Cerveja logoCerveja

Privacy Policy

Last Updated: January 21, 2026

Cerveja ("we," "us," or "our") operates the cerveja.app website and service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your email address and/or phone number (for authentication), and a username you choose.
  • Profile Information: You may optionally upload a profile picture (avatar).
  • User-Generated Content: Messages you include when sending "beers" to other users.

1.2 Information from Third-Party Authentication

If you sign in using Google OAuth, we receive from Google:

  • Your email address
  • Your name (if provided)
  • Your profile picture URL (if provided)

We only use this information for authentication and to create your account. We do not access your Google contacts, calendars, files, or any other Google services. We do not read, send, or modify your Gmail.

1.3 Information Collected Automatically

When you use the Service, we automatically collect:

  • Log Data: IP address, browser type, device type, pages visited, and timestamps.
  • Cookies: We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

2. How We Use Your Information

We use your personal information for the following purposes:

  • Create and manage your account
  • Authenticate your identity
  • Enable you to send and receive virtual beers
  • Display your public ledger (username, avatar, beer history)
  • Communicate service updates or issues
  • Prevent fraud and abuse
  • Comply with legal obligations

We do not:

  • Sell your personal information to third parties
  • Share your data with advertisers
  • Use your data for automated decision-making or profiling
  • Train AI models on your data

3. Public Information

Cerveja is designed with public ledgers. The following information is visible to anyone:

  • Your username
  • Your avatar (if uploaded)
  • Your beer history (beers you owe and beers owed to you)
  • Messages attached to beers

Your email address and phone number are never displayed publicly.

If you do not want your beer activity to be public, please do not use the Service.

4. How We Share Your Information

We share your information only in these circumstances:

4.1 Service Providers

We use third-party services to operate the Service:

  • Vercel: Hosting and infrastructure (log data, IP addresses)
  • Neon: Database hosting (all account and beer data, encrypted)
  • Google: Authentication via OAuth (email, name, avatar URL)
  • Email provider: Magic link emails (email address)

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

4.3 Business Transfers

If Cerveja is acquired, merged, or sells assets, user data may be transferred to the successor entity. We will notify you via email or prominent notice on the Service before such transfer.

5. Data Retention

  • Account information: Until you delete your account
  • Beer history: Until you delete your account
  • Invite tokens: 48 hours after creation (auto-expire)
  • Log data: 90 days

When you delete your account, we will remove your profile information, anonymize or delete your beer records, and retain minimal data required for legal compliance (if any).

6. Your Rights

6.1 All Users

  • Access: Request a copy of your personal data.
  • Correction: Update inaccurate information via your account settings.
  • Deletion: Delete your account and associated data.
  • Portability: Request your data in a machine-readable format.

6.2 European Economic Area (GDPR)

If you are in the EEA, you also have the right to:

  • Object to processing based on legitimate interest
  • Restrict processing in certain circumstances
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

6.3 California (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your rights

To exercise any of these rights, contact us at privacy@cerveja.app.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for database storage
  • Secure authentication via OAuth 2.0 and magic links
  • Access controls limiting who can access user data
  • Regular security reviews

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers are located. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for transfers from the EEA.

9. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: privacy@cerveja.app

13. Google OAuth Disclosure

This application uses Google OAuth for authentication. We access only the following Google user data:

  • Email address - to create and identify your account
  • Name (optional) - to personalize your profile
  • Profile picture URL (optional) - to display as your avatar

We do not:

  • Access your Google contacts, calendars, Drive files, or Gmail
  • Store your Google password
  • Share your Google data with third parties except as described in this policy
  • Sell your Google data

You can revoke Cerveja's access to your Google account at any time via your Google Account permissions.