1. Data we collect
When you sign up:
- Email address.
- Password, stored as a one-way hash. We never see the plain text.
- Full name, if you choose to provide it.
When you use the app:
- Businesses you create, including name, currency, and country.
- Books and transaction entries, including amount, date, direction, optional category, contact, payment method, note, and photo attachment.
- Team member roles and activity logs for businesses with members.
When you send feedback through Settings → Feedback in the app, or the contact form on our website:
- The message you write.
- Your email address.
- Device information attached automatically, including device model, OS version, and app version.
- Timestamp.
Automatically:
- Crash reports and error stack traces through Sentry to help us fix bugs.
- Device model, OS version, and app version.
- IP address, logged by our servers for security and abuse prevention. We do not use IP addresses to identify individuals.
We do not collect your location, phone contacts, photos beyond what you attach, browsing history, biometric data, or health data.
2. How we use it
- To run the app: store your books, sync across devices, and generate reports.
- To verify it is you: send sign-in codes and password resets via email.
- To read and respond to feedback you send through the in-app feedback form or our contact page.
- To find and fix bugs using crash reports.
- To prevent fraud, spam, and abuse.
3. Third parties we share data with
- Supabase hosts our database and authentication. Your account email, transactions, and other app data are stored on their AWS infrastructure in the us-east-1 region, United States.
- Resend delivers our transactional emails. Resend receives your email address and the message content.
- Sentry receives crash reports and anonymized session metadata. Personal data is scrubbed from error reports.
- Vercel hosts our website and provides anonymous, cookie-free visitor counts.
We have agreements with these providers requiring them to protect your data and use it only to provide their services to us.
4. International data transfers
Your data is processed and stored on servers in the United States through Supabase and AWS us-east-1. By using Birrbook, you consent to this transfer.
5. Security
We use industry-standard practices to protect your data:
- All traffic between your device and our servers is encrypted.
- Passwords are hashed before storage.
- Database access is restricted so users can only access their own businesses' data.
No system is 100% secure. We cannot guarantee absolute security, but we work to protect your data against unauthorized access.
6. Legal disclosure
We may disclose your data if required to do so by law or in response to valid requests from public authorities, such as a court or government agency, or where we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation.
- Protect our rights or property.
- Prevent or investigate possible wrongdoing.
- Protect the safety of users or the public.
7. Data retention and deletion
We keep your data while your account is active.
You can delete your account at any time:
- In the app: Settings → Profile → Delete account.
- On the website: birrbook.com/delete-account.
- By contacting us: birrbook.com/contact.
After deletion, your data is permanently removed within 30 days. This window covers our backup rotation. We may retain anonymized aggregate metrics and any records required by Ethiopian law, such as tax records.
8. Children
Birrbook is for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe a child has created an account, contact us through birrbook.com/contact and we will delete it.
9. Changes to this policy
If we make material changes, we will notify you by email at least 14 days before they take effect. The "Last updated" date above will reflect the latest revision.
10. Contact
Contact form: birrbook.com/contact
Address: Birrbook, Addis Ababa, Ethiopia