Privacy Policy

Last updated: April 9, 2026

Keggio ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our kegerator management service at keggio.com ("the Service").

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is Keggio. If you have questions about how your data is handled, please contact us through the Service or at the contact details provided in Section 10.

2. What Data We Collect

We collect and process the following categories of personal data:

Account Data

  • Email address — used for authentication, account recovery, and service communications
  • Password — stored only as a securely hashed value; we never store your plain-text password
  • Display name (optional) — if you choose to set one
  • Avatar URL (optional) — if you choose to set one

Service Data

  • Keg, tap, and pour data — the information you enter about your kegs, taps, and pours
  • Preferences — display settings such as theme, units (metric/imperial), and tap display configuration

Consent Records

  • Terms and privacy acceptance timestamps — when you accepted the Terms of Service and Privacy Policy

3. What Data We Do Not Collect

  • We do not use cookies for tracking or analytics
  • We do not use third-party analytics services (e.g., Google Analytics)
  • We do not collect or store payment card details (see Section 6 on payments)
  • We do not sell, rent, or share your personal data with third parties for marketing purposes

4. Purpose and Legal Basis

We process your personal data for the following purposes:

  • Contract performance (Art. 6(1)(b) GDPR) — to provide the Service you signed up for, including account management, keg and tap tracking, tap display, and pour logging
  • Legitimate interest (Art. 6(1)(f) GDPR) — to maintain the security and integrity of the Service, prevent abuse, and improve the Service
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws, such as retaining records of consent

5. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records (such as consent timestamps for compliance purposes).

Keg, tap, and pour data associated with your account is deleted when your account is deleted.

6. Payment Processing and Stripe

We use Stripe as our third-party payment processor for handling subscriptions and payments. When you subscribe to a paid plan:

  • Your payment details (credit card number, billing address, etc.) are collected and processed directly by Stripe. We never receive, store, or have access to your full payment card details.
  • We store only a Stripe customer ID and subscription ID to link your Keggio account to your Stripe subscription. These are internal identifiers and do not contain payment information.
  • Stripe processes your data as an independent data controller for payment processing. Stripe's privacy policy is available at stripe.com/privacy.

We remain responsible for ensuring that Stripe is used in accordance with applicable data protection laws and that the transfer of data to Stripe has a valid legal basis (contract performance).

7. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe — for payment processing as described in Section 6
  • Infrastructure providers — our hosting provider processes data on our behalf to operate the Service, under a data processing agreement

If you use the sharing feature to generate a public link to your tap list, the tap and keg information visible on that link is accessible to anyone with the URL. No personal account information is exposed through shared links.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate personal data
  • Right to erasure — request deletion of your personal data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restriction — request limitation of processing
  • Right to object — object to processing based on legitimate interest

You can exercise your rights to access, export, and delete your data directly from your account settings in the Service. For other requests, contact us using the details in Section 10.

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Passwords are hashed using industry-standard algorithms and never stored in plain text
  • All data is transmitted over encrypted connections (HTTPS/TLS)
  • Access to personal data is restricted to authorized systems and processes

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us through the contact form in your account settings. If you do not have an account, you may reach us by writing to the address provided in our Terms of Service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

← Back to Registration