Privacy Policy

Last updated: May 28, 2026

Speakeasy ("we," "our," or "us") is a cocktail discovery and journaling app. This policy explains what data we collect, why we collect it, who we share it with, and your rights as a user.

1. Data We Collect

• Account data. When you sign in with Apple or Google, we receive your email address and a unique identifier from Apple/Google. We store these in our authentication system (Supabase) to manage your account.
• Drink logs and journal entries. Text notes, ratings, and photos you attach to journal entries are stored on our servers. You control what you log.
• Scan images. When you scan a bar menu, the photo is sent to our backend and forwarded to Anthropic's API for AI text extraction. We do not store the raw image beyond the duration of the extraction request. We log metadata about each scan (bar name, extracted drink names, timestamp) for deduplication and abuse prevention; these log records are retained for 24 hours.
• Location. If you grant location permission, we use your approximate location to rank nearby bars and improve suggestions. Location is only accessed while the app is in use and is never stored on our servers.
• Camera and photo library. Camera access is used to photograph menus for the scan feature. Photo library access is used only if you choose to attach a photo to a journal entry. We do not collect images in the background.
• Usage data. We do not collect analytics or advertising identifiers.

2. How We Use Your Data

• App functionality. Account data lets you sign in; drink logs power your personal taste profile and journal history; scan images are processed to extract cocktail names.
• Personalized recommendations. Your taste profile (derived from your drink logs) is used to rank and suggest cocktails. This computation runs on our backend and is tied to your account.
• Fraud prevention and safety. Scan metadata is retained briefly to detect abusive usage patterns.

3. Who We Share Your Data With

We share data only with the following service providers, and only to the extent necessary to operate the app:

• Anthropic. Scan images and cocktail text are sent to Anthropic's Claude API for AI-powered menu extraction and drink suggestions. Anthropic's data use is governed by their privacy policy.
• Supabase. Our database and authentication provider. Your account data and journal entries are stored on Supabase's infrastructure. See Supabase's privacy policy.
• OpenAI. Journal entry text is converted to embeddings (numerical representations) via OpenAI's API to power semantic search and recommendations. Raw journal text is not retained by OpenAI beyond processing. See OpenAI's privacy policy.
• Apple Maps. Bar names and addresses are geocoded using the Apple Maps Server API. No personal data is sent to Apple Maps. See Apple's privacy policy.

We do not sell your data. We do not share your data with advertisers.

4. Data Retention

• Account data and journal entries are retained until you delete your account. See Section 5 for how to delete your account.
• Scan metadata logs are deleted after 24 hours.
• Scan images are not stored; they are discarded after AI extraction completes.

5. Your Rights and Controls

• Account deletion. You can delete your account from within the app (You tab → menu → Delete Account). This permanently removes your account data, journal entries, and taste profile from our systems.
• Data export. To request an export of your data, email us at the address below. We will respond within 30 days.
• Location. You can revoke location permission at any time in iOS Settings → Privacy & Security → Location Services → Speakeasy.
• Camera / Photos. You can revoke camera or photo library access at any time in iOS Settings → Privacy & Security → Camera / Photos.

6. Children

Speakeasy is intended for users who are 21 years of age or older (or the legal drinking age in your jurisdiction). We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

7. Security

Data is transmitted over HTTPS and stored in a Supabase database protected by row-level security policies. Authentication tokens are managed by Supabase's auth system using industry-standard practices. No security system is perfect; if you discover a vulnerability, please contact us.

8. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects when changes were last made. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact

Questions or requests: changruizzzz@gmail.com