What we collect and why

Privacy Policy

Last updated: April 12, 2026

This explains what data doilikethisipa collects and what we do with it. It's written in plain English because legal documents nobody reads are useless.

What we collect

When you sign up:

  • Your email address, needed to sign in
  • A hashed password if you set one (we can't read your actual password, only verify it)
  • A timestamp confirming you told us you're 21+

When you use the app:

  • Beer photos you take or upload, stored on our server, shown in your history
  • Ratings (thumbs up/down), fed into the recommender
  • Your taste profile, slider positions, dislikes, and freeform notes
  • Scan activity, what you scanned and when

Basic server logs, automatically:

  • Your IP address, for rate limiting and security, kept 30 days
  • Your browser type (user-agent), for debugging compatibility, kept 30 days

That's everything. We don't use Google Analytics, Facebook Pixel, or any tracking libraries.

What we do with it

Everything we store is used for one thing: making your next scan smarter.

  • Photos go to the Claude AI service for beer identification, then the results come back to you. Claude doesn't train on API inputs and doesn't keep your photos.
  • Ratings and profile feed our personalization scorer, which runs on our own server.
  • Your email is used for sign-in magic links and, occasionally, a service announcement.

Who we share it with

Nobody, except:

  • Anthropic (maker of Claude) gets your beer photos when you scan. They're governed by Anthropic's commercial terms, which say they don't train on or store API inputs.
  • Optionally, Google (for the Gemini AI backend) or OpenAI (GPT), if we've configured those instead of Claude. Same rules apply.
  • Hetzner, our hosting provider, stores the database and uploaded files.
  • GitHub stores our source code. Not your data.
  • Law enforcement, only if served with a valid legal order. This has never happened.

We don't sell, rent, or give your data to advertisers. We don't have advertisers.

How long we keep it

  • Your account data, until you delete your account
  • Photos, same (you can delete individual scans from history)
  • Server logs, 30 days, then auto-purged
  • Deleted user data, purged from production immediately, from backups after 30 days

Your rights

You can:

  • See everything we have on you, sign in and browse Profile and History
  • Correct it, edit any field in your profile
  • Delete it, the "Delete account" button at the bottom of Profile wipes you immediately
  • Export it, email hello@doilikethisipa.com and we'll send you a JSON dump within a week
  • Ask questions, same email

If you're in California, the CCPA gives you some of these rights explicitly. If you're in the EU, GDPR does. We extend them to everyone by default because it's simpler.

Cookies

We use exactly one cookie: a session cookie that keeps you signed in. It's HttpOnly (can't be read by JavaScript), Secure (HTTPS only), and SameSite=Lax (not shared across sites). It expires when you sign out or after 30 days of inactivity.

No third-party cookies. No tracking pixels. No fingerprinting.

Children

doilikethisipa is for adults 21+ only (the legal drinking age in the United States). We don't knowingly collect data from anyone under 21, let alone under 13 (which would trigger COPPA). If you think your child has an account, email us and we'll delete it.

Changes

When this policy changes, we update the date at the top. Meaningful changes get an email. Cosmetic changes like typo fixes don't.

Contact

hello@doilikethisipa.com.

That's the whole thing. Thanks for caring about your privacy.

← Back to home