Privacy Policy

1. Who We Are

BrewComply ("we", "us", "our") operates the BrewComply platform at brewcomply.co.uk — a wastewater compliance reporting tool built for craft breweries in the United Kingdom.

We are the data controller for the personal data we process about you. This policy explains what data we collect, why we collect it, how it is used, and your rights under UK law.

2. Data We Collect

Account and Contact Data

• Email address — collected when you sign up for early access or create an account. Used to communicate with you about the service.
• Name and brewery name — collected when you complete your account profile.

Operational Data

• Meter readings — BOD, TSS, pH, and flow volume data that you enter into the platform to generate compliance reports.
• Trade effluent consent details — permit limits and conditions you configure in your account.
• Generated compliance reports — PDF documents produced by the platform from your readings.

Payment Information

• Payment data is processed by our payment provider, Stripe. We do not store your card details. We retain a record of transactions (amount, date, subscription status) to manage your account.

Technical and Usage Data

• IP address, browser type, operating system, and device identifiers collected automatically when you visit our site.
• Page views and site interaction data collected via cookies and tracking technologies (see Section 7 and our Cookie Policy).

3. How We Use Your Data

We process your personal data for the following purposes:

• Providing the service — to operate your account, process your meter readings, and generate compliance reports.
• Communications — to send you important notices about your account, service updates, and billing.
• Payment processing — to manage your subscription and process payments via Stripe.
• Improving the platform — aggregated, anonymised usage data helps us identify and fix problems.
• Marketing — with your consent, we may send you product updates or relevant industry information. You can opt out at any time.
• Compliance and legal obligations — to comply with our legal obligations under UK law.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

• Contract performance (Article 6(1)(b)) — processing necessary to provide the service you have subscribed to.
• Legitimate interests (Article 6(1)(f)) — improving our service, fraud prevention, and platform security.
• Consent (Article 6(1)(a)) — for marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legal obligation (Article 6(1)(c)) — where we are required to process data to comply with UK law.

5. Data Storage and Security

Your data is stored on servers located within the United Kingdom and/or the European Economic Area. We use industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted storage of sensitive credentials
• Access controls limiting who can view your data
• Regular security reviews

No transmission over the internet is completely secure. We take all reasonable steps to protect your data, but we cannot guarantee absolute security.

6. Data Sharing

We do not sell your personal data. We share it only in the following circumstances:

• Service providers — trusted third parties who help us operate the platform (e.g., Stripe for payments, cloud hosting providers). These processors are bound by data processing agreements.
• Legal requirements — if required by law, court order, or regulatory authority in the UK.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before this occurs.

Your compliance data (meter readings and reports) is never shared with third parties for commercial purposes.

7. Cookies and Tracking

We use cookies and similar tracking technologies on our website, including:

• Meta Pixel (Facebook) — we use the Meta Pixel (ID: 1443188464196046) to track page views, sign-up events, and purchase conversions for advertising purposes on Facebook and Instagram. This may involve the transfer of data to Meta Platforms Ireland Ltd.
• Analytics — anonymised usage tracking to understand how visitors use our site.

For full details of the cookies we use and how to manage them, see our Cookie Policy.

8. Data Retention

We retain your personal data for as long as necessary to provide the service and meet our legal obligations:

• Account data — retained for the duration of your subscription, plus 6 years after termination (to comply with financial record-keeping requirements).
• Compliance reports and meter readings — retained for 7 years, as environmental compliance records may be subject to regulatory inspection.
• Marketing opt-in data — retained until you withdraw consent.

9. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

To exercise any of these rights, contact us at privacy@brewcomply.co.uk. We will respond within one calendar month. There is no charge for exercising your rights.

10. Supervisory Authority

If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:

• Website: ico.org.uk
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of BrewComply after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

For any questions about this Privacy Policy or how we handle your data:

• Email: privacy@brewcomply.co.uk
• Website: brewcomply.co.uk