Privacy Policy

Last updated: March 2026

The short version

Crema is a coffee tracking app that stores all your data locally on your device. There are no accounts, no cloud sync, and no personal information collected. I use privacy-friendly analytics to understand how the app is used in aggregate — nothing more. This website is self-hosted in Germany and keeps minimal server logs for security, which are automatically deleted after 7 days.

Who I am

The controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is

David Credo
Kronshagener Weg 60
24116 Kiel

You can reach me at crema@credo.codes.

Data stored on your device

All brew logs, bean library entries, grind settings, recipes, and preferences are stored locally on your iPhone using Apple's SwiftData framework. This data never leaves your device unless you explicitly choose to share it (for example, sharing a brew card or recipe with a friend).

I do not have access to your brew data. If you delete the app, your data is permanently removed.

Website

This website is self-hosted on a server located in Germany. When you visit the site, the web server automatically logs certain technical data for security and operational purposes. This includes:

  • A truncated version of your IP address (the last portion is masked, so your full address is never stored)
  • Date and time of the request
  • The page or resource requested
  • Your browser's user agent string
  • The referring URL (if any)
  • HTTP status code and response size

Your IP address is partially masked before being written to disk — specifically, the last 16 bits of IPv4 addresses and the last 96 bits of IPv6 addresses are removed. This means your full IP address is never stored on the server.

This data is processed on the basis of my legitimate interest (Art. 6(1)(f) GDPR) in maintaining the security and availability of this website. Server logs are automatically deleted after 7 days. I do not use cookies, tracking scripts, or any analytics on the website itself.

Analytics

I use TelemetryDeck, a privacy-friendly analytics service, to understand how Crema is used in aggregate. TelemetryDeck was designed from the ground up with privacy in mind.

The data collected includes:

  • An anonymized user identifier that cannot be traced back to you personally
  • Basic usage events defined by me (e.g., "app launched", "shot logged")
  • A timestamp rounded to the nearest hour
  • Device metadata such as iOS version, app version, and device type

TelemetryDeck does not collect personally identifiable information, does not track you across apps or websites, and does not use cookies. All user identifiers are cryptographically hashed before being sent, and further salted on TelemetryDeck's servers. The TelemetryDeck SDK is fully open source.

TelemetryDeck GmbH is based in Augsburg, Germany, and processes data on servers located in the European Union. For more details, see TelemetryDeck's own privacy policy.

Legal basis for processing

The analytics data described above is processed on the basis of my legitimate interest (Art. 6(1)(f) GDPR) in understanding how the app is used so I can improve it. I have assessed that this interest does not override your rights and freedoms, given that the data is anonymized, no personal information is collected, and TelemetryDeck is designed to be privacy-preserving by default.

Data stored on your device is not processed by me and therefore does not require a legal basis under GDPR.

Data retention

Data stored on your device persists until you delete the app or clear its data manually. I have no access to this data and cannot delete it on your behalf.

Analytics data sent to TelemetryDeck is retained in accordance with TelemetryDeck's data retention policy. Because the data is anonymized and cryptographically hashed, it cannot be linked back to individual users.

Your rights

Under the GDPR, you have the right to access, rectify, erase, restrict, or port your personal data, as well as the right to object to processing. You also have the right not to be subject to automated decision-making.

In practice, because all brew data is stored locally on your device, you exercise most of these rights directly — by viewing, editing, or deleting your data within the app, or by deleting the app entirely. I do not hold any personal data on my servers.

For analytics data, the anonymization performed by TelemetryDeck means I cannot identify or retrieve data relating to a specific individual. If you have questions or wish to exercise your rights, contact me at crema@credo.codes and I will do my best to assist.

You also have the right to lodge a complaint with a supervisory authority. The relevant authority is the Medienanstalt Hamburg / Schleswig-Holstein (MA HSH).

What I don't do

  • I don't require you to create an account
  • I don't collect your name, email, or any contact information through the app
  • I don't sell, share, or transfer your data to third parties
  • I don't display ads
  • I don't use tracking pixels, cookies, or fingerprinting
  • I don't collect location data

In-app purchases

Crema may offer in-app purchases via the App Store. These transactions are handled entirely by Apple. I do not receive your payment information, billing address, or Apple ID.

Changes to this policy

I may update this privacy policy from time to time. If I make significant changes, I'll note the update date at the top of this page.

Contact

Questions about this policy or how Crema handles your data? Reach out at crema@credo.codes.