brokest collects only the information necessary to operate the service and does not sell user data under any circumstances. Authentication is provided by Supabase (email magic link or OAuth), and cookies are used solely for session management.
All spot information displayed on the service is contributed and maintained by users, not automatically scraped. If you would like your personal data removed, please contact us via Send feedback in the menu.
Information We Collect. Account information (email address, handle, authentication tokens); user-contributed content (spots, dishes, prices, comments, saves, votes, freshness pings); technical information necessary for operating the service (IP address, device, browser, referrer, and approximate location where granted). We do not collect contact lists, microphone input, or background tracking data.
How We Use Information. We use collected information to operate and maintain the service, attribute contributions to authors, prevent abuse, and improve features. Our processors are Supabase (authentication, database, storage) and our map tile provider, each operating under a data processing agreement. We do not sell personal data or share it with advertisers without consent.
Your Rights. You may access, correct, export, or delete your information, including your full account. Requests may be submitted via Send feedback in the menu. Residents of the EU and United Kingdom are protected under the GDPR, residents of California under the CCPA, and we apply the same baseline elsewhere: access, correction, deletion, portability, and objection.
Retention. Account information is retained while the account remains active. User-contributed content remains in the public wiki after account closure (edits stay attributed to the author's handle to preserve wiki integrity); upon request, the handle will be anonymized. Technical logs are retained for approximately 90 days.
Cookies, Analytics, and Security. Session cookies are used for authentication. We do not currently use third-party advertising cookies. If analytics or error tracking are introduced in the future, users will be notified in-app, and Do Not Track (DNT) signals will be respected. Communications are encrypted via TLS, the database enforces Row-Level Security, and passwords are never stored (magic link or OAuth only).
Minors and International Transfers. brokest is intended for users aged 13 years or older (16 years or older in the EU), and we do not knowingly collect information from younger users. Our servers and processors are located in the United States and the European Union; by using brokest outside these regions, you consent to the transfer of your information under Standard Contractual Clauses (SCC) where required.
Changes to This Policy. Material changes will be communicated in-app prior to taking effect. Continued use of the service after notice constitutes acceptance of the revised policy.