🍻 BrewBattle beta

Privacy Policy

BrewBattle

Last updated: 21/04/2026

BrewBattle (hereinafter "Platform") is managed by a private citizen, Dario Caruso. This policy describes how personal data of users is collected, used and protected in accordance with EU Regulation 2016/679 (GDPR).

1 Data Controller

Controller: Dario Caruso

Email:

Website URL: https://brewbattle.app

2 Types of Data Collected

  • Data provided by user: name, surname, email, password (hashed), profile data.
  • Competition and Event operational data: beer information (recipes), event and tasting bookings, shipping address (if required for sending samples/prizes), uploaded files.
  • Payment data: The Platform does NOT collect or store sensitive financial data (e.g., credit card numbers). We receive from payment processors (e.g., PayPal) only the transaction outcome (transaction ID, payment status).
  • Automatically collected data: IP address (processed in memory and not stored for internal statistics), access logs, device and browser information, aggregated navigation data.
We use technical cookies for site operation. For statistics, we use a cookieless anonymous internal system.

3 Processing Purposes

  1. User account management (registration and access).
  2. Management of competition registrations, event bookings and generation of evaluation sheets (BJCP).
  3. Sending transactional communications (e.g., registration confirmations, beer status updates).
  4. Logistics management (sharing addresses with Organizers for shipping samples or prizes).
  5. Technical management, security, backup and abuse prevention.
  6. Anonymized statistical analysis on platform usage.

4 Legal Basis

Processing is based on:

  • Art. 6(1)(b) GDPR — contract execution for platform management and competition participation.
  • Art. 6(1)(f) GDPR — legitimate interest for security and abuse prevention.
  • Art. 6(1)(a) GDPR — explicit consent for analytics cookies activation (Google Analytics).

5 Processing Methods

Processing is carried out using computer tools. Adequate technical and organizational measures are adopted to ensure security. IP data collected via Analytics is anonymized (IP masking) where supported.

6 Data Retention

Category Retention Period
User account Until account deletion
Competition and Event data (Results, Bookings and History) Retained indefinitely for historical and statistical archive purposes, unless deletion is requested.
Internal Statistics Aggregated data is kept indefinitely; individual session logs are kept for 12-24 months.
Technical logs 30–180 days

7 Data Communication and Transfer

Personal data may be communicated to the following categories of recipients:

Competition Organizers (Independent Controllers)

By registering for a competition or booking an event, your data (name, email, phone, beer data, guests, shipping address) is communicated to the specific event Organizer to enable the event to take place.
Important: The Organizer acts as an Independent Data Controller for data relating to their competition. BrewBattle is not responsible for the use of data made by Organizers outside the platform.

  • Judges: access beer data in anonymized (blind judging) or pseudonymized form, limited to what is necessary for evaluation.
  • Technical providers: hosting and email infrastructure service providers (with servers located within the European Union), appointed as Data Processors.
Transfer outside EU: The use of Google Analytics may involve data transfer to the United States (Google LLC). Such transfer occurs based on Standard Contractual Clauses (SCC) and the Data Privacy Framework.

8 User Rights

Data subjects can exercise the rights provided by Articles 15-22 GDPR (access, rectification, erasure, withdrawal of consent). You can manage cookie preferences directly from the banner on the site.

To exercise rights contact:

9 Security

  • Hashed password
  • Access control (ACL)
  • Limited file access
  • HTTPS and Backup

10 Cookies and Third Parties

Technical Cookies (Necessary)

Essential for operation (session, CSRF security, language preferences). No consent required.

Analytics Cookies (Google Analytics 4)

Used to collect aggregated statistical information on site usage by users (number of visitors, pages visited, time spent).

  • Provider: Google Ireland Limited (Dublin, Ireland).
  • Data collected: IP address (anonymized), navigation data, device used.
  • Processing location: Ireland and United States (subject to adequate safeguards).
  • Activation: Only with your explicit consent via banner.

Google Privacy Policy

Internal Statistics (Cookieless)

In parallel, we use a proprietary analysis system to monitor platform usage in a completely anonymous way.

  • Method: Server-side, without the use of cookies or cross-site tracking.
  • Processed data: Anonymous hash (IP not stored), device type, browser, generic geographical origin (Country/Region).

11. Changes to the Policy

This policy may be updated. Changes will be published on this page.

This policy is provided pursuant to Regulation (EU) 2016/679 (GDPR).