For some customers, free coffee is worth giving up some personal data.

Japanese coffee chain Shiru Cafe, which has 21 stores located mostly in Japan and India, launched its first U.S. location in Providence, Rhode Island, at the Brown University campus earlier this year. To access free coffee, customers have to be students or faculty members who provide personal data including their names, dates of birth and work experience through an online registration process. The company is now planning to expand to more U.S. locations by end of the year.

“I’m giving tons of organizations my data and not getting any goods or services back,” said Jacqueline Goldman, a Brown graduate student and Shiru customer. “Shiru is being transparent.”

Shiru’s business model is one which treats personal data as a currency to be exchanged for goods. Revenue is generated from corporate sponsors who advertise on site and reach out to potential hires through hosted events. In Japan, Shiru cafe’s sponsors include Nissan, Microsoft and JPMorgan, according to parent company, Enrission. It’s a twist on loyalty programs which offer customers points for purchases and the right to track purchase behavior. For Shiru Cafe, which is still trying to secure U.S. sponsors, the data informs which types of sponsors it’s seeking. The company said it doesn’t share customers’ personal information with third-party companies.

“Our goal is to help students make the transition [from academic life to the workplace] easier and empower them to make better decisions,” said Shiru’s North America general manager, Keith Maher.

The Brown University location draws 800 customers a day, according to the company. The “pay with data” business model is gaining more interest from marketers, but it’s an approach that also has risks, given customer concerns about privacy since recent breaches at Facebook and Equifax.

“‘Pay with data’ has been around for years in various, subtle forms,” said Greg Portell, lead partner in the global consumer and retail practice of consultancy A.T. Kearney. “Retailer loyalty cards are an obvious example. The retailer value proposition has roughly equated to ‘let us track your personal shopping preferences and we will offer you discounts.'”

Retailers and financial institutions are increasingly looking to personalize offers based on customer preferences gleaned through data-gathering efforts. Loyalty programs, including branded credit cards, let companies market to customers based on their habits. The logic is, if the brand is transparent about what the customer gets in return for the data and how their data is being used, they’ll be more likely to share personal information.

Data privacy regulations are also a hurdle to overcome when using customer data as a currency. Regulations such as the E.U.’s General Data Protection Regulation, which requires companies to seek customer consent before collecting and using personal data, imposes additional requirements on brands. It’s a concern Maher said Shiru is taking seriously. He said the company is complying with laws and regulations regarding data privacy, which will be top of mind as it looks to expand to the U.K. It’s a risk that discourages some sponsors from buying into this approach.

“For this model to be truly scalable, you need access to at least one demographic and their data at some scale,” said Jonathan Smalley, CEO of Yaguara, a data analytics company that serves e-commerce brands. “With the potential for serious regulation, potential sponsors may just decide to go more traditional routes or invest in their own efforts.”

Shiru plans to expand to Harvard, Yale, Princeton and Amherst before the end of the year.

Subscribe to the Digiday Retail BriefingA weekly email with news, analysis and research covering the modernization of retail and e-commerce.

  • LinkedIn Icon