Privacy Policy

Name

When you create an account, we collect your name (first and last). Your name is used to personalize your account and profile, and may be displayed to other users (for example, alongside reviews or social posts you create) so that you can be identified in the App's community.

Email Address

We collect your email during registration or account use. We use your email to create and manage your account, for login authentication, and to communicate with you. This includes sending service-related communications (verification codes, account alerts, receipts) and, if you agree, marketing communications such as newsletters or special offers. Your email may also serve as a username or identifier in the App.

Phone Number

If you provide a phone number (for example, for two-factor authentication or profile information), we use it to help secure your account (e.g. sending SMS verification codes) and to enable certain social features (such as finding or connecting with friends via contacts, if you opt-in). With your consent, we may also use your phone number to send marketing text messages (SMS) about new features or promotions. You can opt out of marketing texts at any time as described in the Marketing Communications section below.

Photos and Images

The App may allow you to upload photos – for instance, a profile picture or photos of wine bottles, labels, and related experiences. If you choose to upload photos, we will collect and store those images. These user-uploaded photos are used to enrich your wine notes or reviews and to share with other users if you post them publicly. Please avoid uploading photos that contain sensitive personal information. Any photos that include your likeness or personal scenes are considered personal data; by uploading them, you understand they may be visible to other users (if shared publicly in the App) or to our moderators as needed for content review.

Wine Notes and Reviews

One core feature of WineFind is the ability to record personal wine tasting notes, ratings, reviews, and other user-generated content. When you input text notes or reviews about wines, we collect and store this content. Your wine notes, ratings, comments, and other posts are used to provide the service – for example, to display back to you in your personal journal, or to share with the community if you post reviews publicly. Keep in mind that any information you include in these notes or reviews (such as personal impressions or preferences) will be stored on our systems, and if shared with others (e.g. a public review), it will be visible to those users. We treat wine notes and reviews as your content, and you can edit or delete them via the App (unless they have been shared and further distributed, as explained under User-Generated Content and Moderation).

Payment Information

If the App offers purchases (such as premium features or buying wines), we (or our third-party payment processor) will collect information needed to process the transaction. This may include your payment card details, billing address, and transaction amount. Importantly, we do not store full payment card numbers on our servers; any payment information is handled by our authorized payment processing partner for security. We retain only minimal information about your transactions (e.g., the fact that a purchase occurred, the product, date/time, and maybe a partial card identifier or transaction ID) for record-keeping, receipts, and to handle refunds or disputes.

Authentication Data from Third Parties

WineFind may allow you to sign up or log in using third-party accounts (for example, “Sign in with Apple”, Google, or Facebook authentication). If you choose to use one of these options, we receive from that third-party certain information such as your name, email, and profile ID as permitted by their API and your consent. We use this information to create or log in to your WineFind account. We do not receive your passwords for those third-party services. The data we do receive from them is treated in accordance with this Privacy Policy. Please note that those external services have their own privacy policies, and you should review them as well when you use such login features.

Device and Usage Information

Like many mobile apps, WineFind automatically collects technical data about your device and how you interact with the App. This automatically collected information may include:

• Device identifiers (such as your device ID or advertising ID, and device type/model, operating system version).
• Log data about your usage of the App (e.g., features or screens you access, clickstream data, timestamps of usage, crashes or error reports).
• Network and connection information (such as IP address, country or general location based on IP, and network provider).
• Analytics data provided by our analytics tools (see Third-Party Services below), which may aggregate information on app performance, user engagement, and events (like how often certain features are used).

To Provide and Maintain the Service

We process your registration information (name, email, etc.) to create and maintain your user account, and to authenticate you when you log in. Your data allows us to let you use the App's core features, such as saving wine notes, posting reviews, and interacting with other wine enthusiasts. We use your information to display your profile and content back to you and (if applicable) to others in the community. Without your personal data, we cannot provide the services you expect (for example, we need your email or phone to let you log in securely and recover access if you forget your password).

Facilitating Social and Community Features

WineFind includes social features like sharing reviews, following friends or other users, and commenting. We therefore use your data to enable these interactions. For example, your profile name and any avatar photo are displayed with your posts or comments so that others recognize you. If you opt to find friends, we may use your contact information (such as your phone or contacts list, with your permission) to suggest connections. Any user-generated content you post (reviews, ratings, comments, photos) will be processed by us to publish it within the App and make it available to other users per your settings. We may also send notifications to you (within the App or via email/push) about social activities – e.g. if someone likes your review or replies to your comment – as part of the service.

Communication with You

We use your email, and possibly your phone number, to communicate with you about the App. This includes transactional or service communications: for example, confirming your signup, sending verification codes, notifying you of changes to our terms or policy, security alerts (like new login to your account), and customer support responses. These service communications are necessary for us to maintain your account and keep you informed of important information. Because they are not promotional in nature, you cannot opt out of receiving essential service communications unless you delete your account.

Marketing and Promotional Messages

With your consent or as otherwise permitted by law, we will use your contact information (email and/or phone) to send you marketing communications about our products, services, promotions, or events. For example, we might email you our newsletter, notify you of new features, special offers on wine-related products, or events like wine tastings. We may also send promotional push notifications if you have enabled them on your device. You have control over whether you receive marketing messages – see the “Marketing Communications and Preferences” section for how to manage or opt out of these messages. We will not send you marketing emails or texts if you have opted out, and we will always honor your choice as required by law.

Processing Payments and Orders

If you make a purchase through the App (such as buying wine, or paying for a premium feature or subscription), we use the personal data related to the transaction to process the payment and fulfill your order. This includes using your provided payment information and contact info to complete the transaction, send you an order confirmation or receipt, and deliver the purchased product or service. Payment processing itself is handled by third-party payment processors (see Third-Party Service Providers below), so we use your data only to the extent needed to communicate with those processors and record the outcome (paid or not).

Analytics and Product Improvement

We analyze how users interact with our App in order to troubleshoot issues, improve the product, develop new features, and enhance user experience. For instance, we might use usage data (which screens are most visited, how often features are used, etc.) collected via third-party analytics services to understand which features are popular and which might need improvement. We also analyze crash reports or error logs (tied to device identifiers) to find and fix bugs and reliability issues. This processing is aimed at continually improving our service and making the App more useful and enjoyable for users. Wherever possible, we use aggregated or de-identified information for analytics, to reduce impacts on your privacy.

Content Moderation and Legal Compliance

We monitor and may review user-generated content (including your reviews, comments, photos) to enforce our community guidelines and Terms of Service. This means we use your information to ensure that content on the platform is appropriate, does not include prohibited material, and complies with applicable laws. Our moderation team (which may involve automated tools and human reviewers) may access or view user content that is flagged or potentially in violation. We will also use personal data as needed to comply with legal obligations – for example, keeping records required by law, responding to lawful requests by government authorities, or using your age information (if provided) to verify that you are of legal drinking age.

Personalization

To the extent permitted, we might use your data (such as your past wines, ratings, or preferences) to personalize the App for you. For example, we could recommend wines or other users to follow based on your profile and activity. We may also customize content in marketing messages if you receive them (for instance, highlighting promotions relevant to your wine preferences). Any such profiling or personalization is intended to benefit your experience; however, you can contact us if you prefer not to have personal data used for certain personalized recommendations.

Other Legitimate Business Purposes

Finally, we may use your information for other legitimate purposes such as auditing, monitoring the performance of our infrastructure, conducting statistical or research activities to the extent allowed by law, or merging your data in the event of a business transaction (e.g., if our company is involved in a merger or acquisition, your data may be transferred to new ownership with continuing protection). If we plan to process your personal data for a purpose materially different from those listed in this Policy, we will update you and obtain any required consent.

Performance of a Contract

When you download or register for WineFind, you enter into an agreement (our Terms of Service) with us. We need to process certain personal data to fulfill our contract with you — namely, to provide the App's services and features as requested. For example, we process your account data, wine notes, and other content because it's necessary to deliver the functionality you expect (storing your notes, sharing your posts, etc.). If you purchase a product or subscription, processing your payment and related info is also necessary to perform our contractual obligations. In short, much of our data use (account setup, service provision, communications, etc.) is justified by the fact that it is required for us to provide the services you sign up for.

Consent

We rely on your consent in certain situations, particularly for optional or additional uses of data. For instance, we ask for your consent before sending marketing emails or SMS messages. If we ever collect sensitive personal data (which we generally do not, except perhaps a profile photo that could reveal something like your image), we would do so only with explicit consent. Using your precise location (if we introduce a feature to find nearby wine events, for example) would also only be with your consent. Whenever consent is our legal basis, you have the right to withdraw that consent at any time – simply adjust your settings or contact us (withdrawing consent will not affect the lawfulness of processing done previously). We will make it just as easy to withdraw consent as it is to give it.

Legitimate Interests

In some cases, we process your data for our legitimate business interests in a way that is not overridden by your rights. This legal basis is used for purposes like analytics and improvement of the service, securing the App, fraud prevention, or personalizing your experience. For example, we have a legitimate interest in understanding how users use our App so we can improve functionality and user satisfaction. We also have a legitimate interest in ensuring our platform is secure and in preventing misuse. When we rely on this basis, we carefully consider and balance any potential impact on your rights. You have the right to object to processing based on our legitimate interests in certain cases (especially for direct marketing – which, as noted, you can opt out of any time).

Legal Obligation

Sometimes we need to process data to comply with a legal obligation. For example, applicable laws might require us to keep transaction records for tax or accounting purposes, or to verify age for alcohol-related regulations. If authorities lawfully require information from us (such as a court order to disclose data for an investigation), we may need to process and provide data to comply. In these cases, the law is the basis for our processing.

Vital Interests

This is rarely applicable, but if ever there were a situation where processing is necessary to protect someone's life or physical safety (vital interests), we could rely on that legal basis. For example, if we became aware through the App of an emergency situation involving a user, we might process or share information to help prevent harm. This is mentioned for completeness; typical App usage would not involve this basis.

Payment Processors

We use third-party payment services to handle any payments or transactions in the App. Examples may include Stripe, PayPal, Apple App Store, or Google Play billing (depending on how purchases are made). These payment processors are responsible for processing your payment information (such as credit card numbers) securely. When you make a purchase, the information you provide in connection with that transaction is transmitted directly to the payment processor and not stored on our servers (except possibly a payment token or confirmation). These third parties are payment controllers in their own right for your financial data, and they only share back with us limited information necessary (e.g., confirmation that payment was completed). We ensure any payment processor we use is PCI-DSS compliant and employs strong security. Please refer to the payment processor's privacy policy for more details on their practices. We will share your name, contact, and purchase details with the processor as needed to execute the charge or refund.

Authentication Providers

If you choose to log in via third-party platforms like Google, Facebook, or Apple, we integrate with those providers to authenticate you. In doing so, we receive from them certain personal data (as described in “Information We Collect”). We may share a confirmation back to those providers that you have successfully logged into WineFind, for their own record-keeping. These authentication providers act as data controllers for the information they provide us (since you likely have an account with them independently). We recommend reviewing their privacy policies. We do not send your WineFind usage data back to Google/Facebook/Apple except what is necessary for the login process or if you explicitly authorize it (for example, if you decide to share a wine review to Facebook, we would send content you choose to share, but only at your request).

Analytics and Crash Reporting

We use third-party analytics services (such as Google Analytics for Firebase, Mixpanel, or similar services) to collect and analyze usage data, as described earlier. These services may automatically collect information like your device identifiers, App version, and events within the App. The analytics providers process this data on our behalf to generate reports and insights about how the App is used. We use these insights to improve our product. Similarly, if we use a crash reporting service (like Firebase Crashlytics or Sentry), that service will receive crash logs and device info when the App errors, to help us diagnose issues. These third-party analytics providers are bound by contracts to only use your data for providing services to us, and not for their own purposes. We do not allow our analytics providers to use the data they collect from our App for independent data mining or advertising. Nonetheless, some analytics tools might use aggregated data across apps to improve their services; they generally do not identify individual users in such cases.

Cloud Storage and Infrastructure

Our App and its backend likely run on third-party cloud servers or hosting providers (for example, Amazon Web Services or Google Cloud). This means that any personal data you provide may be stored and processed on servers operated by those third parties. We take steps to ensure our cloud providers maintain strict security and confidentiality of your data under our instructions. These providers act as data processors for us – they do not access your data except to maintain and manage the storage and computing services. All data on our cloud servers is protected by security measures (encryption, access controls) provided by the cloud platform and managed by us.

Email and Communication Tools

We may use third-party platforms to send emails or other messages to you (for example, an email service provider like SendGrid, Mailchimp, or others for newsletters; or a SMS gateway for texts). In doing so, we share your contact information and the content of the message with the service provider to facilitate delivery. These providers are contractually obligated to use your data only for sending communications on our behalf. For instance, our newsletter service will have your email address to send you the emails we craft, but cannot use your email for anything else. Likewise, push notification services (such as Apple Push Notification service or Google Firebase Cloud Messaging) receive your device's push token and message content to deliver notifications to your device.

Social and Community Sharing

If WineFind features integration with social networks or community platforms (for example, an option to share your review to Twitter, or join a forum), then sharing data with those platforms will occur at your initiation. We will only send data to external social networks when you choose to do so (e.g., when you tap a “Share” button and authorize the transfer). At that point, the external platform's terms and privacy policy govern the data. This isn't exactly our “service provider” but rather a user-directed data sharing. We advise you to check privacy settings on any social accounts you link.

Law Enforcement or Legal Requirements

We may disclose personal information to third parties (such as attorneys, auditors, courts, or law enforcement agencies) if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or property, protect the safety of our users or the public, or respond to a legal request (such as a subpoena). We will carefully review such requests and only provide the minimum necessary information.

Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your personal data could be disclosed or transferred to the acquiring or succeeding entity, either as part of due diligence or at the closing of the transaction. In such cases, we will require that the new entity continue to honor this Privacy Policy with respect to your personal information (unless you are notified otherwise and consent to any changes). We will inform you of any ownership change that affects your personal data via notice in the App or email.

Public vs. Private Content

Some content you provide on WineFind is private to you (for example, a personal note you save about a wine that you don't share, if that feature exists, would only be visible to you when logged in). Other content is shared publicly or within the WineFind community – for instance, a wine review that you post will typically be visible to other users of the App, and possibly publicly if the App allows web viewing of top reviews. We will make it clear in the App what content may be seen by others (usually anything you actively post in a community or social section). Please assume that wine reviews, comments on others' posts, and similar interactive content will be visible to others along with your profile name and photo. Do not include information in public posts that you are not comfortable sharing broadly. For example, avoid writing your phone number or address in a review, since that could be viewed by anyone.

Moderation and Content Guidelines

We have community guidelines or terms that outline what content is acceptable in WineFind. To enforce these rules and ensure a respectful, lawful community, we moderate user content. Our moderation may involve automated filters and human review. For instance, we might automatically filter out posts that contain certain profanity or obvious spam, and our team might manually review content that is reported by users or flagged by algorithms. In the course of moderation, moderators may view any content you post, even if you later delete it (we may still have a record in logs or backups for a time). If content is found to violate guidelines or laws (e.g., hate speech, explicit imagery, harassment, or copyright infringement), we reserve the right to remove or block that content. In serious cases, we may suspend or terminate accounts that repeatedly violate rules, as stated in our Terms of Service. Our goal with moderation is to protect users and maintain a constructive environment; we do not proactively surveil private content that isn't shared, but any content you share in public forums on the App is subject to review.

Privacy of User Content

Any personal information you include within user-generated content (for example, mentioning your location in a review, or posting a photo of yourself) becomes publicly available to other users if that content is posted publicly. While we will endeavor to apply this Privacy Policy to all personal data we store, please be aware that information you make public is not confidential and may be used or viewed by anyone. We strongly encourage you to exercise caution when sharing personal details in content that will be seen by others. If you inadvertently post personal information and wish to remove it, you can delete the content or edit it if the App provides that functionality, or contact us for assistance in removal.

User Content License

By using social features, you may be granting us a license to display and distribute the content you post within the App. For example, if you write a wine review, you allow us to show that review to other users, which is inherent in how the service operates. We do not use your content outside the App without permission. If we ever wanted to use a user's photo or review in marketing material, we would ask for permission. The main thing to understand is that the content you post is yours, but you give us (and other users) the right to view and use it within the context of the App. If you delete content, we will cease to display it, though residual copies may remain on our servers for a brief time (see Data Retention). Also, other users could have seen or saved your content while it was live (for instance, by taking a screenshot of your review), which is beyond our control.

Content involving Others

If you upload photos or content that include other individuals (for example, a picture of a friend holding a wine glass), ensure you have their permission to share it. We may remove content that violates others' privacy rights. Also, refrain from posting personal data of others (like tagging a friend with their full name or contact info without consent). We aim to comply with “Right to be Forgotten” requests as well – if someone is identifiable in content on our platform and wants it removed, we will review and act in accordance with data protection laws.

Age Restriction and Content

Our App is intended for adults of legal drinking age. We do not allow accounts for persons under 18 (or the relevant legal age to purchase alcohol in your jurisdiction, if higher). If we discover content posted by an underage user or depicting underage drinking, we will remove it and may take action on the account. Additionally, content promoting irresponsible or illegal alcohol use is against our guidelines.

Liability for User Content

While this is more of a Terms of Service matter, it's worth noting that you are responsible for the content you post. We are not liable for what you or other users choose to publish in the App, but we will act to remove unlawful content once we become aware. If you see content that you believe violates our guidelines or someone's privacy, please report it through the App's reporting tool or contact us.

Types of Marketing Communications

With your consent (or as allowed by applicable law), we may use your email address to send newsletters, product updates, promotional offers (e.g., discounts on premium subscriptions or affiliated wine products), or general tips and articles about wine. If you have provided a phone number and explicitly agreed, we might send occasional marketing SMS messages. We might also use push notifications on your device to inform you of new content or deals, if you have those enabled. All marketing communications will be related to our services or the wine and lifestyle topics that WineFind covers – you will not receive unrelated third-party marketing from us without separate consent.

Opt-In and Consent

When you first register, we will ask for your permission to send marketing emails or messages (for example, via a checked or unchecked box, or through your profile settings). If you do not give consent, we will not send you marketing emails. For SMS, we comply with telemarketing laws (such as requiring explicit opt-in, and including instructions to stop). For push notifications, your mobile device operating system will typically ask if you want to allow notifications; you can decline, and still use the App normally (though you might miss timely updates). We will only send marketing communications to the extent you have agreed or it is otherwise lawful (for instance, some jurisdictions allow limited marketing to existing customers about similar products, but we will always provide a clear opt-out opportunity).

How to Unsubscribe/Opt-Out

You have the right to opt out of marketing communications at any time. If you receive a marketing email from us, it will contain an “unsubscribe” link at the bottom – clicking that will allow you to stop further emails. You can also manage email preferences in your account settings within the App (if available) or by contacting us directly to request removal from the list. For SMS messages, you can typically reply with commands like “STOP” or follow instructions provided in the message to opt out. For push notifications, you can disable them entirely or for WineFind specifically through your device's settings, or adjust notification preferences in the App if we offer granular controls. We will process opt-out requests promptly, and in accordance with legal requirements. Under laws like GDPR, if you object to direct marketing, we will cease processing your data for that purpose as soon as possible.

Scope of Opt-Out

When you opt out of marketing, you will no longer receive promotional emails or texts. However, you may still receive non-promotional communications from us. These include account and transaction-related messages as described earlier (e.g., password resets, important service notices, etc.), which are necessary for service and not subject to general opt-out. If you decide you no longer want any communication from us at all, you would need to delete your account, which you can request at any time (see User Rights section for deletion).

Third-Party Marketing

We do not share your contact information with third-party companies for them to market their own products to you, without your consent. We might occasionally include in our own newsletters information about a partner or an affiliate offering (for example, a discount from a wine supplier we partner with), but such communication would still come from us and be under our control. If we ever were to involve third parties in sending communications, it would be under our direction and consistent with this Policy.

Advertising in the App

If our App displays advertisements (for example, banner ads or sponsored content), those might be targeted based on your usage data or context, but typically this is done in-app and not via communication channels. We currently focus on direct marketing via email/SMS/push rather than third-party ads. We will update our policy if advertising practices evolve.

Global Preferences

We will honor all opt-out requests regardless of jurisdiction. Additionally, if you are in a region like the EU, we will ensure we have proper consent mechanisms (e.g., double opt-in if required). For California residents, we note that opting out of marketing is separate from the CCPA “Do Not Sell” right – but as stated, we do not sell your data. If in the future we engage in any activity that qualifies as a “sale” of personal information under CCPA (like sharing data with advertisers for value), we would provide a specific mechanism to opt out of that as well (see Your Rights section).

Encryption

We use encryption to protect data in transit and at rest. This means that the information you send to us through the App is encrypted using HTTPS/TLS (you'll see the padlock icon in the app's network communication, just as in a web browser) which prevents eavesdropping on the data as it travels over the internet. Additionally, we encrypt sensitive data stored on our servers or databases. For example, passwords are stored using secure hashing algorithms (we never store plaintext passwords). Other sensitive fields (like any payment tokens or personal identifiers) are encrypted at the database level.

Access Controls

We limit access to personal data to those employees, contractors, and service providers who need to know that information in order to process it on our behalf. All personnel with such access are subject to confidentiality obligations. We utilize authentication and authorization controls within our organization – for instance, staff can only access the user data necessary for their role (for example, a customer support agent may look up your account info when assisting you, but they would not have access to unrelated data). Administrative access to systems is logged and reviewed. We also ensure that our developers and admins use secure methods (like two-factor authentication) to access servers where data is stored.

Security Testing and Maintenance

Our team regularly updates and patches the App and our server software to address security vulnerabilities. We employ firewalls and monitoring to protect our network and detect intrusions or anomalies. We may perform periodic security audits and penetration tests (internally or via third-party specialists) to find and fix potential weaknesses. The App's code is reviewed for secure coding practices. We also follow secure development lifecycle practices.

Secure Data Handling

When we share data with third-party processors (as detailed earlier), we ensure they also implement appropriate security measures. For example, our payment processor is required to have strong encryption and PCI compliance. Our analytics data is usually aggregated, but nonetheless transmitted securely. We avoid collecting more data than we need, which is also a security principle – less data retained means less risk.

Backup and Recovery

We do create backups of our databases to prevent data loss. These backups are encrypted and stored securely. We have procedures for data recovery in case of incidents. Backup data is protected with the same level of security as our primary systems and is retained only for the necessary period (see Data Retention).

Incident Response

Despite all efforts, if a data breach or security incident were to occur that compromises your personal data, we have an incident response plan. This includes notifying affected users and relevant authorities as required by law. For example, GDPR requires that we notify the supervisory authority and users of certain breaches within specific timeframes. We will act promptly to contain and investigate any incident, and inform you of any actions you may need to take to protect yourself (such as changing passwords) if applicable.

User Responsibilities

While we work hard to secure our systems, you also play a role in keeping your data safe. We encourage you to use a strong unique password for your WineFind account and to keep your login credentials confidential. Do not share your account with others. If you suspect unauthorized access to your account, please notify us immediately. We will never ask you for your password via email or unsolicited communication – beware of phishing attempts.

No Absolute Guarantee

It's important to note that no method of transmission over the internet or electronic storage is completely secure. Thus, we cannot guarantee absolute security of your information. However, we strive to use commercially acceptable means to protect your personal data. In the unlikely event of a security issue, we will take all required steps to fix it and prevent future occurrences.

Account Information

We keep the personal data associated with your account (such as your name, email, phone, profile info, and settings) for as long as your account is active. If you choose to delete your account or if it has been inactive for an extended period, we will initiate deletion of this information. Typically, upon account deletion, we will remove or anonymize personal data within a reasonable time frame (for example, we might process deletions on a rolling 30 or 60-day cycle to allow for administrative tasks). In some cases, we may retain certain data after account deletion if necessary (see exceptions below).

User-Generated Content

Content you have posted (reviews, notes, comments, photos) is generally retained as long as you have an account, so that it remains available to you and other users. If you delete a specific piece of content (e.g., remove a review), we will make it no longer visible to others and erase it from our primary databases. However, some data might persist in backups or logs for a short period. If you delete your entire account, in most cases we will delete or anonymize all associated content. For example, your reviews may be removed from public view. In some communities, instead of complete deletion, content might be retained with your identity stripped (e.g., a review might show as from “Deleted User”), but for WineFind we intend to remove your content entirely on account deletion unless there's a strong reason to retain it in anonymized form (such as it being essential to a wine's overall rating aggregation – even then, it could be kept without personal identifiers).

Transaction and Payment Records

If you have made purchases, we may retain records of those transactions (excluding sensitive payment details which we do not store) for a certain period required for financial reporting and audits. For instance, accounting laws may require us to keep invoicing data for a number of years (commonly 7 years in some jurisdictions). Thus, we might retain your purchase history (your name, contact, what was bought, when, and amount) as part of our business records even if you delete your account, but we will use it only for legal/compliance purposes and not for marketing.

Logs and Analytics

Server logs, analytics data, and backups are typically retained for a limited time for the purpose of debugging, analysis, and system integrity. For example, raw logs containing IP addresses might be kept for a few weeks. Aggregated analytics reports may be stored longer but they do not directly identify individuals. Crash logs are retained until issues are resolved. We ensure that any personal identifiers in logs are not kept longer than necessary.

Communication History

If you contacted support or we exchanged emails, we may retain those communications as long as needed to assist you and maintain a record of our service (which can help in case of future related issues). Generally, support emails are retained for a period in our email archive unless you request deletion and it's feasible.

Legal Requirements and Preventing Harm

We might need to retain certain information for legal compliance or legitimate business interests even after you request deletion. For example:

• If we're resolving a dispute or enforcing our terms, we may keep data until the matter is closed.
• If a law enforcement authority has legally asked us to retain data, we will do so.
• We keep a record of consent given or withdrawn (for example, if you opted out of emails, we keep your email on a suppression list to ensure we don't accidentally contact you, even after account deletion, unless you opt back in).
• Data needed to detect/prevent fraud or security issues might be kept to ensure those issues do not recur (for instance, we may retain information about banned accounts or device identifiers to block abusive users).

Backups

Data on backup servers are not immediately deleted when you delete from the live system. However, our backup retention is time-limited and cyclical. Any personal data in backups will fade away as backups are overwritten with newer data (commonly within weeks or a few months, depending on backup rotation schedule). During that interim, your data isn't active or used, but it's stored securely until obsolete. We treat data deletion requests as applying to our backups as well – meaning we will not restore deleted personal data from backups except if required for a rare disaster recovery scenario, and even then we would re-delete it after recovery.

Right to Access

You have the right to request access to the personal data we have about you. This is sometimes called a “Data Subject Access Request.” Upon request, we will provide you with a copy of the personal information we maintain about you in a common format, as well as explanations of how it is used, within the timeframe required by law. For example, you can ask us to confirm if we're processing your data and to send you a copy of your profile details, the list of reviews you posted, etc. (assuming providing such data does not adversely affect the rights of others). For most users, much of this data is visible in your account (you can see your profile info, content, etc.), but we will supply any additional information you are entitled to.

Right to Rectification

You have the right to request that we correct or update any inaccurate or incomplete personal data. If you find that your information is incorrect – for example, you changed your email or you notice we have a misspelled name – you can typically edit some of this in your account settings. For anything you cannot self-update, please contact us, and we will make the corrections as needed to ensure accuracy of your data.

Right to Erasure (Deletion)

You can ask us to delete your personal data, which is also known as the “right to be forgotten.” This right is not absolute but we will honor it to the fullest extent possible. That means if you want your account and all associated personal info removed, you can request account deletion. We will then erase your personal data from our active databases. Note that there are exceptions – we might retain certain data if we have a legal obligation or overriding legitimate interest (as described in Data Retention). For example, if you made purchases, we might keep transaction records, or if your content was involved in a dispute, we may keep evidence. But we will let you know if any such exception applies when you request deletion. Generally, if you use the in-app “delete account” feature, we treat it as a full erasure request. We'll also ensure any service providers we shared your data with delete it (or anonymize) as needed. Once deleted, your data (including any public posts) will be removed or anonymized, and you will lose access to the account.

Right to Restrict Processing

You have the right to request that we restrict or pause the processing of your personal data in certain circumstances. For example, if you contest the accuracy of data or have objected to our processing (see below) and we are evaluating your request, you can ask that we hold your data but not actively use it. Another scenario is if we no longer need the data but you need us to keep it for a legal claim, we would mark it as restricted (no further processing except for that purpose). When processing is restricted, we will still store your data but not use it otherwise until the issue is resolved. If this is needed, please contact us and explain the situation; we'll comply if your request meets the criteria under law.

Right to Data Portability

You have the right to obtain your personal data in a portable, machine-readable format, and to request that we transmit it to another controller where technically feasible. In practice, this might mean you can ask for an export of your WineFind data (for example, all your notes and reviews in a JSON or CSV file) to take to a competing service. We will provide such data in a structured commonly used format (like CSV, JSON, or XML) that can be read by a computer. This right applies to data you provided to us directly and that we process by automated means on the basis of consent or contract. Not all data qualifies, but things like your profile info, your contributions, etc., generally would. We will assist with this if requested.

Right to Object

You have the right to object to certain types of processing of your personal data. Most notably, you can object to processing carried out on the basis of legitimate interests or public interest (we don't do the latter) and, as explicitly mentioned in GDPR, you have an absolute right to object to direct marketing. We've covered marketing opt-out above – any time you object to or unsubscribe from marketing, we will cease marketing to you. If you object to other processing (like our analytics based on legitimate interest), we will evaluate your objection and see if we can accommodate (for example, perhaps offering you a basic account with minimal tracking). If your objection relates to a situation where we rely on legitimate interests, we will comply unless we have a strong overriding reason (or a legal requirement) to continue that processing.

Right to Withdraw Consent

Where we rely on your consent to process data, you have the right to withdraw that consent at any time. This is often the easiest right to exercise because it's basically you changing your mind. For example, if you consented to receive push notifications with marketing, you can turn them off. If you gave consent for something like accessing your contacts to find friends, you can revoke that permission via your device settings or by contacting us, and we will stop that processing. Withdrawal of consent will not affect processing already done, but it will prevent further processing of the specific data or for the specific purpose you withdraw from.

Right not to be subject to Automated Decisions

We do not currently make any legal or similarly significant decisions about you based solely on automated processing (i.e., without human involvement). However, if that were to change (say we implemented an AI-based feature that significantly affects your rights), you would have the right not to be subject to a decision based purely on automated processing, and to request human review. Profiling in terms of analyzing preferences might occur, but it is not used to make impactful decisions without human oversight in our service. If you have questions about this, let us know.

California Privacy Rights

If you are a resident of California, the CCPA (as amended by CPRA) provides some additional explicit rights:

• Right to Know: You can request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting, and the categories of third parties with whom we share it (much of which is in this Privacy Policy) – as well as if we sold or disclosed your data for a business purpose. We will provide this information for the 12-month period preceding your request, as required.
• Right to Delete: Similar to above, you can request deletion of your personal information. There are exceptions under CCPA (if the data is needed for certain purposes), which align with what we described in our deletion policy.
• Right to Opt-Out of Sale or Sharing: CCPA gives you the right to direct a business that sells personal information to stop doing so. As noted, we do not sell your personal data (no exchange of data for money or equivalent value for third-party marketing). We also do not “share” your data for cross-context behavioral advertising (as defined under CPRA). Therefore, there is no need for you to opt out — by default we respect this right. If that ever changes, we will implement a “Do Not Sell or Share My Personal Information” link or setting.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means if you opt out of sales or request deletion, we will not deny you services, charge you different prices, or provide a lesser quality of service just because of that choice. (However, note that deletion of your data might mean we can no longer provide certain features if they rely on that data; for example, if you ask us to delete all your profile info, you won't have an account to log into. That's a logical consequence, not discrimination.)

California's “Shine the Light” law: separate from CCPA, California Civil Code allows residents to request certain info about what personal data is shared with third parties for those third parties' direct marketing. We do not share personal data with third parties for their own direct marketing, so we have no such disclosures to provide.

If you are a California resident and send us a request to exercise any rights, we will treat it in accordance with applicable law. (Also, if you have an authorized agent, they can submit requests on your behalf, but we may need to verify their authority and your identity.)

Other Regional Rights

Depending on your country or state, you may have additional rights (for example, some jurisdictions have a right to correction similar to GDPR's, or a right to lodge complaints). We aim to address all common rights in the list above. If you believe you have a privacy right not listed here, feel free to reach out and we will accommodate it if applicable.

Exercising Your Rights

To exercise any of your rights, please contact us using the information in the Contact section below. Make sure to specify which right you wish to exercise and describe your request with sufficient detail for us to process it. For example, if requesting access, specify the data you want to access; if correcting, let us know what is inaccurate and the correction. For your security, we will need to verify your identity before fulfilling substantive requests (especially for access, deletion, etc.). Verification may involve checking that the email you write from matches your account email, or asking you to provide information that matches our records. We will respond to your request within the timeframe required by law (under GDPR, typically within one month; under CCPA, within 45 days, etc.), and we will let you know if we need an extension or cannot comply with a request due to a legal exception. There is generally no fee for exercising your rights. However, if a request is manifestly unfounded or excessive (e.g., repetitive) we may either charge a reasonable fee or refuse to act on it, as permitted by law – but we'll explain why if that happens.

Right to Complain

In addition to the rights above, if you have concerns about how we are handling your personal data, you have the right to lodge a complaint with a data protection supervisory authority. If you're in the EU, that would be the authority in your country of residence (you can find a list of Data Protection Authorities on the European Data Protection Board website). In the UK, it's the Information Commissioner's Office (ICO). In California, if we don't address your issue, you can contact the California Privacy Protection Agency or the state Attorney General. Of course, we would appreciate the chance to address your concerns directly first, so we encourage you to contact us and we'll do our best to resolve any issue.

Europe (EEA/UK/Switzerland) Transfers

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, and your personal data is transferred to a country that the European Commission (or other relevant authority) has not deemed to have an adequate level of data protection (for example, the United States), we will implement appropriate safeguards to comply with GDPR requirements. Typically, this means we will use Standard Contractual Clauses (SCCs) approved by the European Commission. SCCs are contractual commitments between companies transferring personal data, obligating the recipient to protect the data to EU standards. We may also rely on other mechanisms allowed under GDPR, such as an adequacy decision (if the destination country is later recognized as adequate) or obtaining your explicit consent for specific transfers, if appropriate.

Other Regions

For data transfers from other countries with data export restrictions (for example, some countries in Latin America or Asia have similar laws), we will similarly ensure compliance by using contractual measures or as required by those local laws. If required, we will seek your consent for cross-border transfers in those jurisdictions.

Our Infrastructure

Many of our third-party service providers (cloud hosts, etc.) are international companies. We carefully select providers that maintain high data protection standards. For instance, if we use a European data center for EU users, we will try to store their data in Europe to the extent possible. But some data may still be accessed from or routed through the US (for example, our support team in the US might assist an EU user's issue by accessing their profile data remotely, which is technically a transfer).

Privacy Shield / Data Privacy Framework

Note, the previous EU-US Privacy Shield framework was invalidated in 2020. A new EU-US Data Privacy Framework was introduced in 2023. Where applicable and if our vendors are certified under the new framework, we may rely on that certification as part of our transfer compliance. In any case, we commit to handling European personal data in compliance with GDPR principles regardless of where it is processed.

Your Rights and Remedies

If we transfer your data out of your country, you still retain all the rights described in this Privacy Policy and under applicable law. The agreements we have in place (like SCCs) are intended to give you enforceable rights and legal remedies in respect of your data, even when it is overseas. You may contact us for a copy of the relevant contractual safeguards in place for transfers of your personal data (some portions may be redacted for confidentiality or security).

International Users

By using WineFind or providing us with information, you acknowledge that your personal data may be transferred to other countries, including the United States. We will always protect it as described in this Policy, no matter where it is processed. If any transfer is needed that involves new purposes or parties not covered by this Policy, we will update you and collect consent if required.

Age Restrictions and Verification

If you are not of legal drinking age or are considered a minor in your jurisdiction, please do not use the App or submit any personal information to us. When users sign up, we may ask for birthdate or age verification to ensure compliance with age restrictions. The content in WineFind (discussions of alcohol) is inherently not child-directed. If any user who is a minor lies about their age to gain access, that is against our Terms; but if we discover it, we will terminate the account.

For Parents and Guardians

If you become aware that your child (under 13, 16 in EU, or under legal age) has created an account or provided us with personal information, please contact us immediately. We will take prompt steps to delete the child's personal data from our records. We may ask for proof of guardianship in such cases to ensure we are communicating with an authorized adult.

Our Commitment

If we learn that we have inadvertently collected information from a user under the required age, we will deactivate the account and delete the information as soon as possible. We also do not target any of our marketing or services to children.

Legal Compliance

In jurisdictions with specific laws protecting children's privacy (like COPPA in the United States, which protects children under 13), we comply with those laws. That includes not knowingly storing any personal info of a child without parental consent. Since our policy is to disallow underage use entirely, parental consent mechanisms should not be needed on our platform.

Notification of Changes

If we make material (significant) changes to the Policy, we will notify you by appropriate means. This may include posting a prominent notice in the App, sending an email to the address associated with your account, or providing an in-app notification. The notice will outline the key changes and, if required, we may ask for your consent to certain changes. Minor changes (such as clarifications or typographical corrections) may be updated on our website or in-app without a dedicated alert, but the “Last updated” date at the top will always reflect the latest revision.

Effective Date

Any changes will be effective when the revised Policy is posted, unless otherwise stated. If you continue to use WineFind after those changes take effect, you will be deemed to have accepted the updated Privacy Policy. However, if the changes involve a new purpose for processing that is not compatible with the original purposes, we will either seek your consent or provide an opportunity to opt out, as required by law.

Version History

For transparency, if the changes are substantial, we may keep prior versions of this Privacy Policy and make them available upon request or via our website, so you can see how our practices have evolved.

Your Rights Regarding Changes

We will not reduce your rights under this Privacy Policy or under applicable data protection laws without your consent. If you object to any changes in the Policy, you should stop using the App and can request that we delete your data. By staying with WineFind, you acknowledge the updated Policy. We recommend that you save or print a copy of this Privacy Policy for your records and revisit it whenever you have concerns.