Barback
Privacy Policy
Effective date: 2026-05-12
Barback is a cocktail recipe and home bar app for iOS. This policy explains what information the app collects, what leaves your device, and what we can and cannot see on our servers.
What stays on your device
- Home bar inventory. The bottles, mixers, and garnishes you check off live in local storage on your iPhone. They never leave the device.
- Favorites and menus. Saved cocktails and the menus you build for events stay on your device.
- No account, no email, no profile. Barback does not ask you to sign in, and there is nothing to sign in to.
What the app sends over the network
- Recipe data and images. The app fetches recipe content and images from a CDN. These requests include standard technical metadata (IP address, device type) that web servers typically log for reliability.
- AI Bartender queries. When you tap “Ask”, your question is sent to our server, which forwards it to OpenAI. See “The AI Bartender” section below for details on what is and is not attached to that request.
- In-app purchases. Pro purchases are processed by Apple through StoreKit. Barback receives a purchase receipt from Apple but does not receive or store your payment card details.
What Barback does not collect
- Barback does not sell your personal information.
- Barback does not collect precise location data.
- Barback does not access your contacts, photos, microphone, or camera.
- Barback does not include third-party advertising or analytics SDKs.
The AI Bartender — how we keep it private
Barback’s AI Bartender feature sends your natural-language question to a server we run on Amazon Web Services, which forwards it to OpenAI to generate the answer. We designed the flow so we cannot identify you, even to ourselves.
- No user identity. Requests are not tied to an account, email, or device fingerprint. Instead, each iPhone generates a cryptographic keypair in the Secure Enclave using Apple’s App Attest framework. We store the device’s public key so we can verify it’s a real iPhone running a real copy of Barback, and so we can rate-limit or block abusive devices. The keypair cannot be linked back to you as a person.
- We do not store your queries. Your question is processed in memory by our server, forwarded to OpenAI, and the response is returned to your phone. Our server keeps short-lived operational logs (typically 2 weeks) used to debug crashes and abuse. These logs may contain the query text, the device public-key identifier, and standard metadata.
- Recipe context, when relevant. If you ask a question about a specific cocktail you’re viewing (e.g. “make this less sweet”), the recipe’s title and a short description are included so the model can answer in context. No information about your inventory or favorites is sent.
- OpenAI as upstream processor. The model that generates the response runs on OpenAI’s infrastructure. Per OpenAI’s API policy at the time of this writing, API requests are not used to train their models. We do not send any personally identifying user information to OpenAI.
Third-party services
- Apple App Store / StoreKit — in-app purchases, restore.
- Apple App Attest — cryptographic device authentication for the AI Bartender.
- Amazon Web Services — Lambda, API Gateway, DynamoDB, S3, CloudFront. Hosts the recipe data, images, and AI Bartender proxy.
- OpenAI — generative model used by the AI Bartender. Queries are routed via our server.
Data retention
Inventory and other in-app data stay on your device until you delete the app or reset the data. Server-side: AI Bartender operational logs are retained for 14 days. The App Attest device public-key registry is retained while the device is active; we can purge entries on request.
Children’s privacy
Barback contains depictions of alcoholic beverages and is rated 17+. The app is not directed to children, and we do not knowingly collect information from children under 13.
Changes to this policy
We may update this policy from time to time. The effective date above reflects the most recent version. Significant changes will be noted on this page.
Contact
Questions about this policy, requests to purge your device’s App Attest key, or general feedback: joe@intelligentsands.com