Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 1, 2026

This Privacy Policy explains how Craft Clubs Labs, Inc. ("Craft Club," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you use the Craft Club mobile application, website, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use the Service, we may collect the following information:

Required during onboarding

• Phone number (used for authentication)
• Username
• Display name
• Date of birth (full date, used to verify 21+ eligibility)

Optional profile information

• Profile photo
• Bio
• Zip code
• Email address (added later through account settings)

Providing optional information is not required to use the Service.

1.2 Authentication Information and Embedded Wallets

Craft Club uses passwordless phone-based authentication via one-time passcodes (OTP). We do not use passwords for consumer accounts.

We use phone numbers solely for account authentication and security purposes. We do not send marketing text messages and do not use phone numbers for advertising or promotional outreach.

A secure, embedded custodial wallet is automatically created for your account through our authentication provider to support current or future digital collectible features. This wallet is not used for payments, financial transactions, or transfers and does not have independent monetary value.

We do not currently support third-party login providers such as Apple, Google, or Facebook.

1.3 Location Information

The Service includes location-based features.

If you grant permission, we may collect precise location data (GPS coordinates) while the app is in use to:

• Display nearby breweries on the map
• Power location-based discovery
• Assist with venue selection during check-ins

We do not collect location data in the background and do not track your movements outside of active app usage.

Check-in Location Privacy Controls

When checking in, you control how location information is stored and displayed using the following options:

• Venue – The specific venue name is stored and publicly visible
• Home – No location data is stored or displayed
• City – Only the city name is stored and displayed (no address)
• Unknown – No location data is stored or displayed

Your selection determines both what information is stored and what is visible to others.

1.4 User-Generated Content

We collect content you choose to create or share, including:

• Tasting notes
• Photos
• Lists and collections
• Comments and reactions
• Profile information

By default, tasting notes and photos are public. You may control visibility using your account-level privacy settings.

Available visibility options include:

• Public – Visible to all users
• Private – Hidden from feeds and leaderboards
• Anonymous – Visible without identifying you by username

Lists have their own per-list visibility controls.

1.5 Events and RSVPs

If you RSVP to an event, we collect:

• Your user ID
• The associated event
• RSVP status (e.g., going, waitlist, cancelled)
• Creation and update timestamps

We do not collect separate RSVP-specific contact information. RSVP counts may be publicly visible. Attendee identities are shown only for users with public visibility settings.

1.6 Communications

If you choose to add an email address to your account, it will be used to send Service-related communications, including product updates and newsletters. All emails include an unsubscribe link, and you may opt out of email communications at any time.

We do not send emails to users who have not provided an email address.

2. Information Collected Automatically

2.1 Error Monitoring

We use Sentry for error monitoring and debugging.

Sentry may collect:

• Anonymous device information (such as operating system and device model)
• Application crash data and stack traces
• Internal user identifiers (such as user ID or username) to associate errors with accounts

IP addresses are not collected through Sentry.

2.2 Analytics

We may use analytics tools to understand how users interact with the Service and to improve functionality, performance, and reliability.

Analytics data may include information about feature usage, in-app interactions, and device or application metadata. Analytics providers may include services such as PostHog. These tools are used for product analytics only and are not used for advertising, cross-app tracking, or data sales.

2.3 Cookies and Web Technologies

Our web interfaces may use essential cookies for authentication and session management.

We do not use third-party advertising cookies or tracking pixels.

3. How We Use Information

We use personal information to:

• Operate and maintain the Service
• Verify age eligibility
• Enable social, event, and location-based features
• Improve performance, reliability, and user experience
• Communicate with users who provide email addresses
• Enforce our Terms of Service
• Comply with legal obligations

4. How We Share Information

We may share information:

• With service providers that support the operation of the Service (e.g., hosting, authentication, analytics, error monitoring)
• With third-party email service providers that deliver communications on our behalf
• To comply with legal requirements or enforce our rights

Craft Club does not sell personal information and does not use personal data for targeted advertising or cross-app tracking.

5. Data Storage and Retention

All data is stored in the United States.

5.1 Account Deletion

You may delete your account at any time through account settings.

When you delete your account:

• Your account is deactivated immediately
• Personal identifiers are removed from public visibility
• User-generated content may be retained in anonymized form
• Data is retained internally for 90 days, after which it is permanently deleted in accordance with our retention policies

5.2 Backups and Logs

We retain system backups and logs for limited periods to support security, compliance, and operational integrity. Retention periods vary by system and provider.

6. Your Privacy Rights

Depending on your location, you may have the right to:

• Access personal information we hold about you
• Request correction or deletion of your information
• Request a portable copy of your personal data in a commonly used format
• Opt out of certain communications

California residents may exercise rights under the California Consumer Privacy Act (CCPA/CPRA).

Requests may be submitted to legal@craftclub.xyz.

7. Children's Privacy

The Service is intended only for individuals 21 years of age or older.

We do not knowingly collect personal information from individuals under 21. If we discover that an account belongs to someone under 21, we will delete the account and associated data.

8. Security

We implement reasonable administrative, technical, and organizational measures to protect personal information. However, no method of transmission or storage is completely secure.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

10. Contact Us

If you have questions or requests regarding this Privacy Policy, contact: