Privacy Policy

Effective Date: July 7, 2026

Privacy Policy

Pourly Done — Effective Date: July 7, 2026

Welcome to Pourly Done (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, and
protect your personal information when you use the Pourly Done mobile application (the “App”), available
on iOS (App Store) and Android (Google Play).

We are committed to protecting your privacy and being transparent about the data we handle. Please read
this policy carefully. By using the App, you agree to the practices described below.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name and email address
through Google Sign-In or Apple Sign-In (OAuth). We do not store your password — authentication
is handled entirely by Google or Apple, and our backend infrastructure provider, Supabase, manages your
authenticated session.

During account setup, we also collect a username, your date of birth
(used solely to verify that you meet our 21+ minimum age requirement), and your zip
code
(used to center the map and find venues near you). You may optionally provide a short
bio and a favorite spirit type to personalize your profile.

1.2 User-Generated Content

When you use the App, you may choose to create and store:

  • Tasting notes and structured ratings
  • Product reviews
  • Venue visits, check-ins, and venue subscriptions/alerts you opt into
  • Home bar inventory records
  • Custom product lists and categories
  • QR code menu-scan events (created when you scan a venue’s QR code to view its menu)

This content is stored in our cloud database (hosted by Supabase) and is associated with your account.

1.3 Product Photos

You may take or upload photos of bottles and products. These images are stored in our cloud storage
(hosted by Supabase) and are associated with your account.

1.4 Location Information

The App uses location information in two distinct ways:

  • Our backend (Supabase): when you browse the venue map, your device’s current
    map-viewport coordinates are sent to our backend on a transient, in-the-moment basis to query for
    venues within that area. This location query is used to run the search and is not stored
    as a permanent record
    tied to your account.
  • Mapbox: your approximate location and/or the zip code you provide during profile
    setup is shared with Mapbox, our mapping provider, both to render the map view and to geocode
    (translate to map coordinates) your zip code. Mapbox may process this data as described in their
    own privacy policy (see Section 3).

See Section 5 for how location permission is requested on your device.

1.5 Push Notification Data

To deliver push notifications (for example, alerts about new products or events at venues you’ve
subscribed to), we use OneSignal, a push-notification delivery service. OneSignal
receives a device push token and an associated OneSignal subscription/user ID for your device. On
Android, Google Firebase Cloud Messaging (FCM) is used solely as the underlying
transport channel that delivers these notifications to your device — we do not use Firebase
Analytics, Firebase Crashlytics, or any other Firebase product, and no analytics data is sent to
Firebase.

1.6 Device & Usage Information

We collect standard device and usage information provided by the Apple App Store and Google Play Store
(such as device type, operating system version, and store-level crash reports). We do not use any
third-party analytics or crash-reporting SDKs within the App itself.

1.7 Summary of Data Categories Collected

For transparency, and to align with our Google Play Data Safety disclosure, here is a summary of the
categories of data the App collects:

  • Personal info: name, email address, user (account) ID, username, date of birth, zip code, and optional bio / favorite spirit type
  • Location: approximate location and precise location
  • Photos: photos you take or upload of products/bottles
  • App activity: in-app search and other user-generated content, including tasting notes, ratings, reviews, check-ins, venue subscriptions, home bar inventory, QR-code menu scans, and custom lists
  • Device or other identifiers: push-notification device token / subscription ID

We do not collect financial information, health information, contacts, calendar data,
or messages, and we do not use any analytics or crash-reporting SDK.

2. How We Use Your Information

We use the information we collect to:

  • Provide the App’s features — authenticate your account, store your tasting notes, reviews, inventory, and other user-generated content
  • Display nearby venues — use your location to show relevant places on the map (see Section 1.4)
  • Enable product lookup — use your camera to scan barcodes and identify products
  • Deliver notifications you’ve opted into — send push notifications for venue subscriptions and product alerts via OneSignal
  • Maintain and improve the App — diagnose and fix bugs reported to us or surfaced through app-store crash reports
  • Communicate with you — respond to support requests or send service-related notices

What we do NOT do: The App does not include any third-party advertising SDK and
does not display ads. We do not sell your personal data to third parties. We do not track you
across other apps or websites, and we do not use fingerprinting or cross-device tracking.

3. Third-Party Services

The App uses the following third-party services to function:

  • Supabase — Provides authentication, cloud database, and file storage, and
    acts as our data processor. Your account data, user-generated content, and product photos are
    stored on Supabase’s cloud infrastructure. Supabase Privacy Policy
  • Google Sign-In — Used for account authentication on all platforms. Google
    receives your authentication request and provides us with your name and email.
    Google Privacy Policy
  • Apple Sign-In — Used for account authentication, primarily on iOS. Apple
    provides us with your name and email (or a private relay email, if you choose to hide your email).
    Apple Privacy Policy
  • Mapbox — Provides map rendering for venue discovery and geocodes the zip
    code you provide. Your approximate location and/or zip code is sent to Mapbox for these purposes.
    Mapbox Privacy Policy
  • OneSignal — Delivers push notifications. Receives a device push token and
    OneSignal subscription/user ID. On Android, Google Firebase Cloud Messaging (FCM) is used solely
    as the transport layer for delivering these notifications — we do not use Firebase
    Analytics or Crashlytics. OneSignal Privacy Policy

We only share data with these services to the extent necessary to provide the App’s functionality. We
do not share your data with any other third parties, and we do not sell your personal data.

4. Data Storage & Security

Your data is stored on Supabase’s cloud infrastructure, which uses industry-standard security measures
including encryption in transit (TLS) and encryption at rest. Access to the database is protected by
row-level security policies that ensure you can only access your own data.

While we take reasonable measures to protect your information, no method of electronic transmission or
storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining
appropriate safeguards.

5. Camera & Location Permissions

Camera

The App requests camera access for two purposes: barcode scanning (to look up products
by their UPC code) and product photography (to capture images of bottles for your
personal collection). Camera access is optional — you can use the App without granting this
permission, though barcode scanning and photo features will be unavailable.

Location

The App requests location access to display nearby venues on a map. When granted, your device’s
current coordinates are used, on a transient basis, by our backend (Supabase) to query for venues in
your area, and your approximate location is also shared with Mapbox to render the map. Full details
of how this data is used and shared are in Section 1.4. Location access is optional — you can
use the App without granting this permission, though the venue map will not automatically center on
your area and some map-based features may be limited.

6. Minimum Age & Children’s Privacy

The App is intended for users who are 21 years of age or older. Because the App
relates to alcoholic beverages, we require all users to confirm their date of birth during account
setup, and the App enforces a minimum age of 21 before granting access to its features. We do not
knowingly collect personal information from anyone under the age of 21. If we learn that we have
collected personal information from a user under 21, we will take steps to delete that information
promptly. If you believe a person under 21 has provided us with personal data, please contact us at
the email address in Section 11.

7. Data Retention & Deletion

We retain your account data and user-generated content for as long as your account is active.

Self-Service Deletion (In-App)

You can permanently delete your account and its associated data at any time directly within the App:
go to Settings → Account → Delete My Account. This initiates deletion of
your profile, authentication credentials, and associated content as described below.

Deletion by Email Request

You may also request deletion by emailing us at
privacy@pourlydone.com.

Upon a deletion request (in-app or by email), we will:

  • Remove your consumer profile and account data
  • Delete your tasting notes, reviews, check-ins, venue subscriptions, and home bar inventory records
  • Delete your uploaded product photos from cloud storage
  • Remove your push-notification subscription from OneSignal
  • Remove your authentication credentials from our system

Deletion is typically completed within 30 days of your request. Some data may be retained in encrypted
backups for a limited period before being purged through normal backup rotation.

8. Your Rights (EU/EEA Users — GDPR)

If you are located in the European Union or European Economic Area, you have the following rights under
the General Data Protection Regulation (GDPR):

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct inaccurate or incomplete data.
  • Right to erasure — You can request that we delete your personal data.
  • Right to restrict processing — You can ask us to limit how we use your data.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to the processing of your personal data.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time.

Our legal basis for processing your personal data is your consent (provided when you
create an account and use the App) and our legitimate interest in providing and improving
the App’s services. To exercise any of these rights, please contact us at the email address in Section 11.

9. Your Rights (California Users — CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the
following rights:

  • Right to know — You can request information about what personal data we collect, use, and disclose.
  • Right to delete — You can request deletion of your personal data.
  • Right to opt out of sale — We do not sell your personal data, so this right does not apply. However, you may still make this request and we will confirm that no sale has occurred.
  • Right to limit use of sensitive personal information — Precise geolocation is considered “sensitive personal information” under the CCPA. We only use it to provide core App functionality (showing nearby venues, as described in Section 1.4), and you may withdraw location permission at any time in your device settings.
  • Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at the email address in Section 11. We will respond
to verifiable requests within 45 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the
“Effective Date” at the top of this page. If we make material changes, we will notify you through the
App or by other appropriate means. We encourage you to review this policy periodically to stay
informed about how we protect your data.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to
report a privacy concern, please contact us:

Pourly Done

Email: privacy@pourlydone.com

© 2026 PourlyDone. All rights reserved.