Privacy Policy — Sip
Sip is a coffee and matcha journaling app for iOS. This policy explains what information Sip collects, why, who can see it, and the choices you have. If you have questions, contact us at the email at the bottom of this document.
Who we are
Sip ("we", "us") is an independent iOS app, distributed through the Apple App Store and running on iPhone.
The short version
- We sign you in with Sign in with Apple. We do not collect a password.
- Your journal of drinks lives on your device and syncs to your private iCloud. We never see it.
- A smaller subset of each drink — the drink name, rating, venue, photo, and notes — gets stored on our servers so it can be shared with friends you've added in the app. Only friends can see it, enforced by the database.
- We never sell your data. We don't show ads. We don't track you across the internet.
- You can delete your entire account at any time from inside the app. That removes everything we have stored about you from our servers.
What we collect, why, and where it lives
Account information
When you tap "Sign in with Apple", Apple gives us:
- A stable user identifier (an opaque ID — not your email or name)
- Your email, if you choose to share it (or a
@privaterelay.appleid.comproxy address if you choose "Hide My Email") - Your display name, if you choose to share it (first sign-in only)
This identifier and email are used to create and maintain your account on our backend (Supabase) so we can recognize you across devices and let your friends find you.
Profile
After you sign in, you choose:
- A username (3–20 lowercase letters, numbers, underscores)
- A display name
- A bio (optional)
This profile is visible to other signed-in Sip users via username search, so they can send you friend requests. Once you become friends with someone, your profile is fully visible to them.
Drinks logged in the app
When you log a coffee or matcha, two things happen:
On your device only (we never see this):
- The full record of your drink — drink name, type, rating, photo, notes, brew details (bean type, roast level, brew method, ratio), price, made-at-home flag, and precise GPS coordinates of the cafe (if you select one from search)
- Stored locally in iOS, and synced through SwiftData ↔ CloudKit to your private iCloud, which only you can access
On our servers (visible to your friends):
- Drink name and category (coffee or matcha)
- Rating (1–5)
- Venue name and city/state (no precise coordinates)
- Photo of the drink, if you took one (downsized to ~1500px before upload)
- "Additions" string (milk, sweetener)
- Notes you wrote
- Whether you marked it as favorite
- Timestamp
This is the data your friends see in their Feed. Non-friends cannot see any of it. This is enforced by row-level security policies on our database, not just by the app's UI.
Photos
Photos you attach to drinks are uploaded to our cloud storage (Supabase Storage). Each photo is stored under a folder keyed to your user ID. Access is gated by the same friends-only rule — only your accepted friends can see the photos you upload. We do not have third parties analyze your photos.
Social activity
- Friend connections between users (requests and accepted friendships)
- Comments you post on others' drinks
- Reports you submit about objectionable content
- Blocks you place on other users
Things we do NOT collect
- We don't collect device identifiers for advertising purposes
- We don't have any analytics SDKs (Mixpanel, Amplitude, Firebase Analytics, etc.)
- We don't share data with advertisers
- We don't track you across other apps or websites
Who can see your data
| Data | Who sees it |
|---|---|
| Your username, display name, bio | Anyone signed into Sip (used for friend discovery) |
| Drinks logged (shared subset above) | You and your accepted friends |
| Drink photos | You and your accepted friends |
| Comments on drinks | You and your accepted friends |
| Your local journal (full details + GPS) | Only you, via your iCloud account |
| Friend connections | You and the other party |
| Reports you submit | You and Sip's administrator |
| Blocks you place | You only |
If you block another user, they can no longer see any of your content, and you can no longer see theirs.
If you delete a drink, the shared copy is removed from our servers and the photo deleted from cloud storage. The local copy on your device remains in your journal unless you separately delete it locally.
Service providers we use
- Apple — Sign in with Apple, iCloud (for syncing your private journal)
- Supabase (supabase.com) — backend database, file storage for photos, and authentication infrastructure. Supabase is a Data Processor; their handling of your data is governed by Supabase's Terms of Service and Privacy Policy.
We use no other third-party services that receive your data.
Where data is stored
Server-side data lives in our Supabase project, hosted in the region we selected (United States). Photos live in Supabase Storage in the same region. By using Sip you consent to your data being processed in that region.
How long we keep your data
- While your account is active: indefinitely
- When you delete your account: immediately removed from our servers — the database performs a cascade delete that removes your profile, friend connections, all shared drinks, all comments, all photos, and all moderation records you submitted. This is irreversible.
- Your local journal: persists on your device and your iCloud regardless of account deletion, because that data is yours and never went to our servers.
Your rights
You have the right to:
- Access your data — visible in the app
- Correct it — edit your profile, edit any drink in the journal
- Delete it — delete any drink, or delete your entire account (More → Delete Account)
- Receive a copy of your data — contact us and we'll provide an export of your account records on a best-effort basis
- Withdraw consent — delete your account stops all future processing
If you're in the European Economic Area, the UK, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively — including the right to lodge a complaint with a supervisory authority. We will honor those rights for any user who exercises them.
Children
Sip is intended for users 13 and older in the United States, and 16 and older in countries where that is the GDPR/local minimum. We do not knowingly collect personal information from younger children. If you are a parent or guardian and believe your child has signed up, contact us and we will delete the account.
Changes to this policy
If we make material changes to this policy, we'll update the "Last updated" date at the top and, where possible, notify you in the app. Continued use of Sip after the change constitutes acceptance.
Contact
Email: sip.app.contact@gmail.com
If we don't respond within 14 days, please assume we didn't receive your message and try again from a different address.