Last updated: January 1, 2025
The short version: We collect only what we need to run the service. We never sell your data. You own your collection data and can export or delete it anytime.
Account information: Email address, password (hashed), and subscription tier.
Collection data: Wine inventory, tasting notes, valuations, cellar locations, and any other data you enter into the Service.
Usage data: Pages visited, features used, and session duration to help us improve the Service. This data is aggregated and anonymized.
Payment information: Payment processing is handled entirely by Stripe. We never store your credit card details. We receive confirmation of payment status only.
We do not use your collection data for advertising, sell it to third parties, or use it to train AI models.
When you use the AI Sommelier, relevant portions of your collection data are sent to Anthropic's Claude API to generate responses. This data is processed under Anthropic's privacy and data handling policies. We do not retain AI query logs beyond your session. Anthropic does not train their models on API data submitted by default. See anthropic.com/privacy for details.
Your data is stored on Google Firebase (Google Cloud Platform) in the United States. We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, and strict access controls. Firebase is SOC 2 Type II certified. While we take security seriously, no system is perfectly secure and we cannot guarantee absolute security.
We share data only with:
We do not sell, rent, or share your personal data with advertisers or data brokers.
Depending on your location, you may have the following rights:
To exercise any of these rights, email privacy@cellaraged.com. We will respond within 30 days.
For users in the European Economic Area, our legal basis for processing is contract performance (to provide the Service you signed up for) and legitimate interests (security, fraud prevention, service improvement). You have the right to lodge a complaint with your local data protection authority.
California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To make a request, email privacy@cellaraged.com.
We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. We use anonymous analytics (aggregated, no personal identifiers) to understand how features are used. You can disable cookies in your browser settings, but this may affect Service functionality.
We retain your account data for as long as your account is active. When you delete your account, we delete all associated personal data within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes, retained for 7 years).
The Service is not directed to individuals under the age of 21 in the United States or under the legal drinking age in other jurisdictions. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately.
We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect. Your continued use of the Service after changes take effect constitutes acceptance.
For privacy-related questions or requests: privacy@cellaraged.com