Privacy Policy
Last updated: March 5, 2026
Overview
WineDiaries ("we", "our", "the app") is a private wine memory app. Your memories are yours. We built this app around one principle: your data stays private.
What We Collect
Account Information
- Email address (for authentication)
- Display name (optional, set by you)
- Apple ID token (if you sign in with Apple)
Content You Create
- Memory photos, titles, dates, locations, and notes
- Wine information (names, labels, vintages, producers, regions)
- People you tag in memories (names and optional email addresses)
Automatically Collected
- Device type and OS version (for crash reporting via Sentry)
- App usage events (anonymous, for improving the app)
- Crash reports and error logs
What We Do NOT Collect
- Your location in the background
- Your contacts or address book
- Your photo library (we only access photos you explicitly select)
- Browsing history or data from other apps
Legal Basis for Processing (GDPR)
We process your data based on the following legal grounds:
| Processing Activity | Legal Basis | Details |
|---|---|---|
| Account creation and authentication | Contract performance | Necessary to provide the service you signed up for |
| Storing memories, wines, and photos | Contract performance | Core app functionality you use the service for |
| Invite emails to tagged people | Legitimate interest | Delivering shared content to intended recipients |
| Crash reporting (Sentry) | Legitimate interest | Maintaining app stability and fixing bugs |
| Anonymous usage analytics | Legitimate interest | Understanding feature usage to improve the app |
| In-app purchases (RevenueCat) | Contract performance | Processing transactions you initiate |
You can withdraw consent for optional features at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
How We Use Your Data
- Memories and wines: Stored in our database (Supabase, hosted in EU) to power the app. Only visible to you and people you explicitly share with.
- Email address: Used for authentication, password reset, and invite notifications. We do not send marketing emails.
- Crash reports: Sent to Sentry to help us fix bugs. These contain device info and error context, not your personal content.
- Usage analytics: Anonymous event tracking to understand which features are used. No personal content is included.
Who Can See Your Data
- Your memories are private by default. No one can see them unless you explicitly share.
- Shared memories are visible only to people you invite. There is no public feed, no discovery, no social network.
- We (the developers) can access the database for debugging and support, but we do not read your memories or browse your content.
- We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.
Third-Party Services
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, auth, storage | Account + content | EU (Frankfurt) |
| Sentry | Crash reporting | Device info, errors | EU |
| Resend | Invite emails | Recipient email only | US |
| Apple | Sign In with Apple | Apple ID token | US |
| RevenueCat | In-app purchases (future) | Purchase receipts | US |
International Data Transfers
Your primary data is stored in the EU (Supabase, Frankfurt). However, some third-party services process data in the United States:
- Resend (email delivery): Processes recipient email addresses in the US to send invite notifications.
- Apple (Sign In with Apple): Processes authentication tokens in the US.
- RevenueCat (in-app purchases): Processes purchase receipts in the US.
These transfers are protected by:
- Standard Contractual Clauses (SCCs) adopted by the European Commission, which our US-based processors have committed to.
- The EU-US Data Privacy Framework, where applicable for certified processors.
No personal content (your memories, photos, wine data) is transferred outside the EU.
Data Storage and Security
- All data is stored in Supabase (Postgres) with Row Level Security enabled on every table.
- Photos are stored in Supabase Storage with per-user access controls.
- All data is transmitted over HTTPS.
- We do not store passwords — authentication is handled by Supabase Auth (bcrypt hashing) or Apple Sign In.
Data Retention
- Your data is retained as long as your account is active.
- Deleted memories and wines are soft-deleted (hidden) and permanently purged after 30 days.
- You can request full account deletion by emailing privacy@winediaries.app.
Account Deletion
You can delete your account and all associated data in two ways:
- In-app: Go to Settings > Delete Account. This immediately deactivates your account.
- By email: Send a request to privacy@winediaries.app.
Upon deletion:
- Your account is deactivated immediately and you are signed out.
- All personal data — memories, photos, wines, people tags, and profile information — is permanently purged within 30 days.
- Shared memories you created are removed from other users' views.
- Data already processed by third-party services (e.g., crash reports sent to Sentry) may be retained by those services per their own retention policies.
Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and all associated data (see Account Deletion above)
- Export your data in a portable format
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest
- Lodge a complaint with a supervisory authority (in Germany: your state data protection authority)
To exercise these rights, email privacy@winediaries.app. We will respond within 30 days.
Privacy Manifests
WineDiaries includes third-party SDKs that provide Apple-required privacy manifest files (PrivacyInfo.xcprivacy), detailing their data collection and API usage. These manifests are bundled with the app and disclosed to Apple during the review process.
Children
WineDiaries is not intended for users under 17. The app contains references to alcohol and is rated 17+ on the App Store. We do not knowingly collect data from anyone under 17. If we learn we have collected data from a minor, we will delete it promptly.
Changes
We may update this policy. Material changes will be communicated via the app or email. Continued use after changes constitutes acceptance.
Contact
For privacy questions: privacy@winediaries.app