Last updated: 13 July 2026
Privacy Notice
BeersOn is operated by Onfo Labs, a trading name of Onfo Ltd. Onfo Ltd is the controller of the personal information described in this notice. Version 2026-07-13.
We may update this page from time to time. The latest version will be posted here.
Who we are
BeersOn is operated by Onfo Labs, a trading name of Onfo Ltd. Onfo Ltd is registered in England and Wales under company number 16920128.
General enquiries: hello@beerson.com. Privacy enquiries: privacy@beerson.com.
Information we collect
Depending on how you use BeersOn, we may process Supabase user IDs, email addresses, Google profile or name metadata, display name, first and last name, account status, future avatar fields, favourite drinks, favourite ordering, favourite pubs, signed-in drink sightings, guest drink sightings, serving format, optional sighting notes, anonymous guest-session identifiers and timestamps.
We also process publican, producer and administrator access records, media upload metadata, QR-code configuration data, technical hosting and authentication logs, and possible request, device or security metadata. Exact GPS collection is not currently active in the customer logging flow, although location fields exist for possible future use.
How we collect information
We collect information when you use the site, confirm the age gate, sign in with Google, save drinks or pubs, submit drink sightings, use publican, producer or administrator areas, contact us, or when our hosting and authentication providers generate technical logs.
How and why we use information
We use information to provide the public pub and drinks service, authenticate accounts, provide customer favourites and history, process guest and customer sightings, prevent duplicate submissions and misuse, operate and secure BeersOn, administer publican, producer and administrator access, maintain catalogue data and media, respond to support and privacy requests, meet legal obligations, and establish or defend legal claims where necessary.
Our lawful bases
We use contract, or steps requested by you before entering a contract, for account and service functionality. We use legitimate interests to operate, secure, prevent misuse of and improve BeersOn. We use legal obligation where applicable. We only rely on consent where a future optional activity genuinely requires consent.
Accepting this Privacy Notice is not treated as consent.
Guest drink sightings
Guests can submit drink sightings. Guest sightings use an opaque guest-session identifier for cooldowns and misuse prevention. Optional notes should only include information relevant to the sighting.
Raw sightings are private community signals and are not automatically official pub listings.
Customer accounts and Google sign-in
If you choose Google sign-in, Google and Supabase process the authentication flow. BeersOn may use your email address and Google name metadata to create or backfill your customer profile. Customer accounts are separate from admin, publican and producer access.
Saved drinks and saved pubs
Saved drinks and saved pubs are explicit customer choices. They are linked to your Supabase user ID and are not inferred from drink sightings.
Publican, producer and administrator records
Protected business and administrator access is checked against role records such as publicans, producer contacts and administrators. These may include contact details, role or status fields and linked pubs or producers.
International data processing
Some providers may process information outside the UK. Exact processing regions were not visible in the repository and should be confirmed from the provider dashboards before launch.
How long we keep information
The age-confirmation cookie lasts 12 months. The guest-session cookie lasts 12 months. The OAuth return cookie lasts up to 10 minutes and is cleared after the callback. Supabase authentication cookies follow the active authentication session lifecycle.
Customer profiles are kept while the account remains active and afterwards only where reasonably necessary. Favourites are kept until removed by the customer or deleted with the account. Sightings are retained while needed for contribution history, moderation, duplicate prevention, service integrity and legal requirements. Guest sightings include an expiry field, but automated purge implementation is still being finalised.
Support and privacy correspondence is kept as long as needed to deal with the request and keep an appropriate record. Technical logs and backups follow provider and operational retention settings.
Security
We use access controls, role checks, secure cookies where appropriate, row-level security and server-side validation. No online service can be guaranteed to be completely secure.
Your data-protection rights
Depending on the circumstances, you may have rights to access, correct, delete, restrict or object to processing of your information, receive portable data, and withdraw consent where processing relies on consent.
These rights do not always apply in every situation. We may need to verify your identity before completing a request.
Account deletion and data requests
To request a copy of your data or account deletion, email privacy@beerson.com. Automated account deletion and export tools are not currently built.
Complaints to the ICO
You can contact the UK Information Commissioner's Office at ico.org.uk. We would welcome the chance to deal with your concern first.
Changes to this notice
We may update this notice as BeersOn changes. The latest version will be posted on this page.
Contact us
Privacy and data-protection enquiries: privacy@beerson.com. General enquiries: hello@beerson.com.
