Contents
1. Who We Are
Brewskr is operated by Brewskr, LLC. We make a mobile app and website that helps real people meet in real life through Shoutouts, Circles, the Good Vibes Map, and Tap to Connect.
This Privacy Policy explains how we collect, use, disclose, and protect information when you use our app and website at www.brewskr.com.
2. Information We Collect
Information You Provide
- Handle (@username) โ public, changeable anytime, not required to be your real name
- Display name โ can be a nickname
- Email address โ for account verification; never shown publicly
- Phone number โ stored as a one-way cryptographic hash; the original number is never retained
- Password โ stored using bcrypt hashing; we never have access to your plaintext password
- Avatar photo โ optional; scanned for inappropriate content on upload
- Interest tags โ used to power matching, map filtering, and business specials
- Shoutout messages โ up to 280 characters; visible to your Circle or nearby users
Location Data
Location is the most sensitive data we handle. Here's exactly how it works:
| Feature | What We Collect | How Long We Keep It |
|---|---|---|
| Shoutout | Precise lat/lng at time of creation | Deleted when Shoutout expires (default 4 hours) |
| Good Vibes Map | Approximate location (snapped to venue) โ opt-in required | Only while location sharing is ON; removed instantly when turned off |
| Background (optional) | Only if you grant "Always On" AND enable in Settings | Never stored persistently; used only for real-time delivery |
NFC / Tap to Connect Data
- A temporary session token (UUID) โ contains no personal data
- Connection event: who connected, when, where (venue), and method (NFC or QR)
- A snapshot of shared interests between both users at time of connection
NFC tags written by your device contain only the session token โ no name, handle, phone, or personal information.
Automatically Collected Data
- Device type, OS version, app version
- Device advertising ID โ used only for aggregate analytics; you can reset this in device settings
- IP address โ used for security monitoring and country-level analytics only
- Crash reports โ anonymized; contain no personal data
3. How We Use Your Information
- Deliver Shoutouts to your Circle
- Power the Good Vibes Map
- Match you with compatible Circles based on shared interests
- Process Tap to Connect sessions
- Send push notifications for Shoutout activity
- Deliver Instant Specials from nearby business partners (interest-matched only)
- Process subscription payments via Stripe
- Analyze anonymized, aggregate usage to improve the app
- Detect and prevent fraud, spam, and abuse
4. How We Share Your Information
With Other Users (By Design)
| Information | Visible To | Can You Limit It? |
|---|---|---|
| Handle (@username) | All Brewskr users | Change handle anytime in Settings |
| Display name | Circle members + map discoverers | Use a nickname |
| Shoutout message + venue | Your Circle; nearby users if Circle is Open | Use Closed Circles for friends-only |
| Approximate venue location | Map viewers when you opt in | Opt out in Privacy Settings anytime |
| Interest tags | Circle members (anonymized in matching) | Remove interests in Settings |
With Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | All data (encrypted at rest on US servers) |
| Stripe | Payment processing | Name, email, payment info (PCI compliant; we never see full card numbers) |
| Twilio | SMS delivery | Phone number for SMS only; hashed in our system |
| Google Maps Platform | Maps, venue search, geocoding | Approximate location while map is in use |
| Expo / EAS | Push notifications | Push token only (device identifier; no personal data) |
| Sentry | Crash monitoring | Anonymized crash reports; no personal data |
Business Partners (Instant Specials)
If you're within range and your interest profile matches, we deliver a business partner's promotion to you. They see only aggregate counts โ never your name, handle, phone, or precise location.
5. Data Retention
| Data | Retention |
|---|---|
| Account data (profile, interests) | Until account deletion |
| Shoutout content + location | Duration of Shoutout only (max 4 hours) |
| Tap connection records | 2 years, then deleted |
| Payment records | 7 years (legal/tax compliance) |
| Crash reports | 90 days |
| Access logs | 30 days |
6. Your Privacy Rights
We honor these rights for all users regardless of location:
- Access โ Settings โ Privacy โ Download My Data
- Correction โ Edit directly in your profile or email privacy@brewskr.com
- Deletion โ Settings โ Account โ Delete Account (data removed within 30 days)
- Portability โ Settings โ Privacy โ Download My Data (JSON format)
- Opt Out of Map โ Settings โ Privacy โ Location Sharing โ Off
- Opt Out of Marketing โ Unsubscribe link in any email
California Residents (CCPA)
California residents have the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal information. To exercise CCPA rights, email privacy@brewskr.com.
EU / UK Residents (GDPR)
Data is stored on AWS servers in the United States. We rely on Standard Contractual Clauses (SCCs) for EU/UK data transfers. You may lodge a complaint with your local data protection authority.
7. Security
- All data in transit encrypted via TLS 1.2+ (HTTPS/WSS)
- Data at rest encrypted with AES-256 on AWS RDS
- Passwords hashed with bcrypt โ plaintext never stored
- Phone numbers stored as one-way cryptographic hashes
- Production database not accessible from the public internet (VPC isolation)
No system is 100% secure. To report a vulnerability: security@brewskr.com
8. Children's Privacy
Brewskr is not directed to anyone under 17. We do not knowingly collect data from users under 17. If we discover an underage account, we immediately suspend it and delete all data. To report a concern: privacy@brewskr.com
9. Third-Party Services
Brewskr links to Uber, Lyft, Facebook, X (Twitter), Apple Sign-In, Google Sign-In, and Google Maps. Their own privacy policies govern those interactions. We are not responsible for their data practices.
10. Changes to This Policy
For material changes, we'll notify you via in-app notification and email at least 30 days before they take effect. Minor changes may be made without notice. Continued use after the effective date = acceptance.
11. Contact Us
| Privacy | privacy@brewskr.com |
| Security | security@brewskr.com |
| General | hello@brewskr.com |
| Company | Brewskr, LLC |
| Website | www.brewskr.com |