BeanHoard
Want to help support this project? Ko-Fi tips are welcome!

Privacy Policy

Last Updated: March 6, 2026

This Privacy Policy explains how BeanHoard collects, uses, and protects your personal information.

The Short Version

  • We collect your Discord info (username, ID, email, avatar) when you log in
  • We use it to send you coffee notifications and manage your subscription
  • We store it in our database until you delete your account
  • We don't sell your data to anyone
  • We do not collect any additional personal information beyond what is necessary for the service
  • We use Stripe for payments (they have their own privacy policy)
  • You can delete your account anytime

What Information We Collect

Information You Provide

When you log in with Discord OAuth, we collect:

  • Discord User ID (unique identifier)
  • Discord Username (your display name)
  • Email Address (from your Discord account)
  • Avatar URL (your Discord profile picture)

Notification Preferences

If you subscribe to notifications, we store:

  • Enabled Regions (which regions you want notifications for)
  • Enabled Roasters (which roasters you want to follow)

Subscription Information

Managed by Stripe, but we store references:

  • Stripe Customer ID
  • Stripe Subscription ID
  • Subscription Status (active, canceled, past_due, etc.)
  • Current Period End

Usage Analytics (Anonymous)

We track basic usage patterns:

  • Page views, Search queries, Click tracking
  • IP addresses (hashed with SHA-256, cannot be reversed to identify you)

These analytics are not linked to your Discord account — fully anonymous.

Note on IP storage:

  • For analytics: IPs are hashed (one-way encryption) before storage and mixed with the current date
  • For abuse prevention: IPs may be stored in plaintext only if manually flagged for suspicious activity
  • Railway (our hosting provider) may log IP addresses in their infrastructure logs, subject to Railway's Privacy Policy

How We Use Your Information

Primary Uses

  1. Send Discord Notifications — DM you when new coffees match your preferences
  2. Manage Your Subscription — Track billing status and entitlements
  3. Display Your Profile — Show your username/avatar when logged in
  4. Improve the Service — Understand what coffees/roasters are popular

We Do NOT

  • Sell your data to third parties
  • Use your email for marketing (we only have it from Discord OAuth)
  • Share your Discord info with roasters or other users
  • Track you across other websites

How We Store Your Information

PostgreSQL database on Railway. Standard security: HTTPS, encrypted connections, no plaintext passwords.

Data Retention:

  • Account data: stored until you delete your account
  • Subscription history: retained for 7 years (tax/legal requirement)
  • Anonymous analytics: retained indefinitely

Third-Party Services

Stripe (payment processing)

Discord (authentication and notifications)

Railway (hosting provider)

Your Rights

Access Your Data

View on the /notifications page:

  • Profile tab: Discord username, email, avatar, account creation date
  • Subscription tab: Current plan, billing status, next payment date
  • Notification Settings tab: Your filter preferences

Delete Your Data

Notifications page (Profile tab):

  • Immediately cancels your subscription
  • Deletes your Discord account info, preferences, and notification settings
  • Subscription history retained for 7 years (legal requirement)

Export Your Data

Contact markmesich29@gmail.com to request a JSON export.

Opt-Out of Analytics

Use privacy-focused browsers or extensions (uBlock Origin, Privacy Badger). Our analytics are basic and don't track you across sites.

Data Sharing & Disclosure

We Share Data With

  1. Stripe — customer ID and subscription info (required for payment processing)
  2. Discord — your user ID (required to send DM notifications)

We May Disclose Data If

  • Required by law (subpoena, court order, legal process)
  • Necessary to prevent fraud or abuse
  • Part of a business sale/merger (you'd be notified)

We will never sell your personal information to advertisers or data brokers.

Children's Privacy

BeanHoard is not intended for users under 13. We don't knowingly collect information from children. If you believe a child has provided us data, contact us and we'll delete it.

International Users

BeanHoard is operated from the United States. If you're accessing from outside the United States, your data may be transferred and stored on servers in the United States. By using BeanHoard, you consent to this transfer.

Changes to This Policy

We may update this policy occasionally. Material changes will be announced via:

  • Notice on the BeanHoard homepage
  • Email to all users

Continued use after changes means you accept the updated policy.

Cookies

We use minimal cookies:

  • admin_token — authentication for admin panel (httpOnly, secure)
  • user_token — authentication for logged-in users (httpOnly, secure)

No tracking cookies, no third-party advertising cookies.

Contact Us

Questions about privacy or data deletion requests?

Email: markmesich29@gmail.com

We'll respond within 7 business days (probably faster — we check email daily).

GDPR Compliance (EU Users)

If you're in the EU, you have additional rights under GDPR:

  • Right to Access — request a copy of your data
  • Right to Rectification — correct inaccurate data
  • Right to Erasure — delete your account and data
  • Right to Portability — export your data in a machine-readable format
  • Right to Object — opt out of data processing

To exercise these rights, email markmesich29@gmail.com.

Legal Basis for Processing:

  • Consent — you opted in by creating an account
  • Contract — necessary to provide the notification service you subscribed to
  • Legitimate Interest — analytics to improve the service

California Privacy Rights (CCPA)

If you're a California resident, you have rights under CCPA:

  • Right to know what data we collect
  • Right to delete your data
  • Right to opt-out of data sales (we don't sell data, so this doesn't apply)

Contact markmesich29@gmail.com to exercise these rights.

Summary: We collect minimal data (just what Discord gives us + your notification preferences), we use it to send you coffee notifications, and we don't sell it to anyone. You can delete your account anytime.