🍻JoinTheSip

Privacy Policy

Effective: 4 June 2026 — v1.0 (alpha)

This is a draft policy for the JoinTheSip closed alpha. We will update it before public launch with any changes flowing from legal review and from the data we actually end up handling. Material changes will be notified in-app and by email.

1. Who we are

JoinTheSip (“we”, “us”) operates the JoinTheSip mobile app and the website at jointhesip.com. This policy covers both. Contact us about anything in this policy at privacy@jointhesip.com.

2. Eligibility & age gate

JoinTheSip is for people who are of legal drinking age in their country: 21+ in the United States, 18+ in most other countries. We ask you to confirm this when you sign up and at the alpha invite stage. If we learn that an account belongs to someone under the applicable age, we will close the account and delete the data.

3. What we collect

3.1 Information you give us

  • Email address, used for account login and alpha invites.
  • Display name, profile photo (optional), city, and any other profile fields you choose to fill in.
  • Drink check-ins you log: venue, drink type, timestamp, and any note or photo you attach.
  • Squad membership and friend connections.
  • Messages you send through the app, including reports of abuse or support requests.

3.2 Information collected automatically

  • Device identifiers, app version, OS version, language, and crash/diagnostic data.
  • Approximate location only when you tap to check in at a venue. We do not track location in the background.
  • Basic usage analytics — which screens you open, which features you use — so we can find bugs and prioritize work.

3.3 What we do not collect

  • We do not access your contacts, photo library, microphone, camera or background location unless you grant explicit permission for a specific feature.
  • We do not buy data about you from data brokers.
  • We do not run third-party advertising SDKs in the alpha build.

4. How we use it

  • To run the service: log check-ins, run leaderboards, send notifications you opt into.
  • To keep the service safe: detect abuse, fake check-ins, and policy violations.
  • To talk to you about the alpha and product updates you opted in to.
  • To fix bugs and improve the product (aggregated analytics only).

5. Venue analytics — aggregated only

JoinTheSip offers venue owners a dashboard with anonymized, aggregated stats about traffic at their venue. This dashboard is aggregated only. Specifically:

  • Venue owners cannot see individual user identities, profiles, photos, or messages.
  • Any breakdown a venue can see (by hour, by night, by drink type) is gated by k-anonymity ≥ 20 — that is, no slice that would represent fewer than 20 distinct users in the relevant time window is ever shown. Smaller slices are suppressed or rolled up.
  • The aggregation is performed server-side before any data leaves our infrastructure to a venue dashboard.

6. Sharing

  • With your friends and squads: what you share inside the app (check-ins, achievements, messages) is visible to the people you share it with, according to your privacy settings.
  • With venues: aggregated stats only, as described in section 5.
  • With service providers who help us run the service (e.g., infrastructure hosting at Hetzner Helsinki, push notification relay, email delivery). They process your data on our behalf under written contracts.
  • Legal: when required by valid legal process, and only to the extent required.
  • We do not sell your personal data, and we do not share it with third parties for their own marketing.

7. Analytics & crash reporting (self-hosted)

For section 3.2 above, the “basic usage analytics” and “crash/diagnostic data” we collect are processed on our own infrastructure in Hetzner Helsinki. We do not use any third-party analytics or crash-reporting cloud providers. No analytics or crash data is shared with anyone outside our organisation, and none of it is used for advertising. We do not sell your data.

7.1 Self-hosted PostHog (product analytics)

We run our own PostHog instance at posthog.jointhesip.com, deployed on our Hetzner Helsinki servers. PostHog is an open-source product-analytics tool; we use it to measure feature usage and retention. Because we host it ourselves, analytics data never leaves our infrastructure.

Through our integration, PostHog receives:

  • A pseudonymous user identifier — an opaque internal ID, not your name or email address.
  • App version and device platform (iOS or Android).
  • Event timestamps for in-app actions (e.g., logging a drink, checking into a venue, completing a session, interacting with friends or leaderboards).

Our self-hosted PostHog does not receive your name, email address, message content, or any other directly identifying information through our integration.

7.2 Self-hosted GlitchTip (crash & error diagnostics)

We run our own GlitchTip instance at glitchtip.jointhesip.com, deployed on the same Hetzner Helsinki servers. GlitchTip is an open-source crash-reporting tool that implements the Sentry data format, so our mobile and backend SDKs send error and crash diagnostics to it the same way they would send to Sentry — except the data stays on our servers. We are not a customer of Sentry the company; no crash data is shared with Sentry or any other third party.

GlitchTip receives:

  • Crash stack traces and diagnostic context (e.g., app version, operating system, device type).
  • Error messages and the code path that triggered them.

Our crash-reporting configuration is set not to transmit personally identifying details (such as names, email addresses, or message content). Breadcrumb data is redacted before transmission.

7.3 Data residency

All analytics and crash data is stored on our own servers in Hetzner Helsinki, European Union. Because we self-host both tools, there are no third-party data processing agreements to disclose for them: the data simply never leaves our infrastructure.

8. Where data lives

For the alpha, our backend, analytics (PostHog) and crash reporting (GlitchTip) all run on our Docker stack at Hetzner Helsinki in the European Union. If you sign up from outside the EU, your data will be transferred to and stored in the EU. We use TLS in transit and encrypted storage at rest.

9. Your rights

You can:

  • Delete your account and your data from inside the app (Settings → Account → Delete account). Deletion removes your profile, check-ins, and messages within 30 days. We may retain minimal records (e.g., abuse reports, financial records) where the law requires.
  • Request a copy of the personal data we hold about you.
  • Correct inaccurate data, or update it directly in the app.
  • Object to or restrict certain processing.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@jointhesip.com from the address on your account. You can also delete your account without contacting us, directly from the app.

10. Retention

We keep your account data while your account is active. After account deletion, we remove or anonymize personal data within 30 days, except where we are legally required to keep it longer. Aggregated venue analytics retained after deletion contain no data that can identify you.

11. Responsible-drinking posture

JoinTheSip is a nightlife companion, not a drink-more app. We do not reward unsafe consumption: progression is capped at safe thresholds, leaderboards are bounded, and we surface responsible-drinking nudges. Nothing in this app should be read as medical advice. If you or someone you know is struggling with alcohol use, contact a qualified professional or a hotline in your country.

12. Security

We use TLS in transit, encrypted storage at rest, and limit access to production data to engineers who need it. No system is perfectly secure, and we will notify affected users without undue delay if a breach involves their personal data.

13. Changes

We will post any changes here, update the “Effective” date at the top, and notify you in-app and by email if the changes are material.

14. Contact

Privacy questions: privacy@jointhesip.com. Account deletion can be done in-app under Settings → Account.

Draft v1.0 — pending legal review. The CMO has flagged the legal-review gap to the CEO; expect an updated revision before public launch.