BeerTripping (“we,” “us,” or “our”) operates the BeerTripping platform, including our website at beertripping.com and our mobile applications (collectively, the “Service”).

This Privacy Policy explains what information we collect, how we use it, how we share it, and what choices you have. It applies to all users of the Service. By using BeerTripping, you agree to the collection and use of information as described in this policy.

We believe in being straightforward about data practices. We collect only what we need to provide the Service, we never sell your personal information, and we give you control over your data.

Account Information

When you create an account, we collect your email address, handle (username), and optional display name. If you sign in via a social provider (Google or Apple), we receive your name and email from that provider. You are not required to use your real name.

Content You Create

We store the content you create on the Service, including trips, photos, beer check-ins, ratings, reviews, comments, reactions, and your On Tap wishlist. This data is necessary to provide the features you use.

Location Data

We collect your location only when you actively use location-based features such as Explore Nearby, Beer Here check-ins, or the explore map. We do not perform background location tracking. Location access is always initiated by you and requires your device's location permission. You can revoke this permission at any time through your device settings.

Photo Metadata

When you upload photos, we extract EXIF metadata (including GPS coordinates, timestamps, and camera information) to power trip features like auto-grouping stops and placing photos on your trip timeline. This metadata is used internally to build your trip experience. We strip EXIF data from all publicly served copies of your photos so that other users cannot access your raw location data or device information from your images.

Usage Data

We use PostHog for product analytics. This collects aggregated usage data such as page views, feature usage patterns, and general interaction data. This information helps us understand how the Service is used and where to focus improvements. You can opt out of analytics tracking in your account settings.

Device and Error Data

We use Sentry for error tracking. When an error occurs, Sentry may collect device type, operating system, browser version, and a stack trace to help us diagnose and fix bugs. This data is used solely for maintaining service reliability and is not used for advertising or profiling.

We use the information we collect to:

• Provide the Service: Display your trips, match check-ins to venues, render maps, show your beer history, and power the features you use
• Personalize your experience: Recommend venues, surface relevant content in your feed, and show popular places near you
• Improve the Service: Analyze usage patterns to fix bugs, improve performance, and develop new features
• Communicate with you: Send account-related emails (password resets, security alerts, significant terms changes). We do not send marketing emails unless you explicitly opt in
• Maintain safety: Detect and prevent fraud, abuse, and violations of our Terms of Service

We never sell your personal information to third parties. Ever.

Public Content

Your account is private by default. Only content you explicitly make public (public trips, public profile) is visible to other users. You can control visibility at the account level and override it on a per-trip basis.

Anonymized Data

Venue visit counts, trending data, and “popular in” features use anonymized, aggregated data. Individual visits are never attributed to specific users in these contexts.

Third-Party Service Providers

We share data with the following service providers, solely for the purposes described:

• Amazon Web Services (AWS): Cloud hosting, data storage, and infrastructure
• Mapbox: Map rendering and geocoding. Mapbox receives location coordinates to display maps but does not receive your account information
• Cloudflare: Content delivery, DDoS protection, and DNS. Cloudflare processes web traffic to improve performance and security
• Sentry: Error tracking and crash reporting
• PostHog: Product analytics (opt-out available)
• Google Places: Venue data enrichment (address and location queries only, no user data shared)

Law Enforcement

We will only disclose your personal information to law enforcement or government authorities when required by valid legal process (such as a court order or subpoena). We will notify you of such requests where legally permitted to do so.

Your data is hosted on Amazon Web Services (AWS) in the US East region. We implement industry-standard security measures to protect your information:

• Encryption at rest: All databases (RDS) and file storage (S3) are encrypted at rest
• Encryption in transit: All connections use HTTPS/TLS encryption
• Photo privacy: EXIF metadata is stripped from all publicly served photos
• Access controls: Internal access to user data is restricted to authorized personnel and logged
• Parameterized queries: All database operations use parameterized queries to prevent injection attacks

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you in accordance with applicable law.

You have control over your data. Here is how to exercise your rights:

• Access your data: Go to Settings, then Data and Privacy, then Export to download a copy of all your data
• Delete your account: Go to Settings, then Data and Privacy, then Delete Account. We will remove your personal data within 30 days
• Update your information: Edit your profile, email, and handle in Settings, then Profile
• Control visibility: Manage who can see your content in Settings, then Privacy
• Opt out of analytics: Disable PostHog tracking in Settings, then Privacy

For EU Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing of your personal data for certain purposes
• Right to restrict processing: Request that we limit how we use your data

To exercise these rights, contact us at support@beertripping.com. We will respond within 30 days. Our legal basis for processing your data is contract performance (providing the Service you signed up for) and legitimate interest (improving the Service and maintaining security).

For California Users (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to know: Request details about the categories and specific pieces of personal information we have collected
• Right to delete: Request deletion of your personal information
• Right to opt out: We do not sell personal information, so there is no sale to opt out of
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights

We use a minimal set of cookies:

• Essential cookies: Required for authentication and session management. These cannot be disabled without breaking the Service.
• Analytics cookies: Used by PostHog for product analytics. You can opt out of these in your account settings.

We do not use third-party advertising cookies. We do not participate in ad networks or allow third-party trackers on the Service.

BeerTripping is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@beertripping.com.

BeerTripping is operated from the United States, and your data is stored on servers located in the US East region. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States.

For users in the European Union, we rely on standard contractual clauses approved by the European Commission as the legal mechanism for data transfers. By using the Service, you consent to the transfer of your information to the United States as described in this policy.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post a notice on the Service at least 30 days before the changes take effect.

Non-material changes (such as clarifications or formatting updates) may be made without notice. We encourage you to review this policy periodically. The “Last updated” date at the top of this page indicates when the policy was last revised.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

support@beertripping.com

We aim to respond to all inquiries within 48 hours.

For privacy-specific requests (GDPR, CCPA), please include “Privacy Request” in your subject line so we can route your inquiry appropriately.