Brewhood LLC Privacy Notice

Effective Date: May 13, 2026

Last Updated: May 13, 2026

This Privacy Notice (this “Notice”) describes how Brewhood LLC, together with its subsidiaries, affiliates, successors and assigns (collectively, “Brewhood,” “we,” “us” or “our”), collects, uses, discloses, retains and otherwise Processes Personal Information in connection with the Brewhood mobile application, website, vendor tools, account features, communications and related services that link to or reference this Notice (collectively, the “Service”).

For purposes of this Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, and “Process” (and its variants) means any operation performed on Personal Information, whether or not by automated means. Capitalized terms used but not defined in this Notice have the meanings given to them in the Brewhood Terms of Service (the “Terms”).

This Notice applies to individuals who use the Service, create an account, submit content, communicate with us, claim or manage a vendor listing, or otherwise interact with Brewhood (each, a “User”). It does not apply to third-party websites, applications, services, payment processors, map providers, social media platforms, breweries, food vendors or other businesses that Brewhood does not own or control. Your use of the Service is also subject to the Terms.

At-a-GlanceWhat This Means
We do not sell Personal Information.We do not “sell” or “share” Personal Information as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), or any analogous U.S. state privacy law.
We do not run targeted ads.We do not Process Personal Information for cross-context behavioral advertising, targeted advertising, or third-party advertising of any kind.
We do not profile you.We do not engage in profiling that produces legal or similarly significant effects, and we do not use automated decision-making technology (ADMT) to make Significant Decisions about you.
We do not knowingly collect from children.The Service is intended for individuals 18 years of age or older. We comply with the Children’s Online Privacy Protection Act (“COPPA”).

1. About Brewhood

Brewhood operates a discovery platform that helps users find breweries, food vendors, events, menus, business locations, hours and related local information.

Brewhood is not an alcohol retailer. We do not sell, ship, deliver, broker or process purchases of alcohol. Many businesses listed on the Service serve alcohol; many also offer food-only service, non-alcoholic options, family-friendly events and other local experiences. Businesses listed on the Service are independently responsible for compliance with alcohol-beverage control, age-verification, food-service, event, licensing and other laws applicable to them.

2. Age Requirement; Children’s Privacy

The Service is intended for users who are at least 18 years of age. You must be at least 18 to create a Brewhood account or use account-based features. By creating an account, you represent and warrant that you are at least 18 years of age.

Children under 13.Consistent with COPPA (15 U.S.C. §§ 6501–6506) and its implementing regulations (16 C.F.R. Part 312), the Service is not directed to children under the age of 13, and we do not knowingly collect, use or disclose Personal Information from any individual whom we know to be under the age of 13. If we learn that we have collected Personal Information from a child under 13 without verifiable parental consent, we will delete that information promptly. A parent or legal guardian who believes that we may have collected Personal Information from a child under 13 may contact us using the information in Section 21.

Minors 13 to 17. While the Service is intended for users 18 and older, if we become aware that we have collected Personal Information from an individual between the ages of 13 and 17, we will take reasonable steps to delete it, unless retention is required or permitted by applicable law. Consistent with California Business and Professions Code § 22581, a registered user under the age of 18 may request removal of content that the user has posted on the Service by contacting us at privacy@brewhood.app.

3. Personal Information We Collect

We collect Personal Information directly from you, automatically when you use the Service, from vendor representatives and from service providers that help us operate the Service.

3.1 Information You Provide

CategoryExamples
Account informationEmail address, display name, password authentication credentials, date of birth or age-eligibility confirmation, city, account settings.
Profile informationAvatar, short biography, preferences, followed vendors, badges and other profile details you elect to provide.
User-generated contentReviews, ratings, photos, comments, check-ins, saved vendors, followed vendors and other content or interactions you submit.
CommunicationsMessages, support requests, privacy-rights requests, survey responses and feedback.
Vendor account informationBusiness name, address, phone, contact email, hours, description, specialty, year established, logo, cover photo, menus and event information.
Vendor verification informationOwner or operator name and role, claim-verification information and business-license information.

Account passwords are stored using industry-standard cryptographic hashing and are never stored in plain-text or otherwise readable form.

3.2 Information Collected Automatically

CategoryExamples
Device and browser informationDevice type, browser type, operating system, application version and user-agent strings.
Log and usage informationInternet Protocol (IP) address, pages or screens viewed, features used, actions taken, timestamps, referring URLs and error logs.
Authentication informationSession cookies, authentication tokens, login status and security signals.
Approximate location signalsInformation derived from your IP address or a city you provide.

3.3 Location Information

With your permission, we Process precise device location only when you actively request a location-based feature, such as displaying nearby breweries, food vendors or events; calculating distance-based search results; or verifying that you are at or near a vendor location for a check-in feature (if available).

We do not continuously track your location, collect background location, maintain a continuous location history, or disclose your real-time precise location to vendors or other users. If you create a check-in or other location-related post, we may retain the check-in record and associated content (such as vendor name, timestamp and profile attribution).

You may disable location access at any time through your device settings. Some features may not function without location access.

3.4 Information from Third Parties

We may receive limited Personal Information from:

  • service providers that support hosting, authentication, storage, email delivery, security, diagnostics, analytics or customer support;
  • publicly available business sources used to populate, maintain or verify vendor listings;
  • vendor representatives who submit information about a business; and
  • other users who interact with your public content or report content to us.

4. How We Use Personal Information

We Process Personal Information for the following business and commercial purposes:

  • Provide and maintain the Service. To create, authenticate and maintain accounts; provide profile, discovery, search, follow, review, rating, photo, badge, check-in and community features; display breweries, food vendors, menus, events and related content; personalize discovery; provide vendor listing, claim and management tools; and handle support requests.
  • Verify eligibility and vendor claims. To confirm the 18-and-older age requirement, verify vendor-account claims and confirm authority to manage a vendor listing.
  • Communicate with you.To send account, security and administrative notices; email verification and password-reset messages; responses to support, privacy or legal requests; notices about changes to the Terms or this Notice; and optional product or marketing communications, where permitted by applicable law and consistent with the CAN-SPAM Act of 2003 (15 U.S.C. §§ 7701–7713) and the Telephone Consumer Protection Act (47 U.S.C. § 227) (“TCPA”).
  • Protect the Service. To detect, prevent and investigate fraud, spam, abuse, unauthorized access and other harmful activity; enforce the Terms; and protect the rights, property, safety and security of Brewhood, our users, vendors and the public.
  • Improve and develop the Service. To analyze usage and performance; diagnose bugs and technical issues; and test, improve and develop features.
  • Generate aggregated or de-identified information. For analytics, research and product development. Aggregated, anonymized and de-identified information is not Personal Information subject to this Notice, and we will not attempt to re-identify it.
  • Comply with legal obligations. To comply with applicable laws, respond to lawful requests, and establish, exercise or defend legal claims.

5. How We Disclose Personal Information

We disclose Personal Information only as described in this Section 5. We do not sell Personal Information, share Personal Information for cross-context behavioral advertising, or Process Personal Information for targeted advertising.

5.1 Service Providers

We disclose Personal Information to service providers, contractors and processors that perform services on our behalf under written contracts that obligate them to (a) use Personal Information only for the purposes we specify, (b) implement appropriate technical and organizational safeguards, and (c) comply with applicable privacy laws, including the CCPA and analogous U.S. state privacy laws.

5.2 Public and Community Features

Some information is visible to other users or to the public depending on the feature and your settings, including your display name, avatar, biography, public reviews, ratings, comments, photos, public check-ins (if available and enabled), badges and the vendors you follow (if displayed by the Service). Public content may be viewed, copied, saved, indexed or shared by others. Please do not submit public content that you do not want others to see or use.

5.3 Vendors

When you follow, review, rate, check in at, or otherwise interact with a vendor, the vendor may view your public content and aggregate engagement information about its listing (including follower counts, rating averages, review counts, check-in counts and similar listing-level metrics). Vendors do not have access to your email address, date of birth, account credentials, precise device location or other non-public account information unless you direct otherwise, you consent, or disclosure is required or permitted by applicable law.

5.4 Legal, Safety and Enforcement Purposes

We may disclose Personal Information if we believe, in good faith, that disclosure is reasonably necessary to:

  • comply with applicable law, regulation, subpoena, court order, legal process or governmental request;
  • enforce the Terms or other agreements;
  • investigate, prevent or address fraud, security incidents, abuse or illegal activity;
  • protect the rights, property, safety or security of Brewhood, our users, vendors or the public; or
  • establish, exercise or defend legal claims.

5.5 Business Transactions

We may disclose or transfer Personal Information in connection with an actual or proposed merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, sale of all or any portion of our business or assets, or similar corporate transaction. We will take reasonable steps to require the recipient to handle Personal Information in a manner consistent with this Notice, unless otherwise permitted by applicable law. Where required, we will notify affected users of any material change to the practices described in this Notice.

5.6 With Your Consent or Direction

We may disclose Personal Information with your consent or at your direction.

5.7 Aggregated or De-identified Information

We may use and disclose aggregated, anonymized or de-identified information that cannot reasonably be used to identify any individual, including aggregate usage trends, vendor engagement metrics and Service performance statistics. We maintain such information in de-identified form, do not attempt to re-identify it, and contractually obligate recipients to do the same.

6. Cookies and Similar Technologies

We use cookies, software development kits (SDKs), tokens and similar technologies (collectively, “Cookies”) for the limited operational purposes described below.

TypePurpose
Strictly necessaryAuthentication, session management, account security, fraud prevention and core Service functionality. These Cookies cannot be disabled without breaking the Service.
FunctionalRemembering preferences and settings within the Service to provide a consistent user experience.
Diagnostic / first-party analyticsPerformance monitoring, error logging, crash reporting and abuse prevention. We use first-party analytics only and do not share analytics data with third-party advertising networks.

We do not use third-party advertising cookies, cross-site tracking pixels, behavioral advertising identifiers, advertising SDKs, fingerprinting techniques or data-broker integrations. You may disable Cookies through your browser settings, but the Service will not function correctly if authentication or security Cookies are disabled.

7. Sale, Sharing and Targeted Advertising

To be unambiguous: Brewhood does not sell Personal Information, share Personal Information for cross-context behavioral advertising, or Process Personal Information for targeted advertising, in each case as those terms are defined under the CCPA and analogous U.S. state privacy laws (including the Colorado Privacy Act, Connecticut Data Privacy Act, Virginia Consumer Data Protection Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, Montana Consumer Data Privacy Act, Delaware Personal Data Privacy Act, Iowa Consumer Data Protection Act, New Hampshire Privacy Act, New Jersey Data Privacy Act, Tennessee Information Protection Act, Minnesota Consumer Data Privacy Act, Maryland Online Data Privacy Act, Nebraska Data Privacy Act, Indiana Consumer Data Protection Act, Kentucky Consumer Data Protection Act and Rhode Island Data Transparency and Privacy Protection Act, as in effect from time to time (collectively, the “State Privacy Laws”)).

Brewhood is not a data broker as defined under the California Delete Act (Cal. Civ. Code § 1798.99.80 et seq.), the Vermont Data Broker Law (9 V.S.A. § 2446) or the Texas data broker statute (Tex. Bus. & Com. Code Chapter 509), and is not registered as a data broker in any jurisdiction. If our practices materially change, we will update this Notice and provide any notices, choices and consent mechanisms required by applicable law before commencing any such Processing.

8. Sensitive Personal Information

Certain Personal Information is treated as “sensitive” under the CCPA and analogous State Privacy Laws (“Sensitive Personal Information”). Depending on how you use the Service, Sensitive Personal Information we Process may include:

  • account log-in credentials;
  • precise device location, but only when you enable a location-based feature; and
  • business-license information submitted for vendor verification (to the extent it identifies an individual).

We Process Sensitive Personal Information solely for the purposes permitted under California Code of Regulations title 11, § 7027(m) and analogous provisions of other State Privacy Laws, namely: (i) to perform the services reasonably expected by an average consumer; (ii) to prevent, detect and investigate security incidents and fraud; (iii) to resist malicious, deceptive, fraudulent or illegal actions; (iv) to ensure the physical safety of natural persons; (v) for short-term, transient use; (vi) to perform services on behalf of the business; and (vii) to verify or maintain the quality or safety of the Service; (viii) to collect or process sensitive personal information where the collection or processing is not for the purpose of inferring characteristics about a consumer. We do not Process Sensitive Personal Information for the purpose of inferring characteristics about you. Because we Process Sensitive Personal Information only for these enumerated permitted purposes, the right to limit the use and disclosure of Sensitive Personal Information does not change our Processing practices; you may nevertheless submit a limitation request as described in Section 12.1.

9. Automated Decision-Making and Profiling

Brewhood does not use automated decision-making technology (ADMT) or profiling to make decisions that produce legal or similarly significant effects concerning you, within the meaning of California Code of Regulations title 11, §§ 7150–7157 and analogous provisions of other State Privacy Laws (including the Colorado Privacy Act, Connecticut Data Privacy Act and Virginia Consumer Data Protection Act). We may use basic algorithmic logic to personalize discovery (for example, surfacing nearby vendors or recommending vendors similar to those you have followed), but such logic does not make Significant Decisions about you. If we begin using ADMT in a manner requiring additional disclosures or opt-out rights under applicable law, we will update this Notice and implement the controls required by law before doing so.

10. Opt-Out Preference Signals and Do Not Track

Some browsers, devices and extensions offer opt-out preference signals such as Global Privacy Control (GPC) or “Do Not Track” signals. Because Brewhood does not sell Personal Information, share Personal Information for cross-context behavioral advertising, or Process Personal Information for targeted advertising, these signals do not change our Processing practices.

Pursuant to the California Online Privacy Protection Act (Cal. Bus. & Prof. Code §§ 22575–22579) (“CalOPPA”), we disclose that we do not respond differently to Do Not Track signals because we do not engage in the Processing those signals are designed to address. Third parties may not collect personally identifiable information about an individual user’s online activities over time and across different websites when the user uses the Service, because we do not permit any such Processing.

11. Your Privacy Choices

11.1 Access and Update

You may access, update or correct most account and profile information through your account settings.

11.2 Account Deletion

You may delete your account through your account settings where self-service deletion is available. When you delete your account:

  • your profile, avatar, biography and follow relationships are removed from active account features;
  • your Personal Information is deleted from active systems within thirty (30) days, unless retention is required or permitted by applicable law;
  • reviews, ratings, photos, check-ins, comments and other user-generated content may remain in pseudonymous, de-identified, aggregated or account-disassociated form to preserve vendor-page integrity, prevent fraud, comply with legal obligations or enforce our rights; and
  • information may persist in disaster-recovery and operational backups for a limited period until those backups are overwritten or deleted in the ordinary course of business.

If self-service deletion is unavailable, you may submit a deletion request using the contact information in Section 21.

11.3 Location Controls

You may control device location permissions through your device settings, including granting access only while using the application, where supported. Disabling location access may limit distance-based discovery, nearby search, check-in verification and other location-based features.

11.4 Email Preferences

Consistent with the CAN-SPAM Act, you may unsubscribe from non-essential marketing or product-announcement emails using the unsubscribe link contained in each such message or through your account settings. Essential Service communications (such as email verification, password resets, account-security notices, legal and privacy notices, and other administrative messages) cannot be opted out of because they are necessary to operate your account.

11.5 Push Notifications

If you use the mobile application, you may enable or disable push notifications at any time through your device settings or in-app settings.

11.6 Telephone and Text Communications

Brewhood does not currently send marketing telephone calls or text messages. If we begin to do so, we will obtain prior express written consent where required by the TCPA and applicable state law, and we will provide a clear opt-out mechanism in each message.

12. U.S. State Privacy Rights

Depending on your state of residence, and subject to applicable exceptions, you may have some or all of the following rights with respect to your Personal Information:

  • Right to Know / Access. To confirm whether we Process Personal Information about you and, if so, to access that information.
  • Right to Portability. To receive a copy of certain Personal Information in a portable and, to the extent technically feasible, readily usable format.
  • Right to Correct. To correct inaccurate Personal Information, taking into account the nature of the information and the purposes of Processing.
  • Right to Delete. To request deletion of Personal Information, subject to the exceptions set forth in applicable law.
  • Right to Opt Out of Sale, Sharing and Targeted Advertising. Brewhood does not engage in any of these activities, so there is nothing to opt out of.
  • Right to Opt Out of Profiling. Brewhood does not engage in profiling that produces legal or similarly significant effects.
  • Right to Limit Use of Sensitive Personal Information. As described in Section 8, we Process Sensitive Personal Information only for permitted purposes, but you may still submit a limitation request.
  • Right to Appeal. Where applicable law provides for an appeal of a decision regarding a privacy-rights request, to appeal that decision.
  • Right to Non-Discrimination. Not to receive discriminatory treatment for exercising any of your privacy rights.

12.1 How to Exercise Your Rights

To exercise any of these rights, please email privacy@brewhood.app or use the privacy-rights tools available in your account settings. You may also submit requests by mail using the address in Section 21.

12.2 Verification

To protect your information, we will verify your identity before fulfilling certain requests. For account holders, we typically verify by confirming control of the registered email address. For more sensitive requests, we may ask for additional information necessary to verify your identity to a reasonable degree of certainty. Information provided for verification is used only to verify and respond to your request and is deleted promptly thereafter.

12.3 Authorized Agents

You may designate an authorized agent to submit a request on your behalf where permitted by applicable law. We may require the agent to provide (a) written proof of authorization signed by you (such as a power of attorney executed pursuant to California Probate Code §§ 4000–4465 or analogous law), or (b) other documentation sufficient to demonstrate the agent’s authority. We may also ask you to verify your identity directly with us, or to confirm to us that you have provided the agent with permission to submit the request.

12.4 Response Timeframe

We will acknowledge receipt of a verifiable consumer request within ten (10) business days and substantively respond within forty-five (45) calendar days. Where reasonably necessary, we may extend the response period by an additional forty-five (45) days (or such longer period as expressly permitted under applicable law), and we will notify you of the extension and the reasons for it within the initial 45-day period.

12.5 Appeals

If we deny your request in whole or in part and applicable law provides you with a right to appeal, you may appeal by replying to our denial or by contacting us at privacy@brewhood.app with the subject line “Privacy Request Appeal.” We will respond to your appeal within sixty (60) days (or such shorter period as may be required under applicable law). If your appeal is denied, you may have the right to contact your state attorney general, the California Privacy Protection Agency, or other applicable regulator. Contact information for the Colorado Attorney General is coag.gov/file-complaint; for the Connecticut Attorney General, portal.ct.gov/AG; for the Virginia Attorney General, oag.state.va.us; and for the Texas Attorney General, texasattorneygeneral.gov.

13. California Privacy Notice

This Section 13 applies to California residents and supplements (and, where inconsistent, controls over) the balance of this Notice with respect to California residents. It is the “notice at collection” required by California Civil Code § 1798.100(a) and California Code of Regulations title 11, § 7012.

13.1 Notice at Collection

The following table sets forth, for each category of Personal Information we collect, the sources from which we collect it, the business and commercial purposes for which we Process it, the categories of recipients to whom we disclose it, the length of time we intend to retain it, and whether we sell or share it for cross-context behavioral advertising.

CategoryExamplesSourcesPurposes of UseRecipientsRetentionSold or Shared?
IdentifiersDisplay name, email, IP address, account ID, vendor contact information.You; your device; service providers; vendor representatives.Account, authentication, support, communications, vendor verification, security.Service providers; public users (where you make information public); legal recipients where required.Account duration plus up to 30 days after deletion from active systems, unless longer retention is required or permitted.No
Account and profile informationAvatar, biography, city, followed vendors, badges, preferences, settings.You.Account features; personalized discovery; profile and community features.Service providers; other users (where public); vendors in aggregate form.Account duration, subject to deletion and UGC retention practices.No
Age / date-of-birth informationDate of birth or age-eligibility confirmation.You.18+ eligibility verification; safety; legal compliance.Service providers.Account duration plus up to 30 days after deletion from active systems.No
Commercial or activity informationReviews, ratings, followed/saved vendors, check-ins, badge activity, vendor interactions.You; your use of the Service.Provide features; personalize discovery; prevent abuse; improve the Service.Service providers; other users (where public); vendors in aggregate form.Account duration; public content may remain in pseudonymous, de-identified, aggregated or account-disassociated form.No
Internet, device and network activityIP address, user agent, device / OS / app version, pages viewed, timestamps, logs, diagnostics.Your device; service providers.Authentication; security; troubleshooting; fraud prevention; Service improvement.Hosting, infrastructure, database, security, logging and support providers.Typically up to 90 days for logs; longer if required for security, fraud, legal or operational reasons.No
Geolocation informationPrecise device location (when you request a nearby-discovery or check-in feature); approximate location inferred from IP or city.You; your device.Nearby discovery; distance-based search; check-in verification; Service functionality.Service providers; other users only if you create public location-related content.Precise location is used only for the requested functionality and is not retained as a continuous history; check-in records are retained as UGC.No
Visual or media informationAvatar, vendor logo, vendor cover photo, review photos, event images.You; vendor representatives.Display profiles, listings, reviews, events and other content.Public users; vendors; service providers.Until removed, deleted or no longer needed.No
Professional or business informationOwner/operator name and role, business contact information, claim-verification information, business-license information.Vendor representatives.Vendor verification; account administration; fraud prevention; legal compliance.Service providers; legal recipients where required; public users for published business information.Vendor-account duration plus a reasonable period for fraud prevention, dispute resolution, legal compliance and recordkeeping.No
InferencesInterests inferred from followed/saved vendors, reviews, badges or usage patterns.Your use of the Service.Personalized discovery; Service improvement; understanding aggregate usage trends.Service providers.Account duration or until no longer reasonably necessary.No
Sensitive Personal InformationAccount log-in credentials; precise device location (when requested); business-license information (where it identifies an individual).You; your device; vendor representatives.Authentication; account security; location-based functionality; age eligibility; vendor verification; fraud prevention; legal compliance.Service providers; legal recipients where required.As described for the underlying category.No
Other information you choose to provideSupport messages, feedback, survey responses, free-text profile fields, free-text reviews.You.Respond to requests; provide support; improve the Service; enforce the Terms; comply with law.Service providers; public users where you post publicly; legal recipients where required.As long as reasonably necessary for the purpose for which collected, or as required or permitted by applicable law.No

13.2 Sources of Personal Information

We collect Personal Information from you, your device, your use of the Service, vendor representatives, service providers and publicly available business sources.

13.3 Business and Commercial Purposes

We collect, use and disclose Personal Information for the business and commercial purposes described in Sections 4 and 5 of this Notice.

13.4 Disclosures for Business Purposes

We may have disclosed the categories of Personal Information described above to service providers and contractors, to legal recipients where required, to other users where you make information public, and to vendors in aggregate or public-content form.

13.5 No Sale or Sharing

Brewhood does not sell Personal Information and does not share Personal Information for cross-context behavioral advertising. We have not sold or shared Personal Information in the preceding twelve (12) months, including with respect to minors under sixteen (16) years of age.

13.6 Minors

We do not knowingly collect Personal Information from individuals under 18 years of age. We do not knowingly sell or share Personal Information of individuals under 16 years of age, and we will not do so without obtaining the affirmative opt-in consent required by California Civil Code § 1798.120(c).

13.7 Financial Incentives

We do not offer financial incentives, price differences or service differences in exchange for the collection, retention, sale or sharing of Personal Information.

13.8 Shine the Light

California Civil Code § 1798.83 (commonly referred to as the “Shine the Light” law) permits California residents to request certain information regarding our disclosure of Personal Information to third parties for those third parties’ direct-marketing purposes. Brewhood does not disclose Personal Information to third parties for those third parties’ own direct-marketing purposes. California residents may submit a Shine the Light request to privacy@brewhood.app with the subject line “Shine the Light Request.”

13.9 California Rights

California residents may exercise the rights described in Section 12, subject to applicable exceptions, by contacting us at privacy@brewhood.app or through available account tools. California residents may also contact the California Privacy Protection Agency at cppa.ca.gov or the California Attorney General at oag.ca.gov.

14. Additional State-Specific Disclosures

14.1 Colorado, Connecticut, Virginia, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey and Oregon Residents

If you are a resident of any of the foregoing states, you may exercise the rights described in Section 12 to the extent provided by the applicable State Privacy Law. You may submit a request to:

You may appeal a denied request as described in Section 12.5. If your appeal is denied, you may have the right to contact the attorney general of your state.

14.2 Nevada Residents

Nevada residents may, under Nevada Revised Statutes Chapter 603A, opt out of the sale of certain covered information. Brewhood does not engage in such sales. To submit a verified request, contact us at the email in Section 21.

14.3 Texas Residents

Texas residents may exercise the rights described in Section 12 pursuant to the Texas Data Privacy and Security Act. Pursuant to Texas Business & Commerce Code § 541.102(d), we disclose: Brewhood does not sell your sensitive personal data. Brewhood does not sell your biometric personal data.

14.4 Washington and Nevada “My Health My Data”-Style Statutes

Although Brewhood does not knowingly collect “consumer health data” as defined under the Washington My Health My Data Act (RCW Chapter 19.373) or analogous Nevada law, we acknowledge those statutes and will provide the disclosures and rights required thereunder if our practices change.

14.5 Florida Residents

Florida residents may have rights under the Florida Digital Bill of Rights (Fla. Stat. § 501.701 et seq.) where applicable. Brewhood does not currently meet the revenue thresholds for application of that statute but voluntarily extends substantially equivalent rights to Florida residents.

15. Data Retention

We retain Personal Information only for so long as is reasonably necessary to fulfill the purposes described in this Notice, including providing the Service, maintaining account functionality, complying with legal obligations, resolving disputes, enforcing agreements, preventing fraud, maintaining security and protecting legal rights. The specific retention periods (or, where periods are not feasible, the criteria used to determine them) are set forth in the notice-at-collection table in Section 13.1 and supplemented as follows:

  • server, security and diagnostic logs are typically retained for up to ninety (90) days, unless retained longer for security, fraud-prevention, legal or operational reasons;
  • disaster-recovery and operational backups are retained in accordance with our backup schedules and overwritten or deleted in the ordinary course of business (typically within 90 days);
  • support and privacy-request records are retained for as long as necessary to respond, maintain records, resolve disputes, comply with applicable law and protect legal rights;
  • vendor verification records are retained for the duration of the vendor account plus three (3) years thereafter for fraud-prevention and recordkeeping purposes; and
  • tax, accounting and corporate records associated with vendor or commercial relationships are retained for the period required by applicable federal and state law.

When Personal Information is no longer needed for the purposes described in this Notice, we delete, destroy or de-identify it in accordance with our records-retention policies.

16. Information Security

We maintain reasonable administrative, technical, organizational and physical safeguards designed to protect Personal Information against unauthorized access, loss, misuse, disclosure, alteration or destruction. Those safeguards include:

  • encryption of data in transit using Transport Layer Security (TLS) version 1.2 or higher;
  • encryption of sensitive data at rest;
  • cryptographic hashing of passwords using industry-standard algorithms;
  • role-based access controls and least-privilege internal access practices;
  • multi-factor authentication for administrative access;
  • monitoring, logging and alerting for anomalous activity;
  • contractual security obligations imposed on service providers; and
  • written procedures for reviewing and responding to suspected security incidents.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident involving your Personal Information, we will provide notice as required by applicable law, including California Civil Code §§ 1798.29 and 1798.82 and analogous state and federal breach-notification statutes.

17. Third-Party Services and Links

The Service may contain links to, or integrations with, third-party websites, applications, services, vendor pages, event pages, reservation tools, menu tools, payment tools, map services, application stores and social networks. Brewhood does not control, and is not responsible for, the privacy, security or data-Processing practices of such third parties. Your interactions with third parties are governed by their own privacy notices and policies, which we encourage you to review.

18. International Users

Brewhood is operated from the United States and is intended for users located in the United States. If you access the Service from outside the United States, you understand that your Personal Information may be transferred to, stored in and Processed in the United States and other jurisdictions where privacy laws may differ from those in your jurisdiction. By using the Service from outside the United States, you consent to such transfer, storage and Processing. Where the laws of your jurisdiction nevertheless apply (including, where applicable, the EU General Data Protection Regulation, the UK GDPR, the Canadian Personal Information Protection and Electronic Documents Act or the Brazilian Lei Geral de Proteção de Dados), we will respond to applicable requests and obligations as and to the extent required by law.

19. Accessibility

We strive to make this Notice and the Service accessible to all users, consistent with the Americans with Disabilities Act and the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA where reasonably practicable. If you have difficulty accessing any portion of this Notice or the Service due to a disability, please contact us using the information in Section 21, and we will work with you to provide the information in an accessible format.

20. Changes to This Notice

We may update this Notice from time to time. When we do, we will update the “Last Updated” date set forth above. If we make material changes, we will provide notice through the Service, by email, by in-app notification or by other reasonable means at least thirty (30) days before the changes take effect, unless a shorter period is required by applicable law. The updated Notice will apply as of the effective date stated therein, unless otherwise required by law. Your continued use of the Service after the effective date constitutes acceptance of the updated Notice to the extent permitted by applicable law.

21. Contact Us

For privacy questions, requests or concerns, please contact us using any of the following:

Email: privacy@brewhood.app

Mail: Brewhood LLC, Attn: Privacy, 2108 N. St., Ste. N, Sacramento, CA 95816

Legal Entity: Brewhood LLC, a California limited liability company.

© 2026 Brewhood LLC. All rights reserved.