Privacy Policy

1. Controller

The controller responsible for data processing on this website and in the Barista Journal app is:

Jonathan Weisshaar
Froweinstraße 27
42275 Wuppertal
Germany
Email: baristajournal@icloud.com

2. Overview of Data Processing

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR, BDSG) and this privacy policy.

3. Information We Collect

We collect the following types of information:

• Account Information: If you use cloud sync, we generate a unique identifier (token) or an anonymous username to link your data to a PocketBase backend.
• App Data: Data about your coffee beans, equipment, and brew sessions (shots, yields, ratings) is stored locally on your device and synced to your designated server.
• Usage Data & Diagnostics: Anonymous usage data and crash reports provided by Apple via TestFlight to help us improve the App.
• Media: Photos you explicitly attach to your sessions or equipment entries.
• Server Log Files: When you visit this website, your browser automatically transmits certain data for technical reasons. The following data is recorded: date and time of access, browser type/version, operating system, referrer URL, IP address of the requesting computer. This data is not merged with other data sources.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

• Art. 6(1)(a) GDPR – Consent: Where you have given us explicit consent to process your data for a specific purpose (e.g., enabling cloud sync).
• Art. 6(1)(b) GDPR – Contract Performance: Where processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract (e.g., providing the App's core functionality).
• Art. 6(1)(f) GDPR – Legitimate Interests: Where processing is necessary for purposes of our legitimate interests, such as improving the App and ensuring security, unless overridden by your interests or fundamental rights.

5. How We Use Your Information

Your information is used to:

• Provide, operate, and maintain the App's core functionality.
• Sync your data across devices using our self-hosted PocketBase backend.
• Analyze app performance and resolve bugs.
• Facilitate community recipe sharing if you choose to mark records as "Public".

6. Data Storage, Security and Retention

Your data is primarily stored locally on your device using SwiftData. If you enable sync, data is securely transmitted to our PocketBase API. We host the database ourselves on our own servers within Germany/EU to ensure your data is kept private and secure.

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law. When you delete your account or request data deletion, your data will be removed from our servers within 30 days.

7. Third-Party Services

This website uses the following third-party services:

• Google Fonts: This website uses fonts provided by Google LLC. When you access our website, your browser loads the required fonts from Google's servers, which may transmit your IP address to Google. This is based on Art. 6(1)(f) GDPR (legitimate interest in a uniform and appealing presentation). Google's privacy policy: https://policies.google.com/privacy.
• Font Awesome (cdnjs/Cloudflare): This website uses icons from Font Awesome, delivered via the Cloudflare CDN. When loading these resources, your IP address may be transmitted to Cloudflare. Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/.
• Apple TestFlight: The App is distributed via Apple TestFlight. Apple collects anonymous usage and crash data. Apple's privacy policy: https://www.apple.com/legal/privacy/.

8. Sharing Your Personal Information

We do not sell or rent your personal information. Data marked as "Public" by you (such as public equipment templates or community recipes) will be visible to other users of the App querying the same backend.

9. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

• Right of Access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed and to request access to that data.
• Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data.
• Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data, provided there is no legal obligation to retain it.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data under certain conditions.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests at any time.
• Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at baristajournal@icloud.com.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The competent supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2–4
40213 Düsseldorf
Website: https://www.ldi.nrw.de

11. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the "https://" in the address bar of your browser.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in order to reflect changes to our practices or for other operational, legal, or regulatory reasons. The current version is always available on this page.

13. Contact Us

For more information about our privacy practices or if you have questions, please contact us at baristajournal@icloud.com or via the feedback mechanism in TestFlight.