Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Apple ID credentials: When you sign in with Apple, we receive your Apple-assigned user identifier. You may also choose to share your name and email address (Apple may provide a private relay email if you select "Hide My Email").
• Coffee data: Beans (name, origin, roast level, bag size, notes, dates), recipes (drink type, dose, yield, ratio, grind size, machine, notes), brew logs (date, time, rating, taste rating, notes), and dial-in sessions (grind adjustments, recommendations).
• Photos: If you are a premium subscriber, you may upload photos of your brews. These images are stored on our servers.

1.2 Information Collected Automatically

• Usage analytics: We collect anonymized usage events to improve the App. These include actions such as screens viewed, features used (e.g., logging a brew, creating a recipe, starting a dial-in session), paywall interactions, and subscription events. All analytics events are tied to your user account and stored on our servers.
• Subscription status: We verify your subscription status through Apple's StoreKit framework and sync it to your account.

1.3 Information We Do NOT Collect

• Location data
• Contacts or address book
• Advertising identifiers (IDFA)
• Health or fitness data
• Browsing history
• Device fingerprints or cross-app tracking data

2. How We Use Your Information

We use your information for the following purposes:

We do not use your data for advertising, profiling, or automated decision-making.

3. How We Share Your Information

We do not sell your data to third parties. Your data is shared only with the following service providers, solely to operate the App:

3.1 Supabase (supabase.com)

We use Supabase for authentication, database storage, and file storage. Your account data, coffee data, analytics events, and brew photos are stored on Supabase's infrastructure. Supabase acts as a data processor on our behalf.

Supabase Privacy Policy: supabase.com/privacy

3.2 Apple

• Sign In with Apple: Authentication is handled by Apple. We receive only the user identifier and optionally your name and email. See Apple's privacy policy.
• StoreKit / App Store: All payment processing for subscriptions is handled entirely by Apple. We never receive or store your payment card information, billing address, or other financial data.

3.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

4. Data Storage and Security

• Remote storage: Your data is stored on Supabase (PostgreSQL database and file storage). All data is scoped to your authenticated user account.
• Local storage: A local cache of your data is stored on your device using SwiftData (SQLite) for offline access. Authentication credentials (Apple user identifier and email) are stored securely in the iOS Keychain.
• Encryption: Data is transmitted over HTTPS/TLS. Local Keychain data is encrypted by iOS.
• Access: Only you can access your data through your authenticated account.

Data Retention

• Your data is retained for as long as your account is active.
• When you delete your account, all associated data on our servers (profile, beans, recipes, brews, dial-in sessions, analytics events, and photos) will be permanently deleted.
• Local data on your device is removed when you uninstall the App or use the in-app data reset feature.

5. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Port your data (receive it in a structured, machine-readable format)
• Object to processing based on legitimate interests
• Withdraw consent at any time (without affecting the lawfulness of prior processing)
• Lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at tryappsbymartin@gmail.com.

Account Deletion

You can delete your account and all associated server-side data from within the App. Go to Settings > Delete Account. This action is irreversible and will permanently remove all your data from our servers.

6. Children's Privacy

Beany is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

7. Device Permissions

The App may request the following device permissions. All are optional and can be managed in your device's Settings:

8. International Data Transfers

If you are located in the EU/EEA, your data may be transferred to and processed in countries outside the EU/EEA where Supabase operates its infrastructure. Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) as required by GDPR.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this policy and, where appropriate, through an in-app notice. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data: