One for the Road (onefortheroad.app)
Operated by Varpu Works Oy, Espoo, Finland
One for the Road is a drink-logging app for groups of friends who go to bars together. It is operated by Varpu Works Oy, a Finnish limited liability company. When this policy says "we", it means Varpu Works Oy.
Contact: support@onefortheroad.app
When you create an account, we receive your name and email address from your sign-in provider (Apple or Google) or from the magic link you use to log in. We store this to identify your account.
When you use the app, you create sessions at bars and log what you drank, what you paid, and how you rated each drink. This data is stored as part of the service. Other participants in the same session can see what everyone logged during that session.
If you join a group, other group members can see your name and your participation in group sessions.
If you grant location permission when adding a bar, we capture your coordinates once to identify the bar. We do not track your location continuously. We do not store GPS trails. The coordinates are associated with the bar, not with you.
When you use the "use my location" feature, your browser sends your coordinates directly to OpenStreetMap services (Nominatim for address lookup, Overpass API for nearby bar search). This happens entirely in your browser — your coordinates are not sent to our servers. OpenStreetMap is a third-party service with its own privacy policy.
If you photograph a menu, the photo is stored and sent to an external AI service (Anthropic) for text extraction. The extracted menu data (drink names, prices, ingredients) is stored and shared with other users of the app. The photo itself may incidentally contain background elements such as hands or other people. We strip location and device metadata (EXIF data) from photos before processing.
If you subscribe, your payment is processed by Stripe. We do not see or store your card number. We store a Stripe customer ID and subscription status to manage your account tier.
We use PostHog for product analytics. Events are sent server-side. We track things like: sessions created, drinks logged, menu uploads completed. We do not track you across other websites.
| Data | Legal basis (GDPR) | Purpose |
|---|---|---|
| Account info | Contract performance (Art. 6(1)(b)) | Providing the service, identifying you to other participants |
| Drink logs and sessions | Contract performance | Core app functionality |
| Group membership | Contract performance | Group features |
| Location (one-time) | Consent (Art. 6(1)(a)) | Bar identification, nearby bar lookup |
| Menu photos | Contract performance | Menu extraction and shared menu database |
| Payment data | Contract performance | Subscription management |
| Analytics events | Legitimate interest (Art. 6(1)(f)) | Improving the product, understanding usage patterns |
You can withdraw consent for location access at any time through your device settings. The app works without location — you can select bars manually.
We share data with the following service providers, each of which processes data on our behalf under a data processing agreement:
| Provider | What they receive | Why |
|---|---|---|
| Anthropic (USA) | Menu photos | AI-powered menu text extraction |
| Hetzner (Germany) | All app data | Server hosting |
| Stripe (USA) | Email, payment details | Payment processing |
| PostHog (EU/USA) | Analytics events | Product analytics |
| Cloudflare (USA) | Photos | Image storage (R2) |
| OpenStreetMap Foundation (UK) | GPS coordinates (browser-direct) | Address lookup and nearby bar search |
Anthropic's API is configured to not use your inputs for model training.
When you use the "use my location" feature, your browser sends coordinates directly to OpenStreetMap — this data does not pass through our servers.
We do not sell your data. We do not share it with advertisers. We do not use it for profiling or automated decision-making.
Data transferred outside the EU (Anthropic, Stripe, Cloudflare) is subject to appropriate safeguards including Standard Contractual Clauses.
Other participants in a session can see what you logged during that session: drinks, ratings, spend. This is the core function of the app — you are at the same table.
Group members can see session histories and aggregated stats for sessions involving that group.
No data is publicly visible by default. There are no public profiles, no public bar reviews, no social feed visible to strangers.
When you delete your account, your personal data is removed. Drink logs from shared sessions are anonymised (changed to "a participant") rather than deleted, to preserve the session history for other participants. Bars you added and menu data extracted from your photo uploads remain in the shared database but are no longer attributed to you — these are community contributions that other users rely on. Menu source photos also remain available but with your identity removed.
Under GDPR, you have the right to:
To exercise any of these, email support@onefortheroad.app. We will respond within 30 days.
You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuojavaltuutettu): tietosuoja.fi.
The web app uses session cookies to keep you logged in. These are functional cookies necessary for the service to work. We do not use advertising cookies or third-party tracking cookies.
If we add any non-essential cookies in the future, we will ask for your consent before setting them.
This service is for users aged 18 and older. We do not knowingly collect data from anyone under 18. If we learn that a user is under 18, we will delete their account.
If we change this policy, we will update the date at the top of this page. For significant changes that affect how we handle your data, we will notify you in the app or by email.
Varpu Works Oy
Espoo, Finland
support@onefortheroad.app