Privacy Policy
This Privacy Policy governs the data collection, use, and disclosure practices of Mill City Roasters, LLC, d/b/a RoastPATH (“RoastPATH” or the “Company”) in connection with its RoastPATH software application and the associated website located at https://roastpath.com (collectively, the “Services”). By accessing or using the Services, you (“User” or “you”) consent to the terms of this Privacy Policy, which is hereby incorporated into the Terms of Use.
RoastPATH is a data-logging and information-sharing platform. Users are advised that any information shared within the Services, including, but not limited to, personal information or location data, may be accessible to other users and subject to unintended use or monitoring. Information voluntarily disclosed in public forums, including profile content or identifiers, may become publicly available and is not subject to confidentiality obligations. The Company disclaims any liability for disclosures made by users through such public-facing channels.
Collection and Use of Information & Data
The Company may collect personal identification information, which may include a username, assigned display name, password, and optionally, an email address (collectively, “Personal Information”). A user account is required to access the Services. The Company or its authorized contractors retain Personal Information indefinitely on secured systems. Usernames and email addresses are stored in an unencrypted format; passwords are never stored in plaintext and are instead replaced with securely generated hashed values. Users are prohibited from sharing their passwords, including with employees of the Company, and are advised to use unique credentials. Passwords should be entered only in official RoastPATH-distributed software or web portals. Any other source requesting user credentials is to be considered fraudulent and should be reported immediately to support@roastpath.com.
Certain features of the Services may expose timestamps of user activity, for example, when posting messages in forums or public sharing of roast profiles. Such actions may reveal the time at which the user was active within the application.
RoastPATH may use data collected through the Services, including but not limited to user-generated content, activity logs, and system interactions, for the purpose of developing, training, and refining internal software tools, models, and features intended to enhance the functionality and performance of the Services. All such data will undergo anonymization and normalization to prevent the identification of individual users and to safeguard against the unauthorized duplication, reproduction, or replication of any user’s creative works, including data, notes, or original content. Identifiable personal information and uniquely authored material will not be used in a manner that enables attribution or copying. Data processed for these purposes will be handled in compliance with applicable data protection and intellectual property laws, with technical and procedural safeguards in place to protect user privacy and original contributions.
The Company does not transmit commercial messages via email or SMS to users without prior express consent or unless the user has affirmatively opted into a specific feature or notification program. Notwithstanding the foregoing, if a user provides an email address, RoastPATH may send transactional or service-related communications, including notifications related to the user’s account, software updates, or important business announcements. Such communications shall not exceed one message per week, except in circumstances the Company deems urgent.
When a user accesses the Services, the Company’s servers automatically log technical and usage information including, but not limited to, IP addresses, browser types, device information, page visits, message counts, and time-on-site metrics. The Company, its contractors, and service providers (“Agents”) may deploy cookies for session identification and service personalization. Cookies do not inherently contain personally identifiable information but may be linked with Personal Information voluntarily provided. RoastPATH utilizes Google Analytics to collect aggregated traffic and usage statistics. Third-party advertisers may also deploy tracking mechanisms. The Company disclaims responsibility for data collected by such third parties.
If a user contacts the Company via email, the Company may retain the communication and any submitted contact information for purposes of providing requested services or responding to inquiries. The Company reserves the right to use anonymized, non-identifiable data to generate “Aggregate Information,” which may be used for internal analytics, service improvements, or commercial purposes. Aggregate Information is not deemed Personal Information under this Policy.
Disclosure of Information
The Company may disclose Personal Information or Location Information under the following circumstances, to comply with applicable laws or regulations; to respond to lawful subpoenas or court orders; to protect the rights, property, or safety of the Company, users, or third parties; or to cooperate with authorized law enforcement investigations. Where feasible and lawful, the Company will make reasonable efforts to notify the affected user prior to the disclosure of information in response to legal process. In the event of a merger, acquisition, or asset sale involving the Company, Personal Information and Location Information may be transferred as part of the transaction.
User Consent and Sharing Practices
By using the Services, users consent to the collection of information related to roasting activity, green coffee inventory, coffee profiles, and application usage, including interactions such as chats and messages. Users further acknowledge that carrier fees for data and messaging may apply. Personal and Location Information may be shared with Company Agents solely for the purpose of fulfilling contractual duties. All such agents are contractually bound to adhere to the terms of this Privacy Policy and to comply with the U.S. Department of Commerce’s Safe Harbor Principles.
Username Selection and Anonymity
Users seeking to maintain anonymity are advised to select usernames that are unrelated to any prior online identities, handles, or social media profiles. Users should refrain from sharing RoastPATH activity or screenshots via external platforms. The use of real names or personally identifying terms within usernames is discouraged if anonymity is desired.
Data Management and Removal Requests
Users may update or remove their email address or account details at any time via the RoastPATH web portal located at https://portal.roastpath.com. Email addresses are not linked to in-app activity or visible to other users. Messages within the Services are retained and visible for up to sixty (60) days, after which point they may no longer be accessible to other users. However, message records are retained indefinitely in the Company’s systems to comply with potential legal obligations.
To fully remove identifying information from the system, users must take the following actions via the web portal — delete associated roasters, roast logs, green coffee entries, and any entered address information; change the username to a non-identifiable alternative (e.g., “DeletedYYYYMMDDHHMM”); and uninstall the application. Username changes may also be requested via email to support@roastpath.com, but such requests must be made prior to the removal of the associated email address to enable verification. It is understood that certain records — including those linked to roasteries owned by other users — may remain in the system.
California‑Specific Disclosures — California Consumer Privacy Act as amended by the California Privacy Rights Act
If you reside in California, the California Consumer Privacy Act, Cal. Civ. Code §1798.100 et seq., as amended by the California Privacy Rights Act (together, the “CCPA”), affords you additional rights. During the twelve‑month period preceding the Effective Date, RoastPATH collected the categories of personal information described in the section entitled “Collection and Use of Information”, identifiers such as username and email address, internet or device information such as IP address and browser characteristics, commercial information in the form of roast records and greens inventory, and geolocation data derived from device settings. RoastPATH does not knowingly “sell” or “share” personal information as those terms are defined in the CCPA, and we have no actual knowledge that we sell or share the personal information of consumers under sixteen years of age.
California residents have the right to submit verifiable requests to know the personal information we have collected about them, to obtain a copy of that information, to correct inaccuracies, to request deletion, to direct us to limit the use of sensitive personal information, and to opt out of any future sale or sharing for cross‑context behavioral advertising. We will not discriminate against you for exercising any CCPA right. To exercise these rights you may submit a request by emailing support@roastpath.com or by mailing the Legal Department at the address provided below, please include sufficient information for us to verify your identity, such as your username and the email address associated with your account. If you appoint an authorized agent, we will require written proof of the agent’s authority. RoastPATH honors browser‑based opt‑out preference signals in a frictionless manner when such signals are transmitted in accordance with the CCPA regulations.
European Economic Area, United Kingdom, and Swiss Residents, General Data Protection Regulation Compliance
For users located in the European Economic Area, the United Kingdom, or Switzerland, RoastPATH is the data controller with respect to your personal data, our contact details appear in the “Enforcement and Dispute Resolution” section. The lawful bases on which we process personal data are as follows: we rely on the performance of a contract when we create and maintain your account; on legitimate interests when we secure the Services, analyze usage, and improve functionality; on your consent when we send optional marketing communications or process any category of sensitive personal data; and on compliance with legal obligations when we respond to lawful requests from public authorities.
Personal data that we collect is stored on servers located in the United States. Transfers out of the EEA, the United Kingdom, or Switzerland are effected pursuant to the European Commission’s Standard Contractual Clauses or the UK Addendum, as applicable, copies of these safeguards may be obtained by contacting support@roastpath.com. We retain personal data for as long as is necessary to fulfill the purposes for which it was collected, after account closure we archive data only for as long as applicable law or our legitimate interests (such as the establishment, exercise, or defense of legal claims) require.
Data subjects in the EEA, the United Kingdom, and Switzerland have the right to request access to their personal data, to obtain rectification or erasure, to restrict or object to processing, to receive a copy of their data in portable form, and, where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. You also have the right to lodge a complaint with your local supervisory authority, for example, the Irish Data Protection Commission if you are located in Ireland. To exercise any of these rights contact support@roastpath.com, we will respond within one month, subject to extensions permitted by Article 12 of the GDPR for complex requests.
Updates to Regional Disclosures
These jurisdiction‑specific provisions supplement, and, where they conflict, supersede, the general terms of this Privacy Policy. RoastPATH may amend the California or GDPR disclosures as required by future regulatory guidance or legislative change, your continued use of the Services after any amendment constitutes acceptance of the revised regional terms.
Data Security
The Company implements physical, administrative, and technical safeguards designed to protect against unauthorized access, loss, misuse, or alteration of Personal Information and Location Information. Access to such data is restricted to authorized personnel and contractors. The Company mandates the use of authentication credentials for all access. Notwithstanding these safeguards, no security system is infallible. Users acknowledge that the transmission of information via the internet involves inherent risks, and the Company does not guarantee absolute data security. In the event of unauthorized access or disclosure, the Company will use reasonable efforts to notify affected users in a timely manner.
Children’s Privacy
The Services are not intended for individuals under the age of thirteen (13). The Company does not knowingly collect Personal Information from individuals under 13. If such data is inadvertently collected, the Company will take steps to delete the information upon verification. Parents or guardians who discover that a child has created an account in violation of this Policy should notify the Company at support@roastpath.com and must be able to authenticate ownership of the email address associated with the account.
Harassment and Abuse Reporting
The Company maintains a zero-tolerance policy for harassment, stalking, and cyberbullying. Users experiencing such conduct should immediately block and mute the offending party, contact local law enforcement, and provide notice to the Company at support@roastpath.com, including details regarding the investigating agency. The Company will cooperate with law enforcement to the extent permitted by applicable law.
Third-Party Policies
This Privacy Policy applies solely to the Company’s Services. The Company disclaims any responsibility for the privacy practices of third parties, including external websites linked from roastpath.com.
International Use
The Services are hosted in the United States. By accessing the Services, users residing outside the United States acknowledge and consent to the transfer and processing of their personal data in accordance with U.S. laws, which may not offer equivalent data protection standards.
Enforcement and Dispute Resolution
Users who believe their rights under this Privacy Policy have been violated may contact the Company at support@roastpath.com or by mail at:
Mill City Roasters
Attn: Legal Department
401 Harding Street NE
Minneapolis, MN 55413
USA
The Company will review and respond to complaints in a commercially reasonable timeframe.
Policy Updates
The Company reserves the right to amend, modify, or update this Privacy Policy at any time, without prior notice. Material changes will be communicated via the RoastPATH blog at http://roastpath.com and may be announced via social media or the Services. Amendments take effect upon publication. Continued use of the Services following any amendment constitutes acceptance of the revised terms.
Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, the Company reserves the right to transfer all collected data, including Personal Information and Location Information, to the successor entity. Users will be notified through the Services in the event of a material change in data ownership or control.
Effective Date and Modifications
Last Modified: July 1, 2025