Privacy Policy
Last updated: July 3, 2026
This policy describes what Whiskey River TX (operated by Thirst Metrics) collects, why, and how it is handled when you use whiskeyrivertx.com and app.whiskeyrivertx.com (the “Service”).
1. What We Collect
- Account data — email address, password (stored as a hash by our auth provider), role, and territory assignment.
- CRM data you enter — activities, notes, contact details of your business contacts, goals, and territories.
- Location data — GPS coordinates captured when you log a visit, used for visit verification. Location is captured only at the moment you create an activity, never tracked in the background.
- Photos you capture — business cards, receipts, menus, and shelf/display photos. These may contain personal information (names, phone numbers, emails on business cards).
- Billing data — handled by Stripe; we never see or store full card numbers.
- Usage data — standard web logs and an anonymous page-view counter.
2. How We Use It
- To operate the Service: your CRM data is displayed to you and, where applicable, your team’s managers under your company’s account.
- To process captures: photos of cards, receipts, and menus are sent to an AI vision model to extract structured data (see Processors below).
- To bill subscriptions, provide support, and secure the Service.
- We do not sell your data. We do not use your CRM data to build cross-customer datasets.
3. Processors We Use
- Supabase — authentication, database, and photo storage (private buckets; images served via short-lived signed URLs).
- Stripe — subscription billing.
- OpenRouter / Anthropic — AI extraction from captured images and text. Images are processed to return structured data and are not used by us to train models.
- DigitalOcean — application hosting (US region).
- Cloudflare — DNS and edge network.
- Mapbox — geocoding of business addresses for map display.
4. Public Records Data
Market analytics in the Service are built from Texas mixed-beverage gross-receipts filings, which are public records published by the State of Texas. Business names, addresses, and receipt totals shown in the Service come from those public filings.
5. Retention and Deletion
- CRM data and photos are retained while your account is active.
- On account closure you may request an export within 30 days; afterwards we may delete your data from production systems and backups on their normal rotation.
- You can request deletion of specific captures or contacts at any time.
6. Security
All traffic is encrypted in transit (TLS). Database access is scoped per user with row-level security; captured photos live in private storage accessed only through expiring signed URLs; API routes require authentication. No system is perfectly secure — report concerns to [email protected].
7. Your Rights
You may request access to, correction of, export of, or deletion of your personal data by emailing [email protected]. We respond within 30 days. If a business contact’s details were captured by one of our customers (e.g., from a business card), we act as a processor for that customer — we will refer your request to them and assist as needed.
8. Cookies
We use only functional cookies: an authentication session cookie and your UI preferences. No third-party advertising or tracking cookies.
9. Changes
We will announce material changes to this policy in-app or by email before they take effect.
10. Contact
Thirst Metrics · Nevada, USA · [email protected]