Privacy Policy
This policy explains what data Beean collects, how it's used, and the rights you have over it. Beean is a coffee-shop rating and discovery app for iOS. It is operated by the developer listed in the App Store listing ("we", "us").
If you have any questions or want to exercise a right described below, email jyo@beean.app.
1. Summary
- We collect the minimum data needed for the app to work: your sign-in identity, your coffee-shop ratings, and - only if you enable it - your location so friends you've added can see where you are.
- We do not sell your data. We do not share your data with advertisers. We do not track you across other apps or websites.
- You can delete your account and all associated data from inside the app at any time.
2. What data we collect
2.1 Account data
When you sign in with Apple or Google, we receive an account
identifier and an email address. If you use Sign in with Apple's
"Hide My Email" feature, we receive a private relay address (e.g.
someone@privaterelay.appleid.com); we accept this and
do not require your real email. If Apple provides your name on first
sign-in, we store it so your profile isn't blank.
2.2 Profile data
Your chosen username, avatar color, display name, optional social handles (Instagram, X, Pinterest, Letterboxd), and your signature drawing.
2.3 Ratings and notes ("beeans")
For each coffee shop you rate: the shop's name, address, coordinates, your per-axis scores, any optional written note, and a rendered share card image.
2.4 Location data
Precise location from CoreLocation, used in two ways:
- Foreground: to center the map on where you are and suggest nearby shops.
- Background (optional): if and only if you enable "Share location with friends" in Settings, we upload your approximate position (~500 m significant-change precision) to Firestore so the friends you've added can see you on their map. You can turn this off at any time; when you do, the stored location is deleted.
We request "While Using" permission first. We only request "Always" permission when you explicitly opt into background sharing.
2.5 Friend graph and social content
Accepted friendships, friend requests, comments you post on beeans, and hearts/likes. Comments and hearts are visible to you, the beean's author, and their accepted friends.
2.6 Photo library (add-only)
When you save a share card to your photo library, iOS grants the app add-only access. We do not read or index your existing photos.
2.7 Diagnostic data
Anonymous crash logs and performance metrics may be collected by Firebase and Mapbox so we can identify bugs. This data is not linked to your identity.
3. How we use your data
- To provide the app: rendering the map, storing and displaying your beeans, syncing data between your devices, and sharing content with friends you've added.
- To sign you in: via Firebase Authentication using Apple or Google identity tokens.
- To diagnose problems: anonymous crash and performance data, via Firebase and Mapbox.
We do not use your data for advertising, profiling, or cross-app tracking. We do not display Apple's App Tracking Transparency prompt because we do not track you in the way that permission governs.
4. Who processes your data
Beean runs on third-party infrastructure. These processors only receive data necessary to perform the service and are bound by their own privacy obligations:
| Processor | What they receive | Purpose |
|---|---|---|
| Firebase (Google) - Authentication, Firestore, Storage, Crashlytics | Account identifier, profile, beeans, comments, hearts, friend graph, location (only if enabled), anonymous crash logs | Storage, sync, authentication, crash reporting |
| Apple - Sign in with Apple | Account identifier, name (first sign-in), email (or relay) | Authentication |
| Google - Google Sign-In | Account identifier, email, name | Authentication |
| Mapbox | Approximate geographic area being viewed, anonymous map-tile telemetry | Map rendering |
| OpenStreetMap (public data) | Coffee-shop name/address queries | Shop data source; no user data sent |
Firebase and Google may transfer data to the United States under Google's standard contractual clauses. Mapbox data may be processed in the United States.
5. Data retention
- Account, profile, beeans, friendships: kept until you delete your account.
- Location (if sharing is on): the current location document has a 7-day TTL and is overwritten on every significant movement; the document is deleted immediately when you turn sharing off.
- Crash logs: retained by Firebase Crashlytics for up to 90 days.
- Deleted account data: removed from Firestore immediately. Backups and infrastructure logs may retain copies for up to 30 days before they are purged.
6. Your rights
You have the right to:
- Access the data we hold about you - email us and we will export your Firestore documents.
- Correct your username, profile, and content directly in the app.
- Delete your account and all associated data from Profile → Delete Account inside the app. Deletion removes your profile, all your beeans (and their comments/hearts/cards), saved cafes, friendships, location data, and signs you out of Firebase Authentication. It also removes your comments and hearts left on friends' beeans.
- Opt out of background location sharing at any time from Profile → Share location with friends.
- Port your data by requesting an export via email.
- Complain to a supervisory authority (e.g. your national data-protection regulator in the EU/UK, or the California Attorney General under the CCPA).
We do not sell your personal information. Under the California Consumer Privacy Act ("CCPA"), you have the right to opt out of the sale of personal information - this right does not apply to Beean because we do not sell data, but we respect it regardless.
7. Children
Beean is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, email us and we will delete it.
8. Security
Data is transmitted over TLS. Firebase Authentication tokens and session state are stored in the iOS Keychain. Firestore security rules restrict access so that other users can only read what you've shared with them (your accepted friends for profile/beeans/location; no one for private ratings you haven't posted).
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you within the timeframe required by applicable law.
9. Changes to this policy
We may update this policy as the app evolves. The "Last updated" date at the top will reflect the most recent revision. Material changes will be surfaced in-app when you next open it.
10. Contact
Beean
Email: jyo@beean.app
For EU users: you have the right to contact a data-protection supervisory authority directly. We are happy to assist with any request before you do.