Privacy Policy

Information We Collect

• Account information: email address and display name provided during sign-in via Sign in with Apple, Google Sign-In, or email/password. Your display name is optional, and Sign in with Apple lets you hide your real name.
• Brew data: coffee recipes, brew records, tasting notes, and bean inventory you enter into the app.
• Account identifier: when cloud sync is enabled, your Firebase Auth user ID is used to associate cloud data with your account.
• App preferences: language, appearance, notification settings stored locally on your device.
• Photos you choose to add (optional): if you attach an image to a coffee bean, the image is stored locally on your device (app sandbox). The app uses Apple's PhotosPicker, so it does not request broad photo-library access. When cloud sync is enabled (i.e., you are signed in and sync is active), bean images are uploaded to our cloud storage (Cloudflare R2, via a secure proxy) and associated with your user identity to enable cross-device access. You can remove these images by deleting your account.
• Crash diagnostics (optional, on by default): Firebase Crashlytics may collect crash reports such as stack traces, device model, and OS version. You can turn crash reporting off in Settings under Data & Privacy.
• Usage analytics (optional, off by default): Firebase Analytics collection is disabled by default. If you explicitly enable analytics in Settings under Data & Privacy, Firebase Analytics may collect product interaction data such as app launches, taps, and screen usage to help us understand feature adoption. You can opt out again at any time.

How We Use Your Information

• To sync your brew records and bean inventory across your devices.
• To provide core app features such as brew timers, experiment comparison, recipe tracking, and sensory analysis.
• To diagnose crashes and improve reliability when crash reporting is enabled.
• To understand how the app is used and improve it over time.
• We do not sell, rent, or share your personal data with third parties for advertising purposes.

Third-Party Services

We use the following third-party services, each with their own privacy policies:

• Firebase Authentication (Google LLC) — manages account sign-in and identity.
• Firebase Firestore (Google LLC) — stores your brew data in the cloud for cross-device sync.
• Cloudflare R2 (Cloudflare, Inc.) — stores bean images on our cloud infrastructure when cloud sync is enabled. Images are associated with your user identity and are deleted when you delete your account. Governed by Cloudflare's Privacy Policy.
• Firebase Crashlytics (Google LLC) — collects crash reports (optional; you can disable collection in-app).
• Firebase Analytics (Google LLC) — optional usage analytics (disabled by default; user opt-in).
• Google Sign-In (Google LLC) — OAuth-based sign-in; governed by Google's Privacy Policy.

Bluetooth

If you connect a compatible brewing device, the app uses Bluetooth to receive sensor data in real time. The currently implemented direct device data types are weight from BLE scales (for example Acaia and Timemore) and temperature from compatible thermometers (for example Inkbird). Refractometer TDS data, pressure data, and flow-rate data are not currently collected as direct Bluetooth sensor streams.

In Quick Brew setup, a connected BLE scale can auto-fill the coffee dose before brewing starts. During Quick Brew and recipe-guided Immersive Brew sessions, the app records timestamped weight readings. When you save a brew, captured BLE values may be used to populate the saved brew record's coffee dose, water weight, and water temperature, depending on the workflow and data available. In Espresso Dial-In mode, you can optionally capture the current scale reading into the dose or yield field with a single tap. When a BLE scale is used, the app may derive a local flow-rate chart from timestamped weight readings stored in your brew record.

All Bluetooth data is processed locally on your device and is not transmitted to our servers.

Notifications

Daily brew reminders are delivered via Apple's local notification system (UNUserNotificationCenter) and are scheduled locally on your device at the time you choose. We do not use push notifications, no APNs token is uploaded to our servers, and no reminder payload is sent to any backend service.

If you grant notification permission, reminders may be presented by iOS while the app is in the foreground, background, or on the lock screen, subject to your system notification settings and Focus modes. If you deny permission, you can re-enable notifications later from the iOS system notification settings for BrewTinker.

Widgets

If you enable the BrewTinker widget, the app writes a compact on-device summary to an App Group container so the widget can display it. This summary currently includes daily brew count, total brews, average rating, last brew date, and bean freshness alerts (including bean name and days remaining). No full brew records or full bean inventory history are shared with the widget. This widget data is stored locally on your device and is not transmitted to our servers.

Data Retention and Deletion

Your data is retained only while your account is active. You may delete your account at any time from Settings by opening your account profile and choosing Delete Account. When you confirm deletion, we attempt to:

1. Verify that your current sign-in session is recent enough to permit destructive account deletion.
2. Delete cloud bean image objects stored in Cloudflare R2 and purge all Firestore subcollections (brew records, beans, recipes, equipment, tombstones) for your account.
3. Destroy and recreate the local Core Data store.
4. Clear Widget App Group UserDefaults.
5. Remove per-user sync timestamps and pending deletion records.
6. Revoke the Firebase Auth credential and reset onboarding and privacy-consent flags.

If the recent-login check fails, no remote or local data is deleted until you re-authenticate and retry. Some diagnostics or analytics data handled by third-party providers may remain subject to those providers' own retention policies.

Note for developers: The deletion sequence is implemented in AccountDeletionService.swift. The step order and numbering in this document reflect the actual code execution path as of 2026-04-15.

Your Rights

• Access: request a copy of the data we hold about you.
• Deletion: delete your account and all associated data at any time from within the app.
• Export: export your brew records as CSV, JSON, or plain text from Settings under Data & Privacy via Export Data.
• Portability: your exported data is in a standard format you can use with other services.
• Opt out of analytics: disable Firebase Analytics at any time from Settings under Data & Privacy.
• Opt out of crash reporting: disable Firebase Crashlytics at any time from Settings under Data & Privacy.

Supported Languages

BrewTinker is localized in English, Simplified Chinese (简体中文), Japanese (日本語), Korean (한국어), and German (Deutsch). All in-app privacy disclosures, including the explanation of photo handling, are available in all five languages.

Guest Mode

The guest mode is a local-only experience — no Firebase account is created and no data is sent to our servers. Uninstalling the app removes all guest data.

Changes to This Policy

If we make material changes to this Privacy Policy, we will update the effective date and notify you through the app or via email. Continued use of BrewTinker after the revised policy takes effect constitutes acceptance.

Contact Us

If you have questions or concerns about this privacy policy, please contact us at: [email protected].