This Privacy Policy describes how BeerBook (the “Service”), operated by the data controller identified below, collects, uses, and shares personal information when you use our websites, apps, and related services. BeerBook is a social beer-rating and venue-discovery product offered under the Drinks After Work brand.
We collect the categories of personal information described in Information we collect, use them for the purposes in How we use information, and retain them as described in Retention. We do not sell your personal information or share it for cross-context behavioral advertising as those terms are commonly understood under the CCPA/CPRA. You may have rights to know, delete, correct, and limit use of sensitive personal information, and to appeal certain decisions, as explained in Your privacy rights.
The data controller responsible for personal information processed through BeerBook is:
This policy applies to personal information processed in connection with BeerBook, including our web application and any mobile applications we offer. Signing in may redirect you to our identity provider (OpenID Connect), currently hosted at auth.drinksafterwork.net, which authenticates you and issues tokens used by BeerBook. Processing on that host is covered here to the extent it relates to BeerBook access.
| Category | Examples |
|---|---|
| Account and profile | Identifiers such as your account subject identifier from our identity provider (Keycloak sub), display name, email address, avatar image URL, in-app currency balance and equipped cosmetic preferences associated with your profile. |
| User-generated content | Ratings (scores, flavor notes, free-text notes), venue names or labels you attach to ratings, optional photos you upload with a rating, comments, reactions, venue submissions, beer submissions, crew memberships and invites, and similar content you choose to submit. |
| Location-related information | Venue-associated location data you provide or that we derive from catalogued venues. If you allow it, device coordinates may be processed temporarily to verify proximity to a venue when you check in or rate at a venue; we also store whether a check-in was verified. You may use many features without granting precise location. |
| Social graph | Who you follow and who follows you, crew relationships, and related timestamps. |
| Usage and diagnostics (first-party) | When you use the Service, our servers may receive IP address, user agent, page or screen paths, session identifiers stored in your browser, referrer information, and (for certain link clicks) source pages and entity identifiers. When you are signed in, these events may be linked to your account identifier. |
| Progression and notifications | Achievement progress, ledger entries for in-app currency (“tabs”), leaderboard-related caches, and in-app notification records. |
| Communications | If you contact us for support, we process the content of your message and associated contact details. |
We use browser local storage and session storage (and similar mechanisms) to keep you signed in, remember UI preferences, and support first-party analytics session identifiers. These mechanisms are controlled by your browser or device settings.
Where GDPR or equivalent laws apply, we rely on one or more of the following:
We do not sell your personal information. We disclose information only as reasonably necessary:
We may process and store information in countries other than your own (including the United States and the European Economic Area). Where required, we use appropriate safeguards such as the EU Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, or other lawful transfer tools. Your legal counsel should confirm the mechanisms that apply to your hosting arrangements and subprocessors.
We retain personal information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Backup systems may retain residual copies for a limited period consistent with our backup policy. Specific retention periods may vary by data category; you may request more detail using the contact information above.
Depending on where you live, you may have the right to access, correct, delete, or port your personal information, to restrict or object to certain processing, to withdraw consent where processing is consent-based, and to lodge a complaint with a supervisory authority.
California: California residents may exercise CCPA/CPRA rights as described in our notice at collection. We will not discriminate against you for exercising these rights. Authorized agents may submit requests where permitted by law.
EEA / UK / Switzerland: You may contact us or your regulator. If we have appointed a DPO, use the contact listed in Who we are.
To exercise rights, contact [[PRIVACY_CONTACT_EMAIL]]. We may need to verify your request.
We use administrative, technical, and organizational measures designed to protect personal information, including HTTPS for data in transit and restricting database access to our private network. No method of transmission or storage is completely secure.
BeerBook is intended for adults who are of legal drinking age in their jurisdiction. The Service is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us and we will take appropriate steps to delete it.
We use cookies or similar technologies only as needed for authentication flows from our identity provider and for application functionality. We also use local and session storage as described above. First-party analytics are sent to our own API (for example via sendBeacon) and are not described as third-party advertising cookies.
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. If changes are material, we will provide additional notice as required by law.
This policy is provided for informational purposes and does not constitute legal advice. Have qualified counsel review it for your jurisdictions, contracts, and actual subprocessors.