Skip to main content
BrewMarkBREWMARK

Legal

Privacy Policy

Effective March 12, 2026

Overview

BrewMark (“we,” “us,” or “our”) operates the website at brewmark.io and the BrewMark iOS application. This policy explains what data we collect, why we collect it, and how we protect it.

We keep things simple: we collect only what we need to run the service, we never sell your data, and we give you control over your information.

What We Collect

Account Information

When you create an account, we collect your email address. We use this solely for authentication via magic link (passwordless login) and for essential service communications.

Brew Data

When you use BrewMark, we store the brewing data you provide — grind settings, dose, water temperature, extraction feedback, and brew logs. This data powers your personalized recipe recommendations and dial-in history.

Analytics

We use Google Analytics 4 (GA4) to understand how people use BrewMark in aggregate. GA4 collects anonymized usage data including pages visited, session duration, and general device information. We do not use this data to personally identify you.

We also use Vercel Analytics for performance monitoring — page load times, web vitals, and similar technical metrics.

Cookies

We use essential cookies for authentication (keeping you logged in). GA4 may set analytics cookies to distinguish unique visitors. We do not use advertising cookies or trackers.

How We Use Your Data

  • Authenticate you via magic link email
  • Provide personalized brew recommendations
  • Store your brew history and equipment preferences
  • Improve the service based on aggregated, anonymized usage patterns
  • Send essential service communications (account security, major updates)

What We Don’t Do

  • Sell your personal data to third parties
  • Share your email with advertisers
  • Use your brew data for purposes unrelated to your experience
  • Send marketing emails without your consent

Data Storage & Security

Your data is stored on Turso (edge-replicated SQLite database) and served through Vercel’s infrastructure. Both providers maintain industry-standard security practices including encryption in transit (TLS) and at rest.

Authentication tokens are signed with JWT and transmitted over HTTPS only. We do not store passwords — magic link authentication means there are no passwords to compromise.

Third-Party Services

We use the following third-party services:

  • Vercel — hosting and serverless functions
  • Turso — database storage
  • Google Analytics 4 — anonymized usage analytics
  • Resend — transactional email delivery (magic links)

Each provider operates under their own privacy policy. We share only the minimum data necessary for each service to function.

Your Rights

You can:

  • Request a copy of your personal data
  • Request deletion of your account and associated data
  • Opt out of analytics by using browser-based tracking protection

To exercise any of these rights, email us at privacy@brewmark.io.

Children’s Privacy

BrewMark is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the app or via email. The effective date at the top of this page reflects the most recent revision.

Contact

Questions about this privacy policy? Reach us at privacy@brewmark.io.