Brew Routes

Opening your Community feed

Connecting to your community. Hang on a moment.

Open map

Brew Routes

Opening your People

Loading the people whose taste you trust. Hang on a moment.

Open feed
Back to App
Privacy Policy

Your Privacy Matters

This policy explains what Brew Routes collects, why we collect it, and how you can control your data.

Last Updated: March 13, 2026

1. Data We Collect

  • Account and profile data: name, email, username, avatar, and account identifiers.
  • Authentication data: sign-in provider account linkage metadata for Apple, Google, and credentials auth.
  • Credential security data: for password accounts, we store a one-way password hash (never plaintext passwords).
  • Location data: precise location only when you grant permission while using the app, used to power near-me and distance features.
  • User content: posts, ratings, comments, photos, favorites, bucket list, and bean vault entries.
  • Operational data: request diagnostics, device/browser metadata, and error logs needed for reliability and security (IP addresses and user agents are hashed; URLs are stored without query strings).
  • Waitlist/marketing consent: email and consent flag when you explicitly opt in.

2. Why We Use It (US + GDPR Baseline)

  • To provide the service: account login, profile features, discovery, map/list experiences, and saved shops.
  • To secure accounts and platform integrity: fraud prevention, abuse prevention, and service monitoring.
  • To improve product quality: troubleshooting, stability, and performance optimization.
  • To send requested communications: password reset and support interactions.
  • Lawful bases (where applicable): contract performance, legitimate interests, consent, and legal obligations.

3. Service Providers and Sharing

We use vetted providers to run Brew Routes, including:

  • Authentication: Apple and Google sign-in providers.
  • Database: PostgreSQL infrastructure accessed through Prisma (Supabase-backed database setup).
  • Media: Cloudflare R2 storage and Brew Routes media proxy processing path.
  • Maps: OpenFreeMap map styles rendered through MapLibre.
  • Email: Resend for operational messaging flows.

We do not sell your personal information. We only share data as needed to operate the service, satisfy legal obligations, or enforce our terms.

4. Cookies and Local Storage

  • Session cookies: used for secure authentication and account sessions.
  • Local and session storage: used for app preferences, cached UI state, and performance smoothing.
  • Location persistence: when you grant location permission, recent coordinates may be stored locally on your device for up to 30 days to improve near-me UX.
  • Background location:When you grant the “Always” location permission on iOS or background location on Android, Brew Routes may use your location while the app is in the background to alert you about nearby coffee shops. You can change this permission at any time in your device settings.
  • Your control: you can remove stored location data by clearing site data in your browser/app settings, and you can revoke location permission at any time in device/browser settings.

5. Retention and Deletion

  • Account and profile data are retained while your account is active.
  • User-generated content is retained until removed by you, moderation, or account deletion.
  • Security and operational logs are retained for up to 90 days for abuse prevention and reliability, then deleted or aggregated.
  • Inactive waitlist entries are deleted on a rolling schedule after 365 days unless a longer period is legally required.
  • Locally cached location data is kept on your device for up to 30 days unless you clear site data sooner.
  • You can preview deletion impact in Settings before confirming permanent account deletion.
  • Account deletion removes account-linked records, invalidates active sessions, and attempts cleanup of known user-owned media keys.

6. Your Rights

Depending on your location, you may have rights to know/access, correct, delete, and request portability of your personal data.

For California residents (CCPA/CPRA baseline), you may also request details about categories of personal information collected and disclosed, and request deletion/correction where applicable.

For Canada (PIPEDA baseline), you may request access/correction and withdraw consent for location processing where applicable, subject to legal or service limitations.

Authenticated users can self-serve privacy operations in Settings: Export My Data and Preview Account Deletion.

To make a privacy request, contact us at support@brewroutescoffee.com.

7. Policy Updates

We may update this policy to reflect product, legal, or security changes. Material updates will be reflected by the Last Updated date on this page.