Privacy Policy

PRIVACY POLICY
Last updated: August 24, 2025

This Privacy Policy explains how Brim (“Brim,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our websites, apps, and services that help you find and generate food and cocktail recipes based on what’s in your kitchen (the “Service”). By using the Service, you agree to this Privacy Policy and our Terms & Conditions. If you do not agree, do not use the Service.

1) Who we are & how to contact us
Data Controller: Brim
Contact: hello@usebrim.com
If you are in the EEA/UK: you may contact us at the same address. If we appoint an EU/UK representative, we will update this notice.

2) What we collect
A) Information you provide
• Account details (e.g., name, email, password or SSO ID)
• Profile info (display name, avatar)
• Pantry/bar items, shopping lists, saved/favorited recipes, notes, ratings, tags
• Searches, filters, substitutions you add, and match/preferences
• Feedback, support requests, and content you upload (including images)
• Referral codes and basic referral metadataB) Information collected automatically
• Device and usage data (IP address, device/browser type, OS, language, pages viewed, buttons tapped, session timestamps)
• Diagnostic/crash data
• Approximate location from IP (country/region)
• Cookies, SDKs, and similar tech for authentication, preferences, and analyticsC) Information from others
• Social sign-in providers (if you choose to connect)
• People who send you referrals or share content with you
• Service providers (security, fraud prevention) and analytics partnersSensitive info: We do not seek to collect health or medical data. You may optionally provide dietary preferences (e.g., vegetarian, gluten-free).

3) How we use information
We use information to:
• Provide and maintain the Service (account, authentication, syncing)
• Generate and personalize recipe matches and suggestions
• Communicate with you (service messages, feature updates, transactional emails)
• Process referrals, sharing features, and community interactions
• Analyze, debug, and improve performance and reliability
• Enforce our Terms, prevent fraud/abuse, and ensure safety
• Comply with legal obligations
• With your consent, send marketing communicationsWe may use automated systems (including rules and AI) to personalize results. Automated outputs can be imperfect; you remain responsible for safe food handling and lawful alcohol use.

4) Legal bases (EEA/UK only)
Where GDPR/UK GDPR applies, we process your data based on: (i) performance of a contract (provide the Service); (ii) legitimate interests (e.g., security, improvement, personalization compatible with your expectations); (iii) consent (e.g., marketing, certain cookies); and/or (iv) legal obligations.

5) Sharing of information
We share information with:
• Service providers under contract who process data on our behalf (e.g., hosting/infrastructure, authentication, database/storage, analytics/diagnostics, email/push messaging, customer support, crash reporting)
• Social/media platforms when you choose to share content or use social login
• Affiliates and partners for operational purposes (not their own marketing)
• Successors in a merger, acquisition, or asset sale
• Law enforcement or others when required by law or to protect rights and safetyWe do not allow service providers to use your personal data for their own independent advertising.Current core infrastructure examples:
Supabase (authentication, database, file storage), Expo/Apple/Google (platform services, diagnostics). If our vendor list changes materially, we will update this notice.California “sell/share” status: We do not “sell” personal information or “share” it for cross-context behavioral advertising as defined by California law. If that changes, we will update this notice and provide required opt-out controls.

6) Cookies and similar technologies
We use cookies/SDKs to keep you signed in, remember preferences, measure usage, and (if enabled) assess marketing performance. Browser controls and, where required, a cookie banner let you manage preferences. Disabling certain cookies may limit features.Do Not Track: We do not respond to DNT signals today. Where legally required, we treat Global Privacy Control (GPC) as an opt-out of targeted advertising.

7) Your choices
• Account settings: update your profile and preferences in the app/site
• Email/SMS: use unsubscribe links or reply STOP (for SMS)
• Push notifications: control in your device settings
• Sharing/referrals: share at your discretion; shared links may identify you to recipients (e.g., via referral code)

8) Your rights
Depending on your location, you may have rights to:
• Access, correct, or delete your information
• Port your data
• Object to or restrict certain processing
• Withdraw consent (where processing is based on consent)
• Appeal a rights decision (certain U.S. states)

How to exercise: email privacy@usebrim.com. We will verify your request and respond within the time required by law. Authorized agents may submit requests where permitted.California/Colorado/Connecticut/Virginia/Utah residents:
• You may have a right to opt out of targeted advertising and certain “sharing.” Use our Privacy Choices page (if applicable) or email us.
• We do not use “sensitive” personal information for purposes that require a “Limit Use” link under California law.
• We will not discriminate against you for exercising your privacy rights.EEA/UK residents:
You may lodge a complaint with your local data protection authority. We encourage you to contact us first.

9) Data retention
We keep personal data while your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. We may retain aggregated or de-identified data that does not identify you.

10) Security
We use reasonable administrative, technical, and physical safeguards to protect personal data. No system is 100% secure. You are responsible for protecting your account credentials.

11) Children & alcohol content
The Service is not directed to children under 13, and they may not create an account. Users must be of legal drinking age in their jurisdiction to access cocktail content. If you believe a child provided personal data, contact us to delete it.

12) International transfers
We may process and store information in countries outside your own. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

13) User-generated content
Content you post in public areas (e.g., public comments or shared collections) may be visible to others and indexed by search engines. Only post content you’re comfortable making public.

14) AI/algorithmic personalization
We use automated systems to rank, match, and suggest recipes and substitutions, and we may use aggregated/de-identified data to improve models and features. We do not expose your private notes or account details publicly.

15) Changes to this Policy
We may update this Privacy Policy. If changes are material, we will provide notice (e.g., email or in-app). The updated Policy takes effect on the “Last updated” date above.

16) Contact
Questions or requests? Email hello@usebrim.com or privacy@usebrim.com.