BrewForge
BrewForge

Privacy Policy / Datenschutzerklärung

Last updated: February 2026

1. Responsible Party

Bernd Strehl
Rosenweg 53a
22926 Ahrensburg, Germany
E-mail: bernd@brewforge.sh

2. Data We Collect

  • Account data: Name, email address, and password hash when you create an account.
  • Brew data: Recipes, brew logs, inventory, and other content you enter into BrewForge.
  • Usage data: IP address, browser type, pages visited, and timestamps for security and service improvement.
  • Payment data: Processed entirely by Polar (our Merchant of Record). We do not store credit card numbers or payment details.

3. Legal Bases (GDPR Art. 6)

  • Art. 6(1)(b) — Contract performance: Processing your account and brew data is necessary to provide the BrewForge service.
  • Art. 6(1)(f) — Legitimate interest: Usage data processing for security, fraud prevention, and service improvement.
  • Art. 6(1)(a) — Consent: Where applicable (e.g., optional marketing emails).

4. Cookies

BrewForge uses only essential cookies for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required.

5. Data Processors

We use the following third-party services to operate BrewForge:

  • Vercel Inc. (San Francisco, USA) — Hosting and content delivery. Data processing agreement with EU Standard Contractual Clauses (SCCs) in place.
  • Neon Inc. (USA) — PostgreSQL database hosting. Data stored in AWS eu-central-1 (Frankfurt). SCCs in place.
  • Polar Software Inc. (USA) — Merchant of Record for payment processing. Polar acts as an independent controller for payment-related data.
  • Resend Inc. (USA) — Transactional email delivery. SCCs in place.

6. International Transfers

Some of our data processors are located in the United States. Data transfers to the US are safeguarded by EU Standard Contractual Clauses (SCCs) as required by GDPR Art. 46(2)(c).

7. Data Retention

  • Account and brew data: Retained until you delete your account. Upon account deletion, all personal data is removed within 30 days.
  • Server logs: Retained for up to 30 days for security purposes.
  • Payment records: Retained by Polar according to their retention policy and tax law requirements.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — Request a copy of your personal data.
  • Right to rectification (Art. 16) — Correct inaccurate data.
  • Right to erasure (Art. 17) — Request deletion of your data.
  • Right to restriction (Art. 18) — Restrict processing of your data.
  • Right to data portability (Art. 20) — Receive your data in a machine-readable format.
  • Right to object (Art. 21) — Object to processing based on legitimate interest.

To exercise any of these rights, contact us at bernd@brewforge.sh.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for Schleswig-Holstein is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98, 24103 Kiel
www.datenschutzzentrum.de

9. Contact

For any questions about this privacy policy or your personal data, contact: bernd@brewforge.sh