Privacy Policy

How we collect, use, and protect your information.

Last Updated: April 23, 2026

The short version

We collect the minimum we need to show you nearby deals and run our loyalty program. We don't sell your data. We don't take payments, so we never see your card info. If you use the web without signing in, we don't know who you are.

Who this applies to

This policy covers everyone who uses Broke & Buzzed — our website, our iOS app, and any connected services. You must be 21 or older to use Broke & Buzzed. If you're under 21, please close the tab.

What we collect

If you browse the web without signing in

Nothing that identifies you personally. We log basic request data (IP address, browser type, pages visited) for security and aggregate analytics. That's it.

If you use the iOS app or create an account

  • Account info: email address, phone number (for OTP login), and, if you use Apple Sign-In, the identifier Apple provides.
  • Date of birth: to confirm you're 21+.
  • Location: only if you grant permission. We use it to surface deals near you. You can revoke this any time in your device settings.
  • Deal activity: which deals you view, save, or redeem, and when. This powers personalized recommendations and our Buzz Points loyalty program.

What we don't collect

Payment or card information. All transactions happen in-store with the retailer. We also don't collect contacts, photos, health data, or your browsing history outside our app.

How we use it

  • Show you deals and stores near you.
  • Award and track Buzz Points.
  • Detect fraud (fake redemptions, duplicate accounts, bot traffic).
  • Share aggregate, anonymized analytics with our partner stores — for example, "42 people viewed this deal this week." Partner stores never see your name, email, phone, or precise location.
  • Send you account-related messages (OTP codes, account alerts). Marketing emails only if you opt in.

Who we share it with

A short list of service providers, each only getting what they need to do their job:

  • Amazon Web Services (RDS, EC2): hosts our database and servers in the United States.
  • SMS provider (Twilio or similar): delivers phone OTP codes. They see your phone number only.
  • Apple: if you use Sign in with Apple, Apple handles authentication.
  • Analytics provider (future): we'll use an analytics tool to understand app usage in aggregate. We'll update this policy before we turn one on.
  • Law enforcement: only when we're legally required to respond.

We do not sell your personal information. We never will.

Your choices

  • See your data: email us and we'll send you a copy.
  • Delete your account: in-app via Settings, or email us. We'll purge your personal data within 30 days. Some aggregate analytics (stripped of identifiers) may remain.
  • Turn off location: revoke the permission in iOS Settings any time. The app still works, you just won't see distance-sorted deals.
  • Opt out of marketing: unsubscribe link in every marketing email, or email us.

Security

Passwords are hashed. Data in transit is encrypted (TLS). Database backups are encrypted at rest. We use least-privilege access for our team. No system is perfect, but we take this seriously.

Retention

Account data: as long as your account is active, plus 30 days after deletion. Redemption logs: up to 24 months for fraud analysis, then anonymized. Web server logs: 90 days.

Not for anyone under 21

Broke & Buzzed is strictly for adults 21 and older. We don't knowingly collect information from anyone under 21. If you believe a minor has created an account, email us and we'll delete it.

Changes

If we materially change this policy, we'll update the date above and notify account holders by email before the change takes effect.

Contact

Questions, requests, or concerns — we actually read these.
Email: officialbrokeandbuzzed@gmail.com

Still have questions?

Ask us anything about how we handle your data. We'll give you a straight answer.

Email us