Iss. 001 · Doc 02 · Privacy

What we
know about you.

A plain-language read on what Sipstr collects, what we never collect, and what you can take with you when you leave.

§ 01 · TL;DR

The short version

Sipstr stores the beers you check in, your ratings and notes, the photos you attach, and the rooms you join. We do not sell or share your personal information. We don't run third-party ad networks against your check-ins. You can delete your account from Settings; the data is hard-deleted from the live database within 24 hours.

§ 02 · Collected

What we collect

  • Account. Email and a display name. Email is used for one-time login codes — never sold or rented.
  • Check-ins. The beer, brewery, your rating, optional notes and photo, and the time you logged it.
  • Profile and gameplay. Level progression, badges, and the flavor profile derived from your check-ins.
  • Tap Rooms. The rooms you join and the messages you post in them.
  • Push token. An APNs or FCM token, used only to deliver notifications you opted in to.
  • Device basics. OS version, app version, device model. Used for crash triage.
  • Anonymous usage events. Screen views and feature taps, via PostHog. No identity attached.
§ 03 · Never

What we never collect

  • Your contacts. No prompt, no fetch.
  • Your real-time location. No background location.
  • Other apps on your phone. No installed-app lists, no calendar, no health.
  • Advertising IDs. No IDFA, no Google AAID, no fingerprinting.
  • Cross-app tracking. No off-app pixels, no third-party SDKs that phone home.
No ads. No data brokers. The product is paid by Pro.
§ 04 · Usage

How we use it

Run the app

Render your cellar, sync check-ins, surface the right Tap Room when you level up.

Improve it

Aggregate, anonymous usage stats — how many people made it to a given level, which screens crash. Never tied to a name.

Talk to you

Transactional only — login codes and important service notices. No marketing newsletter.

Stay legal

Respond to lawful requests, prevent abuse, enforce our Legal terms.

Legal basis

Under the GDPR we rely on: contract for the data needed to run your account and check-ins; legitimate interest for anonymous analytics, crash triage, and abuse prevention; and consent where we ask for it, such as push notifications — which you can withdraw any time in Settings.

§ 05 · Sharing

Who processes it on our behalf

We use a small number of vendors, all bound by data-processing agreements that prohibit secondary use:

  • Supabase (EU region) — database, authentication, file storage.
  • PostHog (EU region) — anonymous product analytics.
  • Sentry — crash reports.
  • Apple APNs · Google FCM · Expo Push — notification delivery.
  • OpenAI and Anthropic — only when you scan a label or when we enrich a beer you've logged. No account email or other identifier is sent.
  • Vercel — hosts sipstr.app (this site).

That's the entire list. If we add a vendor, we update this page and email anyone with an active account before the change takes effect.

We do not sell or share your personal information, and never have — there is no data-broker pipeline and no advertising SDK.
§ 06 · Rooms

Tap Rooms are public to members

Anything you post inside a Tap Room — your messages — is visible to every other member of that room.

Messages are encrypted in transit and at rest. We can technically read them to comply with abuse reports or lawful process; we don't read them otherwise, and any such access is logged.

§ 07 · Age

Legal drinking age, your country

Sipstr is a beer log. You must be of legal drinking age in your country to use it — 21 in the United States; 18 in Sweden and most of Europe.

If we discover an account belongs to someone under the legal age, we delete it and notify the email on file.

§ 08 · Your rights

You own the data

  • Delete. Settings → Delete account. Removed from the live database within 24 hours; backups roll off according to our hosting provider's retention schedule.
  • Correct. Edit your profile and check-ins directly. Beer catalog corrections can be submitted from the beer page once you reach the correction unlock level.
  • Access, export, object. Email hello [at] sipstr.app. We respond within 30 days. Self-serve export is on the roadmap.
  • Complain. EU residents may complain to their national data protection authority.
  • United States & California. We do not sell or share your personal information, so there is nothing to opt out of. California residents have the right to know, delete, and correct their data, and not to be discriminated against for exercising those rights — use the same controls above (Settings → Delete account, edit your profile, or email hello [at] sipstr.app).
§ 09 · Changes

If this changes

We'll email every active account at least 14 days before any material change takes effect. Trivial wording fixes don't need a notice.

§ 10 · Contact

Talk to a human

All inquiries: hello [at] sipstr.app

Sipstr · Sweden

Sipstr — Privacy