Legal
Privacy Policy
Last updated: 15 May 2025
1. Who we are
Brew ("we", "us", "our") is operated by [Company Name] ("Controller"), a sole-trader registered in the European Union. We are the data controller for all personal data processed through the Brew web application at brew.app.
You can contact us at any time.
2. What data we collect and why
We collect only the data we need to provide the service. Below is each category, what it is, why we collect it, and our legal basis under the GDPR.
| Category | Data | Purpose | Legal basis |
|---|---|---|---|
| Account | Email address, hashed password | Authenticate you and identify your pours | Contract (Art. 6(1)(b)) |
| Latte art photos | Image file you upload | Send to our AI model for analysis; display in your gallery | Contract (Art. 6(1)(b)) |
| Pour analysis | Shape, scores, feedback text, milk texture | Display results; track your progress over time | Contract (Art. 6(1)(b)) |
| Subscription | Subscription status, plan type, renewal date | Enforce free-tier limits and unlock Pro features | Contract (Art. 6(1)(b)) |
| Usage analytics | Page views, referrer, country (no personal identifiers) | Understand how the product is used and improve it | Legitimate interest (Art. 6(1)(f)) |
We do not collect your IP address, sell your data, or use your photos to train AI models.
3. Data processors (sub-processors)
We share data with the following third-party processors, each bound by a Data Processing Agreement:
| Processor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database, authentication, photo storage | US (SCCs apply) |
| Lemon Squeezy | Payment processing and subscription management | US (SCCs apply) |
| Vercel, Inc. | Web hosting and anonymous analytics | US (SCCs apply) |
| Anthropic, PBC | AI analysis of latte art photos | US (SCCs apply) |
Transfers to the US are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.
4. How long we keep your data
- Photos — deleted from storage 30 days after upload, unless you explicitly save them to your gallery. Gallery photos are kept until you delete them or close your account.
- Pour analysis results — kept as long as your account is active. Deleted when you close your account.
- Account data — kept until you delete your account. After deletion, your email is purged within 30 days.
- Payment records — kept for 7 years as required by EU tax law (Art. 6(1)(c) GDPR). Payment card details are never stored by us; Lemon Squeezy holds them under PCI-DSS.
- Analytics data — anonymous aggregates retained for 24 months.
5. Cookies and local storage
Brew uses a single session cookie to keep you logged in (strictly necessary, no consent required). Vercel Analytics is cookieless and collects no personal identifiers.
We do not use advertising, profiling, or third-party tracking cookies.
6. Your rights under the GDPR
As a data subject in the EU/EEA you have the following rights, exercisable free of charge:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data ("right to be forgotten"). You can also do this directly from your account settings.
- Portability — receive your pour data in a machine-readable format.
- Restriction — ask us to pause processing while a dispute is resolved.
- Objection — object to processing based on legitimate interest (e.g. analytics). We will stop unless we have compelling grounds.
To exercise any right, submit a request via our contact form. We will respond within 30 days. If you believe we have mishandled your data you have the right to lodge a complaint with your national data protection authority.
7. Children
Brew is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, contact us and we will delete it promptly.
8. Changes to this policy
We may update this policy when we add new features or processors. We will notify you by email at least 14 days before material changes take effect. The date at the top of this page always reflects the latest version.
9. Contact
Questions, requests, or complaints? Reach us through our contact form.