Privacy Policy

This Privacy Policy explains how VitaPalate ("we", "us", "our") collects, uses, and protects information when you use the VitaPalate app and related services (the "Service"). By using the Service, you agree to this Privacy Policy.

If you have questions or want to exercise your privacy rights at any time, email us at privacy@vitapalate.com.

1. What we collect

Account information

When you create an account, we collect:

• Name — first and last name as you provide them
• Email address — required for account creation and transactional email
• Phone number — optional; collected only if you provide it
• Profile photo / avatar — optional; only if you upload one
• Authentication credentials — handled by our authentication provider (Clerk); we do not store passwords ourselves

Activity in the app

As you use VitaPalate, we collect data you create:

• Parties you host or attend (party name, date, time, guest list)
• Wine bottles you add to tastings (name, producer, vintage, photo of the label, and metadata extracted from the label by our scanning feature)
• Ratings you give wines during a blind tasting
• Wines you save to your Cellar
• Your derived Palate DNA profile (a multi-axis sensory preference fingerprint built from your blind ratings)
• Comments, notes, or other text content you contribute

Technical information

When you use the app, we automatically collect:

• Device information (device model, operating system version)
• Approximate IP address (used for security and abuse prevention; never used to track you)
• App usage events (which screens you open, which features you use) to help us improve the product
• Crash reports if the app encounters errors

2. How we use your information

We use the information we collect for these purposes only:

• Run the Service. Authenticate you, sync your data across devices, deliver the features of the app (party hosting, blind tasting, Palate DNA, etc.).
• Send transactional emails. When you sign up, host a party, RSVP to an invitation, or attend a tasting, we send confirmation and information emails. These are tied to your account activity.
• Send invitations on your behalf. When you invite a friend to a party, we send them an email with the invitation. We do not retain those invitee email addresses for any purpose other than delivering the invitation and tracking RSVP status.
• Improve the product. Aggregate, anonymized usage analytics help us understand which features matter and where the app needs work.
• Build your Palate DNA. Your blind tasting ratings are processed to build your unique sensory fingerprint, displayed only to you in the app.
• Prevent abuse and ensure security. Detect fraud, spam, and unauthorized access.
• Comply with legal obligations. Respond to lawful requests from authorities.

3. Who we share your information with

We share your information only with the third parties we use to operate the Service. We do not sell, rent, trade, or otherwise transfer your information to advertisers, data brokers, or marketing companies. Ever.

Our service providers, listed in full:

• Clerk — authentication and account management. Stores your name, email, password (hashed), and authentication tokens.
• Supabase — primary database for app data (parties, bottles, ratings, Palate DNA). Hosted on AWS infrastructure in the United States.
• OneSignal — email and push notification delivery. Stores your email address and a unique identifier to associate sends with your account.
• Resend (legacy) — used historically for sending email invitations; being phased out in favor of OneSignal.
• Apple App Store Connect — receives app-related crash reports and standard iOS analytics from your device.

Each of these providers operates under contracts that require them to use your information only to provide the service we've contracted them for. They do not have permission to use your data for marketing, advertising, or sale.

We may also share information when we believe in good faith that disclosure is necessary to comply with a legal obligation, to protect against fraud, or to protect the safety of users or the public.

4. Cookies and tracking

VitaPalate is primarily a mobile app. Within the iOS app, we do not use cookies. The mobile app uses standard iOS device identifiers (provided by Apple) for crash reporting and basic analytics — these are anonymized and managed by Apple.

Our marketing website (vitapalate.com) uses minimal cookies for basic functionality. We do not use third-party advertising cookies, tracking pixels, or remarketing trackers.

5. Data retention

We retain your account information and the data you create for as long as your account is active. Different categories of data are handled differently when you delete your account or request deletion of specific information.

Personal data — deleted on account deletion

The following are permanently deleted from our active systems within 30 days of an account deletion request:

• Your account profile: name, email address, phone number, profile photo
• Photos of bottles you uploaded
• Party names you created
• Notes and written commentary you contributed
• Any other content that directly identifies you

Some of this data may persist in encrypted backups for up to 90 days before being purged completely.

Wine reference data — retained in anonymized form

The following may be retained indefinitely in anonymized form — meaning they are no longer linked to your name, email, or any other identifier that points to you:

• Wine metadata extracted from labels you scanned (varietal, producer, vintage, region, appellation, and similar objective attributes). This is factual information about wines that exist in the world — it is not personal data about you. Once disassociated from your account, it forms part of our wine reference catalog.
• Rating values you assigned to wines during blind tastings. The numeric rating itself is not personal data; we retain rating values (with your name and identifier stripped) as part of our aggregate analytics, which improves the accuracy of our Palate DNA inference engine and the Service for all users.
• Cropped label images (this applies once our auto-cropping feature ships in a future release — see note below). We will retain a tight crop of the wine label only. The original photo you uploaded, which may include personal context such as your hand, kitchen, or surroundings, will be deleted.

Current default while the auto-cropping feature is under development: we delete all bottle photos on account deletion. We retain only the extracted metadata and anonymized rating values.

This anonymized reference data cannot be traced back to you and is treated equivalently to facts in a public catalog. This practice is industry-standard for product catalogs and review platforms — a restaurant directory does not delete its restaurant entries when reviewers close their accounts, and a movie database does not delete movies when editors leave.

Inactive accounts

If you stop using VitaPalate without deleting your account, we may retain your information indefinitely so your account remains available if you return. You can request deletion at any time by emailing privacy@vitapalate.com or using the in-app deletion flow.

6. Your rights and choices

You have the following rights with respect to your personal information:

• Access. You can view all the data associated with your account in the app, or request a complete export by emailing privacy@vitapalate.com.
• Correction. You can update or correct your information at any time inside the app under Settings → Account.
• Deletion. You can permanently delete your account and personal information via Settings → Account → Delete Account. This action is irreversible. Note that some anonymized wine reference data and rating values are retained after deletion as described in Section 5 — these are factual records that cannot be traced back to you.
• Data portability. You can download a JSON file containing your full record (profile, parties, ratings, cellar, Palate DNA) via the in-app data export feature.
• Opt out of non-essential email. Every non-transactional email includes a one-click unsubscribe link. You can also manage email preferences inside the app under Settings → Notifications.
• Restrict processing. You can ask us to limit how we use your information by emailing privacy@vitapalate.com.

If you are a resident of the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to object to processing and the right to lodge a complaint with a supervisory authority. We honor these rights for all our users regardless of where they live.

7. Children's privacy

VitaPalate is a wine tasting app intended for adults of legal drinking age in their jurisdiction (21 or older in the United States). The Service is not intended for, marketed to, or available to anyone under 21 in the U.S. or under the legal drinking age in their region. We do not knowingly collect information from minors. If you believe a minor has provided us with personal information, please contact us at privacy@vitapalate.com and we will delete it promptly.

8. International data transfers

VitaPalate is operated from the United States, and our service providers (Clerk, Supabase, OneSignal) primarily operate in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

For users in the European Economic Area or the United Kingdom, our service providers maintain Standard Contractual Clauses or other valid transfer mechanisms required under applicable data protection law.

9. Security

We use industry-standard security measures to protect your information, including:

• Encryption in transit (HTTPS/TLS) for all communication between the app and our servers
• Encryption at rest for stored data via our database provider (Supabase)
• Authentication and access controls limiting who can access user data internally
• Row-level security policies in our database that enforce per-user data isolation
• Routine security reviews and updates

No system is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. If you suspect your account has been compromised, contact us immediately.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make a material change, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of the Service after a change becomes effective constitutes your acceptance of the updated policy.

11. Contact us

If you have questions about this Privacy Policy or about how we handle your information, contact us:

• Email: privacy@vitapalate.com
• General contact: ops@vitapalate.com