Bierdex
Bierdex

Munich · Half-litre Helles on draft · no Oktoberfest prices

Privacy

Data processing in plain language

Bierdex is built to publish venue prices, not to profile visitors. The current stack uses only the data needed to run the site, defend the submission form against abuse, and review contributed prices.

What Bierdex processes

  • Venue and price submissions sent through the public form.
  • Menu photos optionally uploaded alongside price submissions, stored in Supabase Storage and used only to assist moderation.
  • Feedback messages (feature requests, bug reports) optionally including an encrypted contact email.
  • Rapid-contact messages (name, subject, reply email, message) sent from the Impressum page — relayed straight to the operator and not stored by Bierdex.
  • Data erasure request emails when a visitor asks the operator to remove historic personal data.
  • A hashed daily IP value used for rate limiting and duplicate-submission prevention.
  • Cloudflare Turnstile verification signals on the contribution form.
  • An admin authentication cookie for the protected review area.

Why it is processed

  • To review and publish submitted beer prices.
  • To receive and fulfil GDPR-style deletion requests.
  • To protect the form and admin area against spam, bots, and brute-force abuse.
  • To keep optional user preferences such as language choice when permission exists.

Processors and third parties

  • Supabase is used as the application database and API layer for venue and submission records.
  • Cloudflare Turnstile is used on the contribution form to block automated abuse.
  • The site is self-hosted behind a reverse proxy; infrastructure logs may still exist at the hosting layer and should be described in the final operator policy.

Retention approach

  • Admin auth cookie: 8 hours.
  • Language preference storage: until changed or cleared by the visitor.
  • Consent preferences: until changed by the visitor.
  • Submission records and moderation metadata: up to 12 months, then deleted.
  • Approved public price observations can remain in the index after the linked submission row is removed.
  • Deletion-request emails: until the request is completed.

User rights

Visitors should be able to request access, correction, deletion, and objection where applicable. The final operator details on the Impressum page should be the contact point for those requests.

Delete my data

Request deletion of historic personal data

If you previously shared an email address with Bierdex, use this form to request deletion of the related personal data. The request goes to the operator for manual review before deletion.

Use the same email address you previously submitted. Requests are reviewed manually to avoid deleting the wrong records.

Contribute