Privacy Policy

1. Data Controller

The data controller responsible for your personal data is EI Meidy BAFFOU, an Entreprise Individuelle (sole proprietorship) registered in France under SIRET number 80473268300045. For any questions regarding your personal data or this privacy policy, you can contact us at hello@kombuchabrewlog.com.

2. Data We Collect

We collect the following categories of data when you use KombuchaBrewLog:

2.1 Account Data

When you create an account, we collect your email address and display name. If you choose to sign in using Google OAuth, we also receive your basic profile information including your name and profile picture from Google. This data is necessary to create and manage your account on our platform.

2.2 Brewing Data

All brewing-related content you create within the application, including kombucha batches, recipes, SCOBY records, and fermentation logs, is user-generated content that you voluntarily submit. This data is stored to provide you with the core functionality of the service — tracking and managing your kombucha brewing activities.

2.3 Payment Data

Payments are processed securely by Stripe, our third-party payment processor. We do not collect, store, or have access to your credit card number, debit card number, or any other financial payment information. The only payment-related data we store is your payment status (whether you have completed the one-time purchase), which is necessary to grant you access to the full application features.

2.4 Technical & Usage Data

When you visit our website, we automatically collect certain technical data including your IP address, browser type and version, device information, operating system, pages visited, and the date and time of your visits. This data is collected through essential cookies and server logs to ensure the proper functioning and security of our service.

3. Google OAuth & Third-Party Authentication

We offer Google OAuth as a convenient sign-in option. When you authenticate using Google, we access only your email address and basic profile information (name and profile picture). We do not request or access any other Google services, including but not limited to Google Drive, Gmail, Google Calendar, Google Contacts, or any other Google API scopes beyond basic authentication. Your Google credentials are handled entirely by Google's secure authentication system — we never see or store your Google password. You can revoke KombuchaBrewLog's access to your Google account at any time by visiting your Google Account settings at myaccount.google.com. We do not share any Google user data with third parties, and Google user data is used solely for the purpose of authenticating your identity on our platform.

4. How We Use Your Data

We use your personal data for the following purposes: (a) to provide and maintain the KombuchaBrewLog service, including account management and access to brewing features; (b) to process your one-time payment through Stripe and grant you lifetime access to the application; (c) to send transactional emails related to your account, such as welcome emails, password reset links, and important service updates via our email provider Resend; (d) to improve and optimize our service, including analyzing usage patterns to enhance the user experience; and (e) to comply with legal obligations under French and European law.

5. Data Storage & Security

Your data is stored on Supabase's PostgreSQL database infrastructure located in the EU-West region (Paris, France), ensuring your data remains within the European Union. All data is encrypted at rest using AES-256 encryption. All data transmitted between your browser and our servers is protected using HTTPS/TLS encryption in transit. We implement Row-Level Security (RLS) policies at the database level to ensure that each user can only access their own data. We regularly review and update our security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data.

6. Data Sharing & Third Parties

We share your data only with the following third-party service providers, each of which is necessary for the operation of our service: (a) Supabase — database hosting and authentication infrastructure, with data stored in EU-West Paris; (b) Vercel — web application hosting and content delivery; (c) Stripe — secure payment processing for the one-time lifetime access purchase; (d) Resend — transactional email delivery for account-related communications; and (e) Google — authentication only, when you choose to sign in with Google OAuth. We never sell, rent, or trade your personal data to any third party for marketing or advertising purposes. Each of our service providers is contractually obligated to handle your data in accordance with GDPR requirements.

7. Data Retention

We retain your personal data for as long as your account remains active and you continue to use the service. If you request deletion of your account, we will permanently delete all your personal data, including your account information, brewing data, recipes, SCOBY records, and fermentation logs, within 30 days of receiving your deletion request. Some data may be retained longer if required by applicable law, such as transaction records for tax and accounting purposes. To request account deletion, please contact us at hello@kombuchabrewlog.com.

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data: (a) Right of Access — you may request a copy of the personal data we hold about you; (b) Right to Rectification — you may request that we correct any inaccurate or incomplete personal data; (c) Right to Erasure — you may request that we delete your personal data (the "right to be forgotten"); (d) Right to Data Portability — you may request a copy of your data in a structured, commonly used, machine-readable format; (e) Right to Restriction — you may request that we restrict the processing of your personal data under certain circumstances; (f) Right to Object — you may object to the processing of your personal data for certain purposes. To exercise any of these rights, please contact us at hello@kombuchabrewlog.com. We will respond to your request within 30 days as required by law. If you are unsatisfied with our response, you have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.

9. Cookies

KombuchaBrewLog uses only essential cookies that are strictly necessary for the functioning of our service. These cookies are used for session management and user authentication, ensuring you remain logged in as you navigate the application. We do not use any advertising cookies, marketing cookies, or third-party tracking cookies. Because we only use essential cookies that are necessary for the service to function, consent is not required under the ePrivacy Directive. No personal data is shared with advertisers or analytics providers through cookies.

10. Children's Privacy

KombuchaBrewLog is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that data as quickly as possible. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@kombuchabrewlog.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will notify you by sending an email to the address associated with your account before the changes take effect. We encourage you to review this policy periodically. The "Last updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: EI Meidy BAFFOU, Email: hello@kombuchabrewlog.com, Website: https://kombuchabrewlog.com. We are committed to resolving any concerns you may have about our collection and use of your personal data.