Last Updated: March 10, 2026 Effective Date: March 10, 2026 Version: 1.2
Jahanshasys, a British Columbia company operating under the trade name "Pourit" ("we," "us," or "our"), is based in British Columbia, Canada and operates the Pourit mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our App, in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia's Personal Information Protection Act (PIPA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and other applicable privacy legislation.
By creating an account and using the App, you consent to the collection, use, and disclosure of your personal information as described in this policy.
In accordance with PIPEDA, we have designated a Privacy Officer responsible for our compliance with this policy and with applicable privacy laws.
Privacy Officer: Jahanshasys (operating as Pourit) British Columbia, Canada support@pourit.app
Our Privacy Officer is responsible for:
| Data Type | When Collected | Purpose |
|---|---|---|
| Name, email, profile photo URL | Account creation (via Google or Apple sign-in, or email registration) | Account management, display within the App |
| Recipes you create | When you save a personal recipe | Personal recipe library |
| Favourites | When you favourite a cocktail | Syncing favourites across devices |
| Feedback and submissions | When you submit a recipe or feedback | Community features, content improvement |
| Organization membership | When you join an organization | Team recipe sharing |
The App uses five Google Firebase products. Each collects specific data:
| Firebase Service | Data Collected | Purpose | Retention |
|---|---|---|---|
| Firebase Authentication | Email, display name, profile photo URL, sign-in provider, user ID, IP address, user agent | Account authentication, security, abuse prevention | Account lifetime; IP addresses retained several weeks |
| Cloud Firestore | User-generated content (recipes, favourites, preferences, organization membership) | App functionality, data sync | Account lifetime |
| Firebase Analytics | Screen views, feature usage events, device model, OS version, country, app version, Analytics instance ID | Usage analytics, feature improvement | 14 months, then aggregated |
| Firebase Crashlytics | Crash stack traces, device model, OS version, RAM, CPU architecture, installation UUID | App stability monitoring | 90 days |
| Cloud Functions | Request metadata (IP address, auth tokens) processed in-memory | Backend operations | Not persisted |
For the complete list of data collected by each Firebase service, see Google's Firebase data collection disclosure: https://firebase.google.com/support/privacy
Google AdMob (free-tier users only)
The App displays advertisements to free-tier users through Google AdMob. AdMob and its advertising partners collect and process:
AdMob uses this data to deliver advertisements, measure performance, prevent fraud, and personalize ads. You can manage ad personalization through your device settings (see Section 4).
For users in the European Economic Area, United Kingdom, and Switzerland, the App presents a consent prompt for personalized advertising in compliance with Google's EU User Consent Policy.
For details, see:
Purchase transactions are processed by the Apple App Store or Google Play Store. We receive purchase confirmation data (product ID, transaction ID, purchase date) but do not receive or store your payment card information.
The App does not use browser cookies. However, the App and its third-party service providers use the following tracking technologies:
You may reset or limit advertising identifiers through your device settings:
Denying tracking does not block ads; you will still see advertisements, but they may be less relevant to you.
We collect and use your personal information for the following identified purposes:
| Purpose | Data Categories Used |
|---|---|
| Provide, maintain, and improve the App | Account info, usage data, crash data |
| Authenticate your identity and manage your account | Account info, sign-in provider data |
| Sync favourites, personal recipes, and preferences across devices | User-generated content |
| Process in-app purchases and manage premium subscriptions | Purchase confirmation data |
| Display advertisements to free-tier users | Advertising identifiers, device info |
| Generate AI cocktail recipes at your request | Your text input (ingredient preferences, request text) |
| Analyze usage patterns to improve features | Analytics events, device info |
| Monitor and improve app stability | Crash reports, device info |
| Respond to your feedback and support requests | Contact info, correspondence |
| Detect and prevent abuse | IP addresses, auth tokens |
| Meet legal and regulatory obligations | As required |
We limit our collection of personal information to what is necessary for these identified purposes. We do not collect personal information indiscriminately or for hypothetical future use.
By creating an account, you consent to the collection, use, and disclosure of your personal information as described in this policy. Where we collect information for a new purpose not identified in this policy, we will seek your consent before doing so.
Withdrawal of consent: You may withdraw your consent at any time by deleting your account through the App's settings screen, subject to legal or contractual obligations and reasonable notice. Withdrawal of consent may affect your ability to use certain features of the App.
Sensitive information: We do not collect information that would be considered sensitive under PIPEDA (health data, biometric data, etc.).
The App uses automated processing in the following ways:
We do not sell, rent, or trade your personal information. We may share data in the following circumstances:
Our use of Firebase is governed by Google's Firebase Data Processing and Security Terms (https://firebase.google.com/terms/data-processing-terms) and the Cloud Data Processing Addendum (https://cloud.google.com/terms/data-processing-addendum). A list of Google's subprocessors is available at https://firebase.google.com/terms/subprocessors.
Your personal information may be transferred to and processed on servers located outside of Canada, including in the United States, through our use of Google Firebase and Google AdMob.
We ensure that appropriate safeguards are in place for these transfers:
Your data is stored using Google Firebase services, hosted on Google Cloud Platform infrastructure. Firebase provides:
We implement Firestore Security Rules to ensure users can only access their own data. Administrative access is restricted to authorized personnel.
No method of transmission or electronic storage is 100% secure. While we use commercially reasonable security measures, we cannot guarantee absolute security.
| Data Category | Retention Period |
|---|---|
| Account profile data | Lifetime of account; deleted immediately upon account deletion |
| User-generated recipes and favourites | Lifetime of account; deleted upon account deletion |
| Organization membership | Until you leave the organization or delete your account |
| Firebase Analytics data | 14 months, then aggregated and anonymized |
| Crashlytics reports | 90 days |
| AdMob interaction data | Controlled by Google per their retention policies |
| Purchase transaction records | 3 years (for accounting and dispute resolution) |
| Support correspondence | 2 years after resolution |
| Authentication IP addresses | Several weeks (Firebase default for abuse prevention) |
Upon account deletion, your Firestore user document is deleted immediately. Firebase Authentication records are purged within 180 days. Anonymized, aggregated analytics data may be retained indefinitely.
To exercise any of these rights, contact us at support@pourit.app. We will respond within 30 days.
As a BC-based company, we are subject to British Columbia's Personal Information Protection Act (PIPA). Under PIPA, you have the right to:
Breach notification: In the event of a privacy breach that poses a real risk of significant harm, we will notify you and the OIPC as required under PIPA.
Under PIPEDA (which applies to interprovincial and international data flows), you have the right to:
Breach notification: In the event of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as soon as feasible, as required under PIPEDA section 10.1.
In accordance with Quebec's Act respecting the protection of personal information in the private sector, you have the following additional rights:
Your personal information is transferred to and processed by Google LLC, whose servers are located outside of Quebec and Canada, including in the United States. Contractual safeguards are in place to ensure an equivalent level of protection.
To file a complaint, you may contact the Commission d'acces a l'information du Quebec at https://www.cai.gouv.qc.ca.
If you are in the EEA, you have additional rights including:
Our legal basis for processing is: consent (account creation), contract performance (providing the service), and legitimate interests (analytics, security, abuse prevention).
Where your personal data is transferred outside the EEA, transfers are protected by Standard Contractual Clauses (SCCs) as incorporated in Google's Data Processing Terms. You may request a copy of the applicable SCCs by contacting us.
Categories of personal information collected (last 12 months):
| Category (per CCPA) | Collected | Disclosed To |
|---|---|---|
| Identifiers (name, email, UID) | Yes | Firebase |
| Internet/network activity (usage events) | Yes | Firebase Analytics |
| Geolocation (approximate, via IP) | Yes | AdMob |
| Commercial information (purchases) | Yes | App Stores |
| Inferences drawn from above | Yes | Internal use only |
We do not sell or share personal information as defined under the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.
To exercise your CCPA rights, contact us at support@pourit.app.
The App is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly. Contact us if you believe we have inadvertently collected such information.
The App contains content related to alcoholic beverages and is rated 17+ on the App Store and "Mature" on Google Play. By using the App, you confirm that you are of legal drinking age in your province, state, or country of residence, or that you are using the App solely for educational or informational purposes and are at least 13 years of age.
COPPA (U.S.): We do not knowingly collect personal information from children under 13 as defined by the Children's Online Privacy Protection Act. If a parent or guardian becomes aware that their child has provided us with personal information, please contact us at support@pourit.app and we will delete it within 30 days.
In accordance with Canada's Anti-Spam Legislation (CASL), we will only send you commercial electronic messages (including promotional emails) with your express consent. The App does not currently send push notifications or promotional emails, but if we introduce these features in the future, we will obtain your express consent before sending any commercial electronic messages.
You may withdraw consent at any time by:
Withdrawal of consent will be processed within 10 business days. Transactional messages (purchase confirmations, account security alerts, service notifications) are not commercial electronic messages and will continue to be sent as necessary.
In the event of a breach of security safeguards involving your personal information that creates a real risk of significant harm:
1. Notification to you: We will notify affected individuals as soon as feasible, describing the nature of the breach, the types of personal information involved, the date or period of the breach, what we are doing to address it, and steps you can take to reduce the risk of harm. 2. Notification to regulators: We will report the breach to the Office of the Privacy Commissioner of Canada (under PIPEDA s. 10.1) and the Office of the Information and Privacy Commissioner for BC (under PIPA) as required. 3. Record-keeping: We will maintain a record of every breach of security safeguards involving personal information under our control for at least 24 months, as required by PIPEDA. 4. Quebec (Law 25): For Quebec residents, we will also notify the Commission d'accès à l'information du Québec of any confidentiality incident that presents a risk of serious injury.
The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies before providing them with any personal information.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you at least 30 days before the changes take effect by posting a notification in the App and updating the "Last Updated" date. Your continued use of the App after changes are posted constitutes acceptance of the revised policy.
If you do not agree to the updated policy, you may delete your account before the effective date of the changes.
If you have questions about this Privacy Policy, wish to exercise your data rights, or want to file a complaint, contact us at:
Jahanshasys (operating as Pourit) British Columbia, Canada Email: support@pourit.app
If you are not satisfied with our response: