tea.gratis · sampling channel Encyclopedia · School · Atlas · Pu-erh · Equipment EN · RU · · · FR · ES · AR
tea.gratis Sample list (0)

home · policy

Policy

Privacy

How tea.gratis handles the small amount of data we need to send you a 5g sample — what we collect, why, how long we keep it, and how to make us forget you.

Last updated · 2026-05-04

What this policy covers

This privacy policy explains how tea.gratis — operated by Teamotea as part of the THETEA constellation — collects, uses, stores, and shares personal information. It applies to the tea.gratis website, the sample-ordering flow, our quarterly sample-box dispatches, the pick-3 discovery picker, and farm-drop campaigns. It does not cover sibling sites in the constellation (such as shop.thetea.app or shop.puerh.app), which each publish their own policies aligned to the same global standard. If you click through to one of those sites — for example, after a sample to buy a full pouch — their policy governs that visit. We have tried to write this document in plain English. Where a term has a specific legal meaning under the GDPR (EU and UK), the California Consumer Privacy Act (CCPA/CPRA), or the Russian Federal Law 152-FZ, we have flagged it inline. Nothing here overrides rights you hold under applicable law: where a local rule grants you more than what is written below, the local rule wins. We update this page whenever our practice changes materially. The date at the foot of the page is the version you are reading. Older versions are available on request through the contact channel listed at the end.

Who is the data controller

The data controller for tea.gratis is Teamotea, the parent company behind the THETEA constellation. Teamotea is jointly directed by Evgeniy Smoley (Chief Executive Officer and Co-Founder, based between Saint Petersburg and Berlin), Dmitry Sologubov (Co-Founder and Managing Partner, Saint Petersburg), and Victor Kornev (Co-Founder and Strategic Advisor, Saint Petersburg). When you place a sample order, two parties touch your data: Teamotea as controller, and our fulfilment and shipping partners as processors acting on our written instructions. For payment of the shipping fee, the payment processor (Stripe or a regional equivalent) is an independent controller of the card data — we never see your full card number. For farm-drop charity campaigns, the receiving farm is named on the campaign page; donation totals are shared with the farm in aggregate, never tied to your identity unless you have explicitly opted in to receive a thank-you message. If you have a question that the contact channel at the end of this page does not resolve, you can escalate to Evgeniy Smoley directly through the parent company at teamotea.com.

What data we collect

We try to collect the minimum needed to deliver a sample and improve the next one. Three categories. First, what you give us during checkout: name, shipping address, email address, optional phone (for couriers that require one), and your sample selection. Second, what the shipping fee processor handles: card type, last four digits, billing country, and a processor token — never the full card number, never the CVV, never stored on our servers. Third, what your browser tells us automatically: IP address (truncated after 30 days), user agent, referring page, and behavioural events from our first-party analytics — which sample boxes you viewed, whether you completed the pick-3 picker, which farm-drop pages you read. We do not collect biometric data, do not buy mailing lists, and do not use device fingerprinting libraries. We do not ask for date of birth unless a charity drop is legally restricted by region (rare). If you contact support, the message body and any attachments are also stored for as long as the thread is open plus 18 months.

Under the GDPR we rely on four legal bases, in this order of frequency. Contract performance — to ship the sample you ordered, charge shipping, and email tracking. This covers almost everything in a sample order. Legitimate interest — to detect fraud (one box per household per quarter, enforced by address hash and email), to debug the site, and to measure which sample boxes resonate so we can plan the next quarter. We balance this interest against your reasonable expectations and you can object at any time. Consent — for marketing emails beyond the order itself (the quarterly sample-drop announcement, farm-drop alerts), and for non-essential analytics cookies. Consent is granular, opt-in, and revocable from any email footer or in the cookie banner. Legal obligation — to keep transaction records for tax purposes (typically seven years depending on jurisdiction) and to respond to lawful requests from authorities. Under the CCPA/CPRA we treat the same activities as either business purposes (necessary) or notice-at-collection purposes (disclosed here). We do not sell personal information in the CCPA sense and we do not share it for cross-context behavioural advertising.

Who we share data with

We share data only with parties who help us deliver the service, and only the minimum each needs. Fulfilment partners pick, pack, and label your sample box — they receive your name, shipping address, contact email, and the sample SKUs. Shipping carriers (Deutsche Post, Russian Post, regional couriers depending on origin warehouse) receive name, address, and parcel weight. Payment processors handle the shipping charge as described above. Email delivery (a transactional ESP) sees your address and message content. First-party analytics is self-hosted on infrastructure controlled by Teamotea — no third-party analytics platform receives your behaviour. We do not share data with advertising networks, data brokers, or social media pixels. For farm-drop charity campaigns, we share with the named farm only aggregate numbers (total contributors, total raised), unless you tick the optional box to receive a personalised thank-you, in which case your first name and country are shared. International transfers, where required, are covered by Standard Contractual Clauses (SCCs) plus a transfer impact assessment, both reviewable on request.

Cookies and similar technologies

We use a small, declared set of cookies and local-storage entries. Essential cookies — session identifier, cart contents, fraud-prevention nonce, language preference. These are set without consent because the site does not function without them. Preference cookies — your dark-mode choice, your cookie banner answer. Analytics — a first-party identifier used by our self-hosted analytics, set only after you accept in the banner; rejecting still lets the site work, you just become anonymous to our planning team. We do not set advertising cookies. We do not load third-party social embeds that drop cookies (when we link to community.tea.community or tea.school, those are plain hyperlinks, not embedded widgets). Local storage holds the pick-3 picker state so you don’t lose your selection if you refresh. You can clear it from your browser at any time. The cookie banner is reachable again any time from the footer link “cookie settings” — your previous answer is shown and can be changed.

How long we keep your data

Retention is purpose-bound. Order records (name, address, sample list, shipping receipt) are kept for seven years for tax and accounting compliance — this is a statutory minimum we cannot shorten without violating local law. Email subscribers are kept until they unsubscribe; if you do nothing for 24 months we re-confirm or remove you automatically. Support tickets are kept 18 months after closure. Analytics events tied to a session are aggregated and de-identified after 90 days; the raw IP address is truncated to a network block after 30 days. Cart contents abandoned at checkout are deleted after 30 days. Farm-drop contributor lists are kept for the duration of the campaign plus one year, so we can publish an honest impact report. After the retention period, data is either deleted or irreversibly anonymised — for accounting records, we move them to a cold archive with restricted access for the remaining statutory period, then destroy.

Your rights

Depending on where you live, you have some or all of the following rights, and we honour them globally regardless of legal minimum. Right of access — ask what we hold about you, and we will send a copy within 30 days. Right to rectification — fix anything wrong. Right to erasure — delete what we hold, subject to the seven-year accounting carve-out described above (we will tell you exactly which records survive and why). Right to restriction — pause processing while a dispute is resolved. Right to portability — receive your order history in a structured machine-readable file. Right to object — to legitimate-interest processing, including analytics. Right to withdraw consent — at any time, with no penalty and no effect on the lawfulness of past processing. Right to non-discrimination (CCPA) — we will not refuse service, raise shipping, or downgrade sample quality because you exercised a right. Right to lodge a complaint — with your local supervisory authority (in the EU, your national DPA; in the UK, the ICO; in California, the CPPA). To exercise any right, write to the address in the contact section. We will verify your identity using the email on file before acting.

Security

We hold ourselves to constellation-wide standards set by the Teamotea platform team under Evgeniy Smoley. All traffic to tea.gratis is served over TLS 1.3. Stored personal data is encrypted at rest on managed disks. Access to production data is limited to named engineers, gated by hardware security keys and logged. Payments never traverse our servers — the processor handles the card and returns a token. We do not store passwords for sample ordering because we use email magic-link sign-in. Backups are encrypted and held in a separate region with a 30-day rolling window. We run quarterly access reviews and an annual external penetration test on the shared platform that hosts all THETEA sites. If a breach affecting your data occurs, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, in line with GDPR Article 33. The notice will describe what happened, what data was involved, what we are doing, and what you can do.

Children

tea.gratis is not directed at children. We do not knowingly accept sample orders from people under 16. Tea is not age-restricted in most jurisdictions, but we ask for an adult to place the order and receive the parcel because shipping and address verification are involved. If you believe a child has submitted information through the site, contact us and we will delete the record. For caffeine guidance suitable for families, the constellation publishes age-appropriate framing on tea.doctor — that is the right reference if a young person in your household is curious about tea.

Changes to this policy

We will revise this page whenever our practice changes. Minor edits (typo, clarified wording) are made silently. Material changes — new data category, new processor, new purpose, change of controller — are announced at least 14 days in advance to anyone with an active email subscription, and the previous version is archived. The date at the foot of the page always reflects the live version. If you disagree with a material change, you can exercise erasure before the new terms take effect; your existing order will still ship under the policy that was in force when you placed it.

How to contact us

For any privacy question, including data-subject access requests (DSARs), corrections, deletions, or complaints about how we handled your data, write to hello@tea.gratis. Put “privacy” in the subject line so it routes to the right desk. We acknowledge within three working days and resolve within 30 days, extendable by a further 60 days for complex requests with notice to you. If you are not satisfied with our response, you can escalate within the parent company at teamotea.com, or take the matter to your local supervisory authority. For postal correspondence and for the formal company address used on tax records, please request the current registered address by email — we update it from time to time and prefer to give you the current one rather than print a stale address here.

Contact

hello@tea.gratis