privacy Policy

Access Best Matcha’s privacy policy to learn more about how we use your data. Find more information about your rights and obligations regarding your personal data.
On this compliance page

Our collection, use, disclosure, and processing of personal information about individuals will vary depending upon the circumstances. This privacy notice is intended to describe our overall privacy and data protection practices. In some cases, different or additional notices about our data collection and processing practices may be provided and apply to our processing of certain personal information.

Why we collect your information

We use the information we collect in various ways, including:

  • To provide, operate, and maintain our website.
  • To improve, personalize, and expand our website.
  • To understand and analyse how you use our website.
  • To develop new services, features, and functionality.
  • To communicate with you, either directly or through one of our partners, including for user service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes.
  • To send you emails.
  • Find and prevent fraud.

Our collection of personal information

Generally, we collect your personal information voluntarily. However, if you decline to provide certain personal information that is marked mandatory, you may not be able to access certain services or we may be unable to fully respond to your inquiry.

What Is Personal Data?

Personal data relates to a living individual who can be identified from that data. Identification can be by the data alone or in conjunction with any other data in the data controller’s possession or likely to come into such possession. The processing of your personal data is governed by applicable privacy laws.

Your Data Controller

We are the data controller with respect to processing your data. This means that we decide how your personal data is processed and for what purposes. We know that you care how data about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.

If you’d like to practice your data protection rights, please contact us at:

Your Consent

You may choose to provide us with your e-mail address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you. You can stop receiving e-mails by following the unsubscribe instructions in emails that you receive. If you decide not to receive e-mails, we may still send you service-related communications.

When you sign in with Google, you explicitly consent to our access to your basic Google profile information (name, email, profile picture). You can withdraw this consent at any time by disconnecting your Google account in your account settings or through Google’s account permissions.

If you revoke your consent for the processing of Personal Information, then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity.

Your Choices

You may, of course, decline to submit information through our website, in which case we may not be able to provide related services to you.

How we use your personal information

While the purposes for which we may process personal information will vary depending upon the circumstances, in general, we use personal information for the purposes set forth below.

  1. Providing support and services: including, for example, to provide services you request (and send related information), operate best-matcha.com to communicate with you about your access to and use of our features and services; to respond to your inquiries; to provide troubleshooting, fulfil your requests and provide technical support; and for other user service and support purposes.
  2. Analysing and improving our business: including better understand how users’ access and use best-matcha.com to evaluate and improve our products and business operations, and to improve our products, features, offerings, and services; to conduct surveys, and other evaluations, such as user satisfaction surveys; and for other research and analytical purposes.
  3. Personalizing content and experiences: including to provide or recommend features, content, social connections, and referrals; tailor content we send or display on best-matcha.com to offer customization and personalized help and instructions, and otherwise personalize your experiences.
  4. Advertising, marketing, and promotional purposes: including to reach you with more relevant ads and to evaluate, measure, and improve the effectiveness of our ad campaigns; to send you newsletters, offers, or other information we think may interest you; to contact you about best-matcha.com or information we think may interest you;
  5. Defending our legal rights: including managing and responding to actual and potential legal disputes and claims, and to otherwise establish, defending or protecting our rights or interests, including in the context of anticipated or actual litigation with third parties.
  6. Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.

Google OAuth and Google User Data

Google Sign-In Integration

We use Google Sign-In (OAuth 2.0) to provide secure authentication and account creation. When you choose to sign in with Google, we access and collect the following information from your Google account:

  • Your name (first and last name)
  • Your email address
  • Your Google profile picture (if available)
  • Your unique Google ID

How We Use Google User Data

We use the information obtained from Google OAuth solely for:

  • Creating and managing your Best Matcha account
  • Authenticating your identity when you sign in
  • Communicating with you about your account and orders
  • Providing personalized matcha recommendations
  • Saving your favorite products and preferences

Google Limited Use Compliance

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This means:

  • We only use Google user data to provide and improve the features you directly engage with
  • We do not sell, share, or transfer your Google user data to third parties except as necessary to provide our services
  • We do not use Google user data for advertising or marketing purposes beyond what you’ve explicitly consented to
  • We do not combine Google user data with other datasets for unauthorized purposes

Data Storage and Security for Google User Data

  • Google user data is encrypted both in transit and at rest
  • We store your Google account information on secure servers with restricted access
  • We retain Google user data only as long as your account is active
  • We implement industry-standard security measures to protect against unauthorized access

Your Rights Regarding Google User Data

You have the right to:

  • Revoke Best Matcha’s access to your Google account at any time through your Google Account permissions
  • Request deletion of all data we obtained from Google
  • View what Google data we have stored about you
  • Disconnect your Google account and use email/password authentication instead

Google Data Deletion

To delete data obtained through Google Sign-In:

  • You can disconnect your Google account from Best Matcha in your account settings
  • You can revoke access through Google’s third-party app permissions
  • Upon account deletion, all Google user data is permanently removed from our systems within 30 days
  • For immediate deletion, contact us at [email protected]

Disclosure of personal information

We may disclose the personal information that we collect about you as set forth below or as otherwise described at the time of collection or sharing.

  1. Service providers: We may disclose personal information with third-party service providers who use this information to perform services for us, such as hosting providers, instructors, advisors, consultants, and user service and support providers.
  2. Third Parties: We may employ other companies and individuals to perform functions on our behalf. Examples include sending postal mail and e-mail, removing repetitive information from user lists, analysing data, providing marketing assistance, processing payments, transmitting content, and providing user service. These third-party service providers have access to personal information needed to perform their functions but may not use it for other purposes. Google OAuth Services: We use Google’s authentication services to enable secure sign-in. Google processes authentication but we do not share your personal data with Google beyond what is necessary for authentication. We do not use Google user data for any purposes other than those explicitly stated in this policy.
  3. Business transfers: We may disclose or transfer personal information as part of any actual or contemplated merger, sale, and transfer of our assets, acquisition, financing, or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted before such event where permitted by law.
  4. Legally required: We may disclose personal information if we are required to do so by law (e.g., to law enforcement, courts, or others, e.g., in response to a subpoena or court order).
  5. Protect our rights: We may disclose personal information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, and to protect the rights, property, or safety of us, our clients and users or others.

Log files

Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.

Third-party analytics tools

Our website may use automated devices and applications operated by third parties, such as Google Analytics, which uses cookies and similar technologies to collect and analyse information about the use of the website and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online resources.

Data transfers

As our website is hosted on Hostinger.com, your personal data may be processed and stored on servers located in France. Hostinger.com operates globally, and your data may be transferred to and processed outside France. By using our website, you acknowledge and consent to the transfer of your data.

Hostinger.com ensures that these transfers are conducted in compliance with applicable data protection regulations, including the use of Standard Contractual Clauses (SCCs) or other legal mechanisms designed to safeguard your data.

Do not sell my data

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent, or otherwise share for marketing purposes your Personal Information with third parties without your consent.

Data retention

We will retain your personal information for the period necessary to fulfil the purposes outlined in this privacy notice unless a longer retention period is required or permitted by law. We may retain personal information for longer where required by our legal and regulatory obligations, professional indemnity obligations, or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others. With respect to the data and files we handle as a processor, we retain this personal information in accordance with our clients’ instructions.

GDPR data protection rights

We would like to make sure you are fully aware of all of your data protection rights. Every user from European Union is entitled to the following:

  1. Right to access: If you can prove your identity, you have the right to obtain information about the processing of your data. Thus, you have the right to know the purposes of the processing, the categories of data concerned, the categories of recipients to whom the data are transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your data.
  2. Right to rectification of your personal data: Inaccurate or incomplete personal data may be corrected.
  3. Right to erasure (or “right to be forgotten”): You also have the right to obtain the erasure of your personal data under the following assumptions:
  • Your personal data are no longer necessary for the intended purposes;
  • You withdraw your consent to the processing and there is no other legal ground for processing;
  • You have validly exercised your right of opposition;
  • Your data has been illegally processed;
  • Your data must be deleted to comply with a legal obligation. The deletion of data is mainly related to visibility; it is possible that the deleted data are still temporarily stored.
  1. Right to limitation of processing: In certain cases, you have the right to request the limitation of the processing of your personal data, especially in case of dispute as to the accuracy of the data, if the data are necessary for the context of legal proceedings or the time required to verify that you can validly exercise your right to erasure.
  2. Right to object: You have the right to object at any time to the processing of your personal data for direct marketing purposes. We will stop processing your personal data unless it can demonstrate that there are compelling legitimate reasons for the processing which prevail over your right to object.
  3. Right to data portability: You have the right to obtain any personal data which you have provided us in a structured, commonly used, and machine-readable format. You are then free to transfer this data to a similar service provider.
  4. Right to withdraw your consent: You may withdraw your consent to the processing of your personal data at any time, for example for personalized marketing communication purposes.

Children’s privacy

We do not knowingly collect, maintain, or use Personal Information from our Website about children under the age of 13. We request that persons under the age of 13 not use our website. We will never request Personal Information from a child under the age of 13 without verifiable parental consent. If We become aware that a child under the age of 13 has sent Personal Information to us without prior parental consent, we will remove his or her Personal Information from our files.

How we protect your information

Our security measures do not guarantee that your information will not be accessed, disclosed, altered, or destroyed by a breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.

Third-party websites

The website may contain links to third-party services. We do not own, operate, or control the websites of third-parties, including those of independently owned and operated franchisees. Accordingly, this Policy does not apply to any services maintained or operated by third-parties. When you click on those links, you will go to a third-party website where you will be subject to that service’s privacy policy or similar statement and terms of use, and we encourage you to read that policy statement. We are not responsible for the privacy practices of other services, and we expressly disclaim any liability for their actions, including actions related to the use and disclosure of personal information by those third parties.

Changes to this policy

We may amend this Policy at any time. If we make any material change in how we collect, use, disclose or otherwise process personal information, we will prominently post a notice regarding such change on the Services. Where required to do so by law, we may seek your prior consent to any material changes we make to this Policy.

How to delete my data?

To delete all data associated with your account:

  1. Log into your account on our website
  2. Go to your Account Settings
  3. Click the “Delete My Account” button
  4. Confirm the deletion

This will permanently remove your data from our system within 30 days, including:

  • Any information obtained through Google Sign-In
  • Your profile information and preferences
  • Your order history and saved products
  • Any other personal data we have collected

For Google Sign-In users: You can also revoke our access to your Google account data at any time through your Google Account permissions page.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

About the author

Posted by
Emilie

About this article

Posted on
August 21, 2025
Last modified on

Join Best Matcha today

Discover the finest and most authentic matcha sourced directly from Japan's top producers at best-matcha.com, where quality meets tradition in every sip.
Join now
FREE