privacy policy.

We collect the information you give us when you sign up and rate cafes. We use it to run medrinky, show your ratings to other users, and send the occasional account email. We don't sell your data, we don't serve ads, and you can delete your account at any time.

• Account info: email, password (hashed), display name, username, optional state/country, your avatar choices.
• Content you create: ratings, drink notes, photos, cafe submissions, follow relationships, store purchases.
• Usage data: basic logs (IP, user-agent, timestamps) for security and abuse detection. We retain these for up to 90 days.
• Approximate location: only if you grant the browser's geolocation prompt, and only used to center the map and find nearby cafes. We don't store your precise location on our servers.

We don't collect Social Security numbers, payment info (the store uses an internal credit system, not real money), or sensitive categories like health or political affiliation.

Account and content data is stored in our Supabase database (Postgres) hosted in the United States. Photos go to Supabase Storage. We use industry-standard encryption in transit (HTTPS) and at rest.

• Supabase: our database and auth provider. They only process data to provide service to us.
• Mapbox: when you load the map, your browser requests tiles from Mapbox. They see your IP. We don't share your account info with them.
• Traverra: we cross-check cafe submissions against their public-places API. We send the cafe name and address, not your account.
• Cloudflare Turnstile: captcha on signup. They see your IP and a token; no account data.
• Email provider: for account confirmations and password resets. They process your email address only.

We may also disclose data when required by law, when necessary to investigate abuse, or to a successor in the event of a merger or acquisition.

You can:

• Access: see your data via your profile and settings pages, or request a JSON export by emailing us.
• Correct: edit your profile, ratings, and avatar anytime in Settings.
• Close: close your account from Settings → Account. Your profile is hidden and your reviews show “deleted user” instead of your name; we retain your account data so it can be reopened on request. To have your personal data permanently erased instead, use the contact form (see below).
• Object / restrict: email us if you want to limit how we process your data.

If you're in the EU/UK or California, you have additional rights under GDPR / CCPA, and can lodge a complaint with your local data protection authority. Use our contact form to exercise any of these.

medrinky is not for kids under 13. We don't knowingly collect their info. If you believe a child under 13 has signed up, use our contact form and we'll delete the account promptly.

We use cookies for authentication (your session) and basic preferences (your theme). We don't use third-party tracking cookies, ad cookies, or fingerprinting.

When this Policy changes materially, we'll update the version at the top and prompt you to re-accept on your next sign-in.

Privacy questions, requests, or to reach our privacy contact, use our contact form.