1. Overview
Alechemy is a brewing recipe and fermentation management application. This policy describes what data we collect, how we use it, and how you can control it.
2. Data We Collect
- Account data: your name, email address, and hashed password when you register.
- Brewing data: recipes, fermentation profiles, equipment profiles, ingredients, and related content you create.
- Preferences: unit settings and display preferences.
- Authentication metadata: refresh-token issuance timestamps and source IP addresses for security and session management.
3. How We Use Your Data
- To provide, operate, and improve the Alechemy service.
- To authenticate your sessions and protect your account.
- To send transactional emails (account confirmation, password reset).
We do not sell your personal data to third parties.
4. Data Retention
Your data is retained for as long as your account is active. When you delete your account, all associated personal data and brewing records are permanently removed from our systems.
5. Service Providers And International Transfers
We use a limited set of third-party providers to run Alechemy. These providers may process personal data in the United Kingdom, European Economic Area, United States, and other countries where they or their own approved sub-processors operate. For EEA and UK personal data, we rely on the provider's applicable data-processing terms, adequacy decisions, the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and/or the EU-US Data Privacy Framework where available.
- Render: hosts the application, API, database, logs, and backups. Render may process account data, brewing data, authentication metadata, IP addresses, request logs, and operational diagnostics so we can provide and secure the service. Transfers are covered by Render's Data Processing Addendum.
- Stripe: processes checkout, subscription, billing portal, fraud prevention, tax, and payment records. Stripe receives account contact details, customer and subscription identifiers, billing metadata, payment status, and any payment details you provide directly to Stripe. Transfers are covered by Stripe's Data Processing Agreement and data-transfer terms.
- Resend: sends account confirmation, password reset, and other transactional email. Resend receives recipient email addresses, message metadata, and message content needed to deliver those emails. Transfers are covered by Resend's Data Processing Addendum.
- Google OAuth: lets you sign in with a Google account. Google may process your Google account identifier, email address, profile name, OAuth consent event, and related security metadata. Google's processing is governed by the Google OAuth policies and Google's applicable privacy and data-transfer terms.
- Microsoft Clarity: only loads after analytics consent and provides session recording, heatmaps, and usage analytics. Microsoft may process page paths, clicks, scrolls, browser and device characteristics, pseudonymous identifiers, and masked page content. Microsoft describes Clarity as GDPR-compliant as a data controller; its processing is governed by the Clarity FAQ and Microsoft Privacy Statement.
- Sentry: only loads after error-reporting consent and captures frontend application errors, stack traces, browser and device characteristics, page paths, and limited diagnostic breadcrumbs needed to troubleshoot broken workflows. We do not enable Sentry session replay, performance tracing, log collection, or default personal-information collection. Sentry's processing is governed by its Privacy Policy and applicable data-processing terms.
Our lawful bases for using these providers are performance of the service contract, compliance with legal obligations for billing, tax, fraud prevention, and security, legitimate interests in operating and protecting Alechemy, and consent where analytics cookies, session analytics, or frontend error reporting are used.
6. Your Rights
- Export: download a full copy of your data at any time from Settings → Account → Export my data.
- Deletion: permanently delete your account and all associated data from Settings → Account → Delete account.
- Correction: contact us to correct inaccurate personal information.
7. Analytics, Error Reporting & Cookies
With your consent, we use Microsoft Clarity to record anonymous sessions, click and scroll heatmaps, and basic page-usage events. This helps us understand how brewers use Alechemy so we can fix friction and prioritise features.
- What it collects: mouse movements, clicks, scrolls, page paths, browser and device characteristics, and a randomised session identifier. Form values and other sensitive content are masked by default.
- Cookies it sets:
_clck, _clsk, CLID, ANONCHK, MUID, and SM. They are loaded only after you accept the consent banner or enable analytics in Settings > Privacy. - Default: off. We do not load Clarity or set its cookies until you allow analytics. If you reject, the script never loads.
- Changing your mind: open Settings → Privacy at any time to enable or disable analytics. Disabling also clears Clarity's cookies on this device.
With your consent, we use Sentry to capture actual frontend application errors. Sentry helps us diagnose broken workflows by receiving error names and messages, stack traces, browser and device characteristics, page paths, and limited diagnostic breadcrumbs. We filter form validation and request validation failures before reporting, and we do not enable Sentry session replay, performance tracing, log collection, or default PII collection. Sentry is off by default and can be changed in Settings → Privacy.
Beyond Clarity and optional Sentry diagnostics, we set only the cookies needed to run the app (e.g. authentication session storage). We do not use advertising or marketing cookies.
8. Security
Passwords are stored using a strong adaptive hash function. Refresh tokens are rotated on every use and revoked on logout. We use HTTPS for all data in transit.
9. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via the application or email.