Privacy Policy
Steeped is an iOS app that analyzes photos of coffee bags and builds a personal coffee library. This policy describes what we collect, why, and what happens to it. We collect only what the app needs to work, we don't run ads, we don't use trackers, and we never sell your data.
What we collect
- Account information. Your name and email address when you create an account (or the name and email shared by Apple or Google if you sign in with them — including Apple's private relay address if you choose to hide your email). Passwords are stored only as secure hashes by our authentication provider.
- Coffee photos. The photos of coffee bags you take or select for analysis.
- Analysis results and library data. The coffee details produced from your photos (origin, roast, tasting notes, brew guides) and the collections and favorites you create.
- Preferences. Settings such as which brewing devices you own.
We do not collect your location, contacts, advertising identifiers, or analytics profiles, and the app contains no third-party advertising or tracking SDKs.
How your data is used
- Photo analysis. When you analyze a coffee bag, the photo is sent to Perplexity's Sonar API, an AI service that identifies the coffee and researches it on the public web. The photo is transmitted for this analysis and the results are returned to your library.
- Storage and accounts. Your account, library, and images are stored with Supabase, our hosting and database provider. Access to your data is restricted to your account by row-level security.
- Source icons. When the app shows the websites used to research a coffee, it fetches each site's icon via Google's favicon service — only the website's hostname is shared, never your personal data.
That's the whole list. Your data is used to run the app's features — nothing else.
Sharing
We share data only with the service providers named above (Supabase, Perplexity, Google's favicon service, and Apple or Google if you sign in with them), only as needed to operate the app. We do not sell or rent personal information, and we don't share it for advertising.
Retention and deletion
Your data is kept while your account exists. You can delete your account at any time in the app (Account → Delete Account); this permanently removes your account, your coffee library, your photos, and revokes Sign in with Apple access. Deletion is immediate and irreversible.
Security
All traffic uses HTTPS/TLS. Data access is enforced per-account with row-level security, and sessions are stored in the iOS keychain on your device.
Your rights
Depending on where you live (for example under GDPR or the CCPA), you may have rights to access, correct, export, or delete your personal data. The in-app account deletion covers erasure; for anything else, contact us and we'll help.
Children
Steeped is not directed at children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect data from them.
Changes
If this policy changes, we'll update this page and its effective date. Material changes will be called out in the app.
Contact
Questions or requests: support@steeped.io