Bruno

Privacy Policy

Last updated: March 14, 2026

1. Introduction

This Privacy Policy explains how Bruno (“we”, “us”, or “our”) collects, uses, and protects your personal data when you use our website at bruno.pizza and our mobile application (collectively, the “Services”).

We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

2. Data Controller

Bruno is operated by an individual developer. The data controller responsible for your personal data is:

Bruno (sole proprietorship)

Email: hello@bruno.pizza

Note: Bruno is not a registered company or legal entity. It is operated as a sole proprietorship by an individual developer.

3. Personal Data We Collect

3.1 Waitlist Registration

When you join our waitlist, we collect:

  • Email address
  • Date and time of registration

3.2 Account Information

When you create a Bruno account, we collect:

  • Name and email address (provided via Sign in with Apple, which may share a private relay address)
  • Username (chosen by you during onboarding)
  • Profile photo (optional)
  • Bio and website link (optional)
  • Country code (derived from your device locale)

3.3 Pizza Baking Records

When you log a home bake, we store:

  • Bake date and notes
  • Dough recipe details (ball count, weight, hydration, salt, yeast, oil, sugar, malt percentages)
  • Fermentation times (bulk, cold, room temperature)
  • Oven type and temperature
  • Pizza style
  • Photos you choose to attach

3.4 Pizza Restaurant Visits

When you log a restaurant pizza visit, we store:

  • Visit date and notes
  • Restaurant name and address
  • Location coordinates (latitude and longitude), if you permit location access
  • Country code
  • Photos you choose to attach

3.5 Social Interactions

When you use social features of the app, we store:

  • Likes you give and receive on bakes and pizza visits
  • Follow and follower relationships between accounts
  • Content reports you submit
  • In-app notifications and their read status

3.6 Device Data

To deliver push notifications, we collect:

  • APNs device token
  • App bundle identifier and environment (sandbox/production)

3.7 Website Usage Data

When you visit bruno.pizza, we automatically collect:

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and time spent on our website

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you join our waitlist, you provide explicit consent for us to process your email address to notify you about our app launch. When you permit location access, you consent to location data being collected for restaurant visit logging.
  • Contract Performance: When you use the app, we process data necessary to provide the Services you have requested, including storing your baking logs, photos, and social interactions.
  • Legitimate Interests: We process usage data to improve our Services, deliver push notifications, and prevent fraud and abuse.

5. How We Use Your Data

We use your personal data to:

  • Create and manage your Bruno account
  • Store and sync your pizza baking logs and restaurant visits across devices
  • Display your public profile and posts to other users
  • Enable social features (follows, likes, notifications)
  • Deliver push notifications to your device
  • Send you updates about our app launch and product news (waitlist only)
  • Improve and optimise our Services
  • Respond to your inquiries and support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

6.1 Service Providers

  • Supabase: Our primary backend provider, hosting our database and authentication system. Your account data, baking logs, social interactions, and device tokens are stored in Supabase (PostgreSQL) — Supabase Privacy Policy
  • Cloudflare R2: Object storage for photos you upload, served via media.bruno.pizza — Cloudflare Privacy Policy
  • Apple: We use Apple Push Notification service (APNs) to deliver push notifications to your device — Apple Privacy Policy
  • MailerLite: Email marketing service for managing waitlist subscribers and sending launch communications — MailerLite Privacy Policy
  • Vercel: Hosting and infrastructure provider for the bruno.pizza website — Vercel Privacy Policy

6.2 Public Content

Your username, profile photo, bio, and any baking logs or pizza visits you choose to make public are visible to other Bruno users and may be accessible on the web via public profile and post pages.

6.3 Legal Requirements

We may disclose your data if required by law or to protect our rights, property, or safety.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including the United States, where our service providers (Supabase, Cloudflare, Vercel, MailerLite) operate. We ensure appropriate safeguards are in place:

  • Service providers are contractually obligated to protect your data
  • Transfers comply with UK GDPR and EU GDPR requirements
  • We use Standard Contractual Clauses where applicable

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

  • Waitlist data: Until you unsubscribe or request deletion, or until 12 months after our app launch
  • Account and app data: For the duration of your account, plus 30 days after account deletion (to allow recovery)
  • Photos: Deleted from our storage within 30 days of you deleting them or your account
  • Device tokens: Deactivated immediately on logout and deleted when no longer needed
  • Website analytics data: Aggregated, anonymised data may be retained indefinitely

9. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (e.g., unsubscribe from emails, revoke location access)

To exercise any of these rights, contact us at hello@bruno.pizza. We will respond within 30 days.

10. Cookies and Tracking

Our website uses minimal cookies:

  • Essential cookies: Required for basic website functionality
  • Analytics: We use Vercel Analytics to understand how visitors use our site (anonymised data, no cross-site tracking)

The Bruno mobile app does not use cookies or third-party analytics SDKs.

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

11. Location Data

The Bruno app requests access to your device location solely to help log the location of restaurant pizza visits. Location access is optional — you can use the app without granting it. We collect location data at approximately 100-metre accuracy. We do not track your location in the background.

Your country code is also derived from your device locale settings and stored as part of your profile.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure authentication via Sign in with Apple
  • Row-level security policies in our database
  • Regular security assessments
  • Access controls limiting data access to what is necessary

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

13. Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately at hello@bruno.pizza.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website with a new “Last updated” date
  • Sending an email notification to waitlist subscribers (for significant changes)

Your continued use of our Services after changes constitutes acceptance of the updated policy.

15. Supervisory Authority

If you are located in the UK or EU and have concerns about our data practices, you have the right to lodge a complaint with your local supervisory authority:

  • UK: Information Commissioner’s Office (ICO) — ico.org.uk
  • EU: Your local Data Protection Authority

16. Contact Us

If you have questions about this Privacy Policy or our data practices, you can contact the developer:

Email: hello@bruno.pizza

We will respond to your inquiry within 30 days.

As a sole proprietorship, all inquiries are handled directly by the individual developer.