Privacy & data
What BatchBrew stores, where it lives, who can see it, and how to get it out.
Short version: your data is yours. We store as little as we can, never sell or share it, and you can delete everything at any time.
What we store
| Data | Where | Why |
|---|---|---|
| Email + password (hashed) | Supabase Auth | Sign-in |
| Display name, currency | Supabase Postgres | Your profile |
| Materials, recipes, production logs | Supabase Postgres | The whole point of the app |
| Subscription status (plan, cancellation date) | Supabase Postgres | Knowing what features to enable |
| Stripe customer ID | Supabase Postgres | Linking you to your Stripe billing record |
| Card details, payment history | Stripe | Billing. Harbour Labs never sees these |
Where it's hosted
- Supabase in the EU (Frankfurt region)
- Stripe in their PCI-compliant infrastructure
- Resend sends transactional email (password reset, account confirmation). Emails are sent and not retained beyond delivery logs
Who can see your data
You, and only you. Database access uses Supabase row-level security, which means even at the database layer your materials, recipes, and logs are scoped to your user ID. No other BatchBrew user can read, update, or delete your records.
The only humans with access are Matt (the developer) for support purposes, and only if you ask for help via support email.
What we don't do
- No third-party analytics inside the app. Vercel collects anonymised Web Vitals on the marketing site, that's it.
- No marketing emails. The only email we send is transactional: account confirmation, password reset, billing notices.
- No selling, sharing, or licensing your data. Ever.
- No tracking pixels, no ad networks, no fingerprinting.
Exporting your data
Built-in export is on the backlog. In the meantime, email support and we'll send you a JSON dump of everything you've created. Usually within a working day.
Deleting your data
See Uninstall for the account deletion flow. The short version: Settings → Delete my account → type DELETE to confirm. We cancel any active Stripe subscription, delete your auth user, and cascade the deletion through every table: materials, recipes, logs. Within minutes, nothing of yours remains in our systems.
Cookies
The marketing site (harbourlabs.app) uses Termly's cookie banner. See the cookie policy for the full breakdown. The app itself only uses essential session cookies for authentication. No analytics or tracking cookies.
Questions
Anything not covered here, email support.