Privacy Policy — The Proof Reserve
Effective date: 1 May 2026 Last updated: 2026-05-12
The Proof Reserve ("the App", "we", "our") is published by Noethon Labs LLC, a limited liability company organized under the laws of the Commonwealth of Virginia, United States. This policy explains what information the App collects, how we use it, who we share it with, and the rights you have over your data.
This App is intended for users 21 years of age or older. We do not knowingly collect data from anyone under 21.
If you have questions about this policy, contact us at privacy@theproofreserve.app.
1. Information We Collect
1.1 Information you provide to us
| Category | Examples | Why |
|---|---|---|
| Account | Email address, username, password (hashed) | Authentication, account recovery |
| Profile | Display name, profile photo, bio | Identity within social features |
| Collection content | Bottle names, distillery, mashbill, proof, age, purchase price, fill level, status, photos | Core app functionality (your collection) |
| Tasting notes | Free-text reviews, ratings, flavor descriptors | Core app functionality (your reviews) |
| Social content | Direct messages, club chat messages, friend connections, club memberships, reactions | Messaging and social features |
| Imported data | CSV imports of existing collection data | At your explicit request via import flow |
1.2 Information collected automatically
| Category | What | Linked to identity? |
|---|---|---|
| Crash data | Stack traces, device model, OS version when the App crashes | No (anonymized) |
| Performance data | Aggregate metrics on app responsiveness and feature usage | No (anonymized) |
| Push notification token | A unique device identifier issued by Apple (APNs) or Google (FCM) | Yes — bound to your account so we can deliver notifications you've opted into |
We do not collect: location data, microphone audio, contacts, browsing history outside the App, financial information beyond what payment providers handle directly, or data from third-party trackers.
1.3 Permissions we request on your device
| Permission | Why | What we do not do |
|---|---|---|
| Camera | Scan barcodes on bottles; take photos for your collection | We never record video or stream camera frames off-device |
| Photo Library | Let you pick existing photos for your bottles | We only access photos you explicitly select |
| Face ID / Fingerprint | App-lock the App for privacy | Biometric data never leaves your device — we only receive a yes/no signal from the OS |
| Notifications | Send push notifications you opt into (DMs, friend requests, club mentions) | You can disable any or all categories in App Settings |
2. How We Use Your Information
We use the data above to:
- Provide and operate core App features (your collection, tasting notes, chats, friends, clubs)
- Authenticate you and keep your account secure
- Sync your data between your devices via offline-first architecture
- Send notifications you've opted into
- Diagnose crashes and improve performance
- Detect and prevent abuse, spam, or violations of our Terms of Service
- Comply with legal obligations
We do not use your data for: targeted advertising, profiling for ad networks, selling to third parties, or any purpose disclosed below in §3.
3. Information Sharing & Third-Party Services
We share data only with the third-party services we use to operate the App. We do not sell your personal information.
| Service | Role | Data shared | Privacy policy |
|---|---|---|---|
| Supabase (Supabase Inc.) | Authentication, database, file storage, edge functions | Account, profile, collection, social content, photos | https://supabase.com/privacy |
| PowerSync (Journey Mobile, Inc.) | Offline-first sync between your device and our database | Same as Supabase data, encrypted in transit | https://www.powersync.com/legal/privacy-policy |
| Sentry (Functional Software, Inc.) | Crash and error reporting (when enabled in production) | Anonymized crash traces, device model, OS version | https://sentry.io/privacy/ |
| RevenueCat (RevenueCat, Inc.) | Subscription management for premium tiers (when wired) | Anonymous user ID, purchase tokens issued by Apple/Google | https://www.revenuecat.com/privacy |
| Apple App Store / Sign in with Apple | iOS distribution and OAuth | Email + name (only if you choose Apple sign-in; you may use Apple's email-relay) | https://www.apple.com/legal/privacy/ |
| Google Play / Google OAuth | Android distribution and OAuth | Email + name (only if you choose Google sign-in) | https://policies.google.com/privacy |
| Apple Push (APNs) | iOS push notification delivery | Push token + notification payload | https://www.apple.com/legal/privacy/ |
| Google Firebase Cloud Messaging (FCM) | Android push notification delivery | Push token + notification payload | https://policies.google.com/privacy |
| Tenor (Google LLC) | GIF search in chat (when you open the GIF picker) | Search query you type (no account info) | https://policies.google.com/privacy |
| Cloudflare (Cloudflare, Inc.) | DNS, CDN, DDoS protection | Network metadata at the edge | https://www.cloudflare.com/privacypolicy/ |
We may share information with law enforcement only if compelled by valid legal process (e.g., a court order or subpoena), and we will notify affected users where legally permitted.
4. Data Storage & Security
- Encryption in transit: All network traffic between the App and our servers is encrypted via HTTPS / TLS 1.2+.
- Encryption at rest: Your data is stored on managed cloud infrastructure with at-rest encryption enabled.
- Local storage: A copy of your data is stored on your device for offline access. The App can be locked with biometric authentication to protect this local copy.
- Authentication: Passwords are hashed using industry-standard algorithms; we never store them in plain text.
- Access controls: Row-Level Security policies enforce that you can only read or modify data belonging to you (and content shared by friends or clubs you're a member of).
- Sensitive data redaction: Diagnostic crash reports are scrubbed of email addresses, tokens, user IDs, and other identifying values before being sent to our error-tracking provider.
No system is perfectly secure. We will notify affected users without undue delay if we become aware of a personal-data breach affecting you, in line with applicable law (e.g., GDPR Article 33–34).
5. Data Retention
- Active accounts: We retain your data for as long as your account is active.
- Account deletion: When you delete your account from within the App, your profile, collection, tasting notes, messages, and uploaded photos are permanently deleted from our active systems within 30 days. Backups are purged within 90 days thereafter.
- Legal holds: We may retain limited data longer if required by law (e.g., for tax or fraud-prevention obligations).
- Anonymous diagnostics: Aggregated, anonymized crash and performance data may be retained indefinitely for analysis.
6. Your Rights
Depending on where you live, you may have the following rights:
6.1 All users
- Access: Export your collection, tasting notes, and account data via the CSV Export feature in App Settings.
- Correction: Edit or update any of your data directly within the App.
- Deletion: Delete your account and all associated data via App Settings → Delete Account.
6.2 European Economic Area, United Kingdom, and Switzerland (GDPR)
You have the right to:
- Access, rectify, or erase your personal data
- Restrict or object to processing
- Receive your data in a portable, machine-readable format
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with your local data protection authority
The legal basis for our processing is contractual necessity (to provide the App you signed up for) and legitimate interest (security, abuse prevention, analytics for product improvement).
6.3 California (CCPA / CPRA)
California residents have the right to:
- Know what personal information we collect, use, and share
- Request deletion of personal information
- Opt out of "sale" or "sharing" of personal information — we do not sell or share personal information for cross-context behavioral advertising
- Non-discrimination for exercising any of these rights
To exercise any right, contact privacy@theproofreserve.app or use the in-App data export and deletion features.
7. Children's Privacy
The App is intended for users 21 years of age or older, due to its alcohol-related subject matter. We do not knowingly collect or process information from anyone under that age. If we become aware that we have collected information from a person under 21, we will delete that information promptly.
If you believe a minor has provided us with information, contact privacy@theproofreserve.app.
8. International Data Transfers
The App is operated from the United States. If you access the App from outside the U.S., your data may be transferred to, stored, and processed in the U.S. and other countries where our service providers operate. Where required (e.g., for EEA/UK users), we rely on Standard Contractual Clauses and equivalent safeguards approved under applicable data-protection law.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be notified to you in-App and via the email associated with your account at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
Continued use of the App after a change indicates acceptance of the updated policy.
10. Contact
Noethon Labs LLC Email: privacy@theproofreserve.app Postal address: Noethon Labs LLC c/o Northwest Registered Agent LLC 8401 Mayland Drive, Suite A Richmond, VA 23294 United States
For data-protection inquiries from the EEA / UK, you may also lodge a complaint with your local supervisory authority.