rebrew 

Privacy Policy

Last updated: 05/21/2025

1. Introduction

rebrew (“we”, “us”, “our”, or "the app") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we collect it, how we use it, with whom we share it, and your rights regarding your data.

2. Data We Collect and How We Collect It

We collect the following types of data when you use rebrew:

A. Account & Profile Data

• What: Username, email address, profile picture, description, favorite drink, phone number (optional), review count, following/followers count, influence count, contacts sync status, your favorite drink, and creation date. 

• How: Provided by you during sign-up or profile editing, or generated by the app (e.g., review count).

• Where: Stored in Firestore (Firebase - Google) under your user profile.

B. Reviews & Social Data

• What: Reviews you write including drink name, rating, type, location, notes, media URLs (privately stored in Cloudinary, see section 4), tagged users, likes, comments, and influence data. 

• How: Created by you when you post reviews, like, comment, or tag others.

• Where: Stored in Firestore in the reviews, likes, comments, and related collections.

C. Place & Location Data

• What: Cafés/places you review or search for, their names, addresses, coordinates, and your workability ratings for places.

• How: When you review a place, search, or rate workability.

• Where: Stored in Firestore in placeCriteria and related collections.

D. Device & Usage Data

• What: Device identifier (for notifications), app usage metrics, and optionally, your location (if you grant permission).

• How: Collected automatically or when you use features like location-based search.

• Where: Stored in Firestore and/or third-party services (see below).

E. Contacts (Optional)

• What: If you opt in, we may access your contacts to help you find friends.

• How: Only with your explicit permission.

• Where: Contacts are not stored permanently; only used for matching and then discarded.

F. Master List of Users' Contacts

• What: If you opt in to allow us to use your contacts to find people who have many friends on rebrew.

• How: Only with your explicit permission.

• Where: Numbers that have appeared in contacts syncs across all users and the amount of times they appeared are stored in Firestore. Phone numbers are stored anonymously with no link to any related information about the phone number. The only data stored is the phone number and the amount of time it has appeared across all users' contacts syncs.

3. How We Use Your Data

• To create and manage your account.

• To display your reviews, comments, and profile to other users.

• To enable social features (likes, comments, tagging, following).

• To recommend places and users based on your activity and preferences.

• To send you notifications (e.g., likes, comments, follows).

• To improve app features and user experience.

• To comply with legal obligations.

• To send a text message no more than one (1) time to phone numbers that we have collected through contacts syncs, stipulated in section 2.F.

• We use your location, provided by your device should you opt in, to find places nearby to you. We do not store your location anywhere in our databases.

4. Third-Party Data Sharing

We use the following third-party services, which may process some of your data:

• Firebase (Google): For authentication, general personal data storage, and custom analytics (e.g., the amount of coffee shops you have been to in a neighborhood) that are created and stored as data based on the data that you, as a user, either generate or provide us.

• Cloudinary: For storing and serving your uploaded images and videos.

• Neo4j: For calculating users' and reviews' influence scores. Influence is defined as a user liking someone's review of a drink at a place and subsequently making a review of that drink at that place. Neo4j stores a users' primary keys so that we are able to calculate influence correctly and appropriately sync it with Firebase.

• OneSignal: For push notifications (device identifier only).

• Expo/React Native: For app infrastructure and device APIs.

We do not sell your data. All third parties are required to provide the same or equal protection of user data as described in this policy and as required by Apple’s guidelines.

5. Data Retention & Deletion

• Retention:

• Your data is stored as long as your account is active or as needed to provide you with the service.

• Reviews, comments, and likes remain until you delete them or your account is deleted.

• If you delete your account, your user profile and all associated data (reviews, comments, likes, etc.) are deleted from our systems.

• Media files are deleted from Cloudinary when you delete the associated review.

• Media files used in your profile picture are deleted when you remove your profile picture or change it.

• Deletion:

• You can request deletion of your account and data at any time by contacting support at mickey.claffey@gmail.com.

• Upon deletion, your data is removed from Firestore and associated services as soon as technically feasible.

6. User Rights & Choices

• Access & Correction:

• You can view and edit your profile information at any time in the app.

• Users may download any images uploaded in a review that they are able to see.

• Revoking Consent:

• You can revoke permissions (e.g., location, contacts) via your device settings.

• Data Deletion:

• You can delete your account and all associated data via the app or by contacting support.

• Opt-Out:

• You can opt out of notifications in your device settings.

7. Security

• All data is protected by Firebase security rules, ensuring only you (or authorized app features) can access or modify your data. Your passwords are never stored in Firebase.

• Sensitive actions (like deleting your account) require a recent login.

• Everything that we collect is stored privately, as in, none of the data stored and shared is available to the public.

• We use Firebase Authentication, which enforces industry best practices including hashed passwords and secure token exchange.

8. Contact Us

If you have questions or requests regarding your privacy, please contact us at mickey.claffey@gmail.com.

9. Children

The Service is not intended for use by anyone under 13 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

10. GDPR Compliance (For Users in the European Economic Area)

If you are located in the European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR). rebrew is committed to protecting your personal data and complying with the GDPR. Below is an overview of your rights and how we fulfill them:

A. Legal Basis for Processing

We collect and process your personal data only where:

• You have given us explicit consent (e.g., for contacts or location sharing).

• Processing is necessary for the performance of a contract (e.g., to provide you with the app’s services).

• We have a legitimate interest, such as improving the app or preventing abuse, and such interest is not overridden by your data protection rights.

• We are required to comply with legal obligations.
  
  

B. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access – You can request a copy of the personal data we hold about you.

• Right to Rectification – You can ask us to correct any inaccurate or incomplete data.

• Right to Erasure ("Right to be Forgotten") – You can request deletion of your personal data.

• Right to Restrict Processing – You can request that we limit how we use your data.

• Right to Data Portability – You can request a copy of your data in a structured, commonly used format.

• Right to Object – You can object to our processing of your data based on legitimate interests or for direct marketing purposes.

• Right to Withdraw Consent – If you have provided consent to data processing, you may withdraw it at any time.
  
  

C. Data Transfers Outside the EEA

We use third-party services (e.g., Firebase, Cloudinary) that may store data outside the EEA, including in the United States. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data.

D. Data Protection Officer / Contact

If you have questions about your GDPR rights or wish to make a request, please contact us at: mickey.claffey@gmail.com.

You also have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

11. CCPA Compliance (For California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section outlines those rights and how rebrew complies with them.

A. Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (e.g., name, email, phone number, username)

• Personal characteristics (e.g., profile photo, favorite drink)

• Internet or electronic activity (e.g., app usage, device data)

• Geolocation data (if permission is granted)

• User-generated content (e.g., reviews, comments, likes)

• Inferred data (e.g., influence scores)
  
  

We do not sell personal data, including any contact data, to third parties.

B. California Consumer Rights

As a California resident, you have the right to:

• Know what personal data we collect, use, and share.

• Delete your personal data.

• Correct inaccurate personal information.

• Opt Out of the sale or sharing of personal information (Note: rebrew does not sell or share your personal data for cross-context behavioral advertising).

• Non-Discrimination for exercising your privacy rights.
  
  

You may exercise these rights at any time by:

• Using the in-app delete account feature, or

• Contacting us at mickey.claffey@gmail.com.
  
  

C. Authorized Agent

You may designate an authorized agent to make a request on your behalf. We may require proof of your identity and authorization.

D. Notice of Financial Incentives

rebrew does not offer financial incentives in exchange for your personal data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via the app or email. This policy is accessible in the app’s settings and will be linked in the App Store listing.