PRIVACY POLICY
Effective Date: 01/12/2025
Last Updated: 01/12/2025
Website: https://kellerkollektiv.com/winefoo
Jurisdiction: Poland (with GDPR & international compliance)
1. Introduction & Scope
This Privacy Policy describes how WineFoo ("we," "our," "us," "Company," or "Data Controller") collects,uses, processes, discloses, stores, and protects your personal information when you use our mobile application("App") on iOS and Android platforms.
IMPORTANT:
This Privacy Policy applies only to WineFoo. It does NOT apply to:
Google or Apple (who handle authentication)
The App Store or Google Play Store (who process payments)
Any third-party services or websites linked from the App
We are committed to protecting your privacy in compliance with applicable data protection laws, including theGeneral Data Protection Regulation (GDPR) and other international privacy standards.
2. What Information We Collect
2.1 Authentication Information (Collected by Google/Apple, Shared with WineFoo)
When you sign in using Google Play or Apple App Store:
Email address associated with your Google or Apple account
Display name from your account
Profile picture URL from your account
Unique user identifier assigned by Google or Apple
Authentication method used (Google Sign-In or Apple Sign-In)
Account verification status
We DO NOT collect or store:
Your password
Your payment information
Your Google/Apple account security details
Your phone number or address (unless you provided these to Google/Apple)
2.1.1 Account Data Collection (Optional)
If you choose to create an account, we collect:
Email address, Display name (optional), Account creation date, Authentication credentials
This data is used only for: Authenticating your account, Restoring purchases across devices (when feature is available), Syncing your data across devices (when feature is available), Communicating important updates about your account.
We do NOT use this data for marketing or third-party sharing.
2.2 Usage & Behavioral Data
We automatically collect information about how you interact with the App:
Wine pairing selections you make (which food categories you select)
Wine recommendations displayed to you
Time and date of your app usage
Session duration and frequency
Number of daily pairing requests you make
Features you access within the App
Buttons you click and interactions you perform
Your subscription status (free or premium)
Timestamps of your activities
Technical events and errors you encounter
2.3 Subscription & Account Status
To manage your subscription:
Whether you are a free or premium user
Your subscription start date and renewal dates
Your subscription status (active, cancelled, expired, pending)
Device identifiers associated with your subscription
Number of subscriptions active on your account
Subscription history (when you subscribed, upgraded, downgraded, or cancelled)
We DO NOT collect or store:
Your credit card number
Your payment method details
Your billing address
Your full payment history
2.4 Technical & Device Information
Device type and manufacturer (iPhone, Samsung, etc.)
Operating system and version (iOS 15.0, Android 12, etc.)
App version and build number
Device advertising ID (IDFA for iOS, Google Advertising ID for Android)
General geographic location based on IP address (country/region only—NOT precise GPS location)
IP address
Device language settings
Crash reports and error logs
App performance metrics and diagnostics
Device memory and storage information (for technical troubleshooting)
We DO NOT collect:
Precise GPS location data
Your contact list or call history
Photos or media files
Microphone or camera access
Health data or biometric information
2.5 Google Analytics & Firebase Analytics
Through Google Analytics (via Firebase), we collect:
User engagement metrics (how long you use the app, when you use it)
Feature usage statistics (which app sections you visit most)
User flow and navigation patterns
Device and OS information
General demographic data (inferred from your Google account, if linked)
Custom events we define (e.g., "wine recommendation viewed")
Crash and exception reports
Performance and latency data
User acquisition source (which app store you downloaded from)
Data is anonymized before analysis:
Individual user identities are not visible in analytics reports.
You can opt-out:
Through your device settings, you can disable personalized ads and limit ad tracking.
3. How We Use Your Information
3.1 Core Service Delivery
We use your information to:
Provide wine pairing recommendations based on your selections
Match your food selections to our wine database
Manage your subscription status (free vs. premium)
Enforce the 24-hour free user limit
Display appropriate features for your subscription tier
Authenticate you securely
Maintain and update your user profile
Process your subscription automatically through the app store
3.2 Service Improvement & Optimization
Analyze usage patterns to improve recommendation accuracy
Identify and fix bugs and technical issues
Optimize app performance and loading times
Conduct A/B testing and experiments to improve features
Understand which features users find most valuable
Identify user drop-off points and improve retention
Train and improve our recommendation algorithms
Analyze aggregate trends to inform product decisions
3.3 Communication & Support
Respond to your customer support inquiries
Send you important app updates or security notices
Notify you of material changes to these Terms or Privacy Policy
Inform you of new features (if you opt in to notifications)
3.4 Legal, Safety & Fraud Prevention
Comply with applicable laws, regulations, and legal requests
Enforce these Terms & Conditions and other agreements
Protect against fraud, unauthorized access, or abuse
Prevent illegal activity
Protect the rights, property, and safety of WineFoo, users, and the public
Maintain security and prevent data breaches
3.5 Analytics & Business Intelligence
Generate anonymous, aggregate reports on app usage
Analyze market trends and user behavior patterns
Measure app performance and success metrics
Benchmark performance against industry standards
Make informed business decisions about app development
Identify opportunities for growth and improvement
3.6 We DO NOT Use Your Data For:
Marketing emails or promotional communications (without your consent)
Selling or sharing with third parties for their marketing
Behavioral advertising based on your wine selections
Profiling or predictive modeling about your personal preferences
Any purpose beyond what is explicitly stated in this policy
4. Legal Basis for Processing (GDPR)
For European Union and United Kingdom residents, our legal basis for processing your data includes:
Authentication data → Legal Basis: Contract → Purpose: Provide app access and subscription management
Usage data → Legal Basis: Legitimate Interest → Purpose: Improve app performance and user experience
Subscription data → Legal Basis: Contract → Purpose: Manage billing and subscription services
Analytics data → Legal Basis: Legitimate Interest → Purpose: Improve recommendations and app optimization
Technical data → Legal Basis: Legitimate Interest → Purpose: Security, fraud prevention, system maintenance
Legal compliance → Legal Basis: Legal Obligation → Purpose: Comply with laws and regulations
5. Data Storage & Security
5.1 Where Your Data Is Stored
Your data is stored using:
Google Cloud Platform (Firebase Firestore)
Geographic Region:
us-central (nam5 - United States)
Backup Systems:
Managed by Google Cloud's redundancy and disaster recovery systems
Important:
Your data is physically stored in the United States. By using the App, you consent to thisinternational data transfer.
5.2 Security Measures
We implement these security measures:
Encryption in Transit:
All data transmitted between your device and our servers uses HTTPS/TLS encryption
Encryption prevents interception of your data in transit
Encryption at Rest:
Data stored in Firebase is encrypted using Google-managed encryption keys
Encryption protects stored data from unauthorized access
Access Controls:
Only authorized personnel can access your data
Role-based access restrictions
Audit logs track data access
Secure authentication for system administrators
Infrastructure Security:
Google Cloud Platform security standards and compliance certifications
Regular security updates and patches
Firewalls and intrusion detection systems
Network segmentation and isolation
Industry Standards:
We follow security standards consistent with OWASP, NIST, and ISO 27001
Regular security audits and vulnerability assessments
Important Limitations:
No security system is 100% secure or impenetrable
We cannot guarantee absolute protection against sophisticated attacks
Responsibility shared: we protect data in our systems; you protect your device and account credentials
5.3 Data Retention Schedule
Account/Authentication Data → Retention Period: Retained while account is active + 1 year after deletion → Reason: Legal compliance, audit trail
Subscription Status → Retention Period: Retained while active + 1 year after cancellation → Reason: Billing records, churn analysis
Usage Analytics → Retention Period: Up to 2 years → Reason: Service improvement, business intelligence
Wine Pairing History → Retention Period: 24 hours (free user limit) / Permanent (preference learning) → Reason: Usage restriction enforcement, personalization
Crash Reports → Retention Period: 30-90 days → Reason: Bug identification and resolution
Error Logs → Retention Period: 30-90 days → Reason: Technical troubleshooting
Backup Data → Retention Period: Google Cloud standard retention → Reason: Disaster recovery
5.4 Deletion & Data Removal
You can request deletion of your account and associated data at any time
Contact: kellerkollektiv@gmail.com
After deletion, most data is removed within 30 days
Some data may be retained for legal compliance or backup restoration purposes
Deleted data cannot be recovered
6. Data Sharing & Third Parties
6.1 We DO NOT Sell Your Data
WineFoo does not sell, rent, trade, lease, or otherwise monetize your personal information to third partiesfor any purpose, including marketing.
This is an absolute commitment.
6.2 Data Shared with Service Providers
We share limited personal data with these third-party service providers:
Google Cloud Platform (Firebase)
Purpose:
Data storage, backup, and infrastructure
Data Shared:
Authentication data, usage data, subscription status, analytics
Google's Privacy Policy:
https://policies.google.com/privacy
Data Processing Agreement:
Subject to Google Cloud Terms of Service
Google Analytics (Firebase Analytics)
Purpose:
Usage analytics, app performance monitoring
Data Shared:
Anonymized usage patterns, feature engagement, custom events
Aggregation:
Data is anonymized and aggregated before reporting
Google's Privacy Policy:
https://policies.google.com/privacy
Apple App Store (iOS)
Purpose:
Subscription management and app distribution
Data Shared:
Subscription status, device ID, basic device information
Apple's Privacy Policy: https://www.apple.com/privacy/
Apple acts as: Merchant of Record for payments
Google Play Store (Android)
Purpose: Subscription management and app distribution
Data Shared: Subscription status, device ID, basic device information
Google's Privacy Policy: https://policies.google.com/privacy
Google acts as: Merchant of Record for payments
6.3 Important Note on Service Providers
These third parties:
Process data only as instructed by WineFoo
Are contractually bound to protect data confidentiality
Are not authorized to use data for their own marketing purposes
Are responsible for their own privacy and security practices
Have their own privacy policies (review them independently)
6.4 Data NOT Shared
We do NOT share with third parties:
Your email address (except to app stores for authentication)
Your wine preferences or selections
Your subscription history
Your usage patterns
Your personal information for marketing purposes
Your data to data brokers or marketing companies
6.5 Legal Obligations & Disclosure
We may disclose your information when legally required:
Subpoenas or court orders from law enforcement
Legal requests from government authorities
To protect our legal rights and intellectual property
To enforce these Terms & Conditions
To prevent fraud or illegal activity
To protect the safety of users or the public
In connection with mergers, acquisitions, or business transfers
In such cases, we will:
Provide notice where legally possible
Limit disclosure to information strictly required
Cooperate fully with law enforcement
6.6 Business Transfers
If WineFoo is acquired, merged with another company, or undergoes bankruptcy:
Your data may be transferred as part of that transaction
We will provide notice of any material change in ownership or data use
Any successor company must honor this Privacy Policy
7. Your Privacy Rights
7.1 Universal Rights (All Users)
You have the right to:
Know: What personal data we collect about you
Access: Receive a copy of your personal data
Correct: Update or correct inaccurate information
Delete: Request deletion of your personal data (with exceptions for legal compliance)
Port: Receive your data in a portable, machine-readable format
Object: Object to certain processing of your data
Restrict: Request limitation of how we use your data
Complain: Lodge a complaint with your data protection authority
7.2 GDPR Rights (EU/UK/Swiss Residents)
If you are located in the European Union, United Kingdom, or Switzerland, you have specific rights under theGeneral Data Protection Regulation (GDPR):
Right to Access (Article 15)
Request all personal data we hold about you
Receive data in a structured, portable format
Timeframe: Response within 30 days (may be extended 60 days for complex requests)
Right to Rectification (Article 16)
Correct inaccurate or incomplete personal data
Request we update your information
Right to Erasure / "Right to Be Forgotten" (Article 17)
Request deletion of your personal data
Exceptions: Legal compliance, contractual obligations, or legitimate interests
Timeframe: Response within 30 days
Right to Restrict Processing (Article 18)
Request we limit processing of your data
Data retained but not actively processed
Useful if data is inaccurate or illegally processed
Right to Data Portability (Article 20)
Receive your data in a portable, machine-readable format (JSON, CSV, etc.)
Transfer data to another service provider
Applies to data you provided or generated through your use
Right to Object (Article 21)
Object to processing based on legitimate interests or direct marketing
Object to automated decision-making or profiling
We must stop processing unless we have compelling legal grounds
Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing
We do not make decisions about you based purely on algorithms
Right to Lodge a Complaint (Article 77)
Contact your national Data Protection Authority:
EU: European Data Protection Board (https://edpb.ec.europa.eu/)
UK: Information Commissioner's Office (https://ico.org.uk/)
Switzerland: Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html)
7.3 CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) andCalifornia Privacy Rights Act (CPRA):
Right to Know (CCPA §1798.100)
Know what personal information we collect
Know the purpose of collection
Know the sources of collection
Know with whom we share data
Right to Delete (CCPA §1798.105)
Request deletion of personal data we collected
Exceptions: Legal compliance, service provision, fraud prevention
Timeframe: Response within 45 days
Right to Correct (CPRA §1798.120)
Request correction of inaccurate personal information
We will verify your request and correct records
Right to Opt-Out (CCPA §1798.120)
Opt-out of "sale" of personal information (we don't sell data)
Opt-out of "sharing" for cross-context behavioral advertising (we don't do this)
Right to Limit (CPRA §1798.121)
Limit use and disclosure of sensitive personal information
Sensitive information: health data, precise location, etc. (we don't collect these)
Right to Non-Discrimination (CCPA §1798.125)
We will not discriminate against you for exercising your rights
No denial of service, price increases, or reduced benefits
Authorized Agent (CCPA)
You can designate an authorized agent to submit requests
Agent must provide power of attorney documentation
Contact for California Residents:
Email: kellerkollektiv@gmail.com
Response Timeframe: 45 days (may be extended 45 additional days)
Report to California Attorney General: https://oag.ca.gov/
7.4 How to Exercise Your Rights
To exercise any privacy right:
Email: kellerkollektiv@gmail.com
Website: https://kellerkollektiv.com/winefoo
Mail: KELLER KOLLEKTIV, Teczowa 82d/1, 53-603 Wroclaw, Poland
In your request, include:
1. Your name and email address associated with your account
2. Specific right you're exercising (access, deletion, correction, etc.)
3. Description of your request
4. Any supporting documentation
5. Your preferred method of response
Verification Process:
We will verify your identity before responding
For California/EU residents, we may request photo ID or other verification
Verification protects against fraudulent data requests
Response Timeframe:
Standard:
30-45 days depending on jurisdiction
Extensions:
May be extended an additional 30-45 days for complex requests
We will explain any delays
Cost:
Requests are free (we do not charge for access, deletion, or correction requests)
Exceptions: Frivolous or duplicative requests (we will notify you)
8. Children's Privacy
Our App is NOT intended for children or individuals under 18 years of age.
The App contains alcohol-related content
We do not knowingly collect information from children under 18
Alcohol recommendations are exclusively for adults of legal drinking age
Our Terms of Service prohibit use by minors
If we discover we have collected information from a minor:
We will delete such information immediately
We will notify the parent/guardian if possible
We will cooperate with law enforcement if required
Parents/Guardians:
If you believe we have collected information from your minor child, contact us immediately at kellerkollektiv@gmail.com
We will take swift action to delete the information
9. International Data Transfers
9.1 Cross-Border Data Transfer
Your data may be transferred to, stored in, and processed in countries other than your country of residence,including:
United States (Firebase/Google Cloud Platform)
European Union
Other countries where Google maintains servers
9.2 Safeguards for International Transfers
For EU/UK/Swiss Residents:
Transfers comply with GDPR Chapter 5 requirements
We use Standard Contractual Clauses (SCCs) with our data processors
Google Cloud Platform certifications (ISO 27001, SOC 2, etc.)
Adequacy decisions where applicable
For All Users:
Data is encrypted during transfer and storage
We ensure appropriate safeguards in destination countries
We maintain security standards consistently across jurisdictions
9.3 Your Consent
By using the App and accepting this Privacy Policy, you consent to international data transfers asdescribed.
If you do not consent to international transfers, you should not use the App.
10. Data Breach Notification
10.1 Breach Assessment
In the event we discover a security breach or unauthorized access:
We will immediately investigate the scope and nature
We will assess what data was affected
We will determine if personal information was exposed
10.2 Notification Obligations
If a confirmed data breach occurs affecting your personal information, we will:
Notify You Within:
72 hours (GDPR requirement for EU/UK residents)
Without unreasonable delay (US requirements)
As quickly as possible while conducting thorough investigation
Notification Will Include:
Date and time of the breach
Type of personal data affected
Likely consequences of the breach
Measures we're taking to address the breach
Our contact information
Information about data protection rights
Recommendations for protecting yourself (change passwords, etc.)
Details of our internal investigation
Notification Method:
Email to address associated with your account
In-app notification
Website announcement if breach is widespread
10.3 Reporting Obligation to Authorities
We will report breaches to relevant data protection authorities where required by law
We will cooperate fully with government investigations
You have the right to file complaints with data protection authorities
11. Cookies & Tracking Technology
11.1 App Cookies
The WineFoo App does NOT use traditional HTTP cookies
(cookies cannot function in mobile apps the waythey do in web browsers).
11.2 Mobile App Tracking
Instead, we use:
Firebase Analytics for usage tracking
Device Advertising IDs (IDFA for iOS, Google Advertising ID for Android)
Local data storage on your device
11.3 Opt-Out Options
Limit Personalized Ads:
iOS:
Settings → Privacy → Advertising → Limit Ad Tracking (toggle ON)
Android:
Settings → Google → Manage Your Google Account → Data & Privacy → Ad personalization(toggle OFF)
Disable Google Analytics:
Opt-out through your device privacy settings
Analytics still collects data but is less personalized
12. Third-Party Links & Services
The App or winefoo.com may contain links to third-party websites or services (wine retailers, recipe sites, etc.).
Important:
WineFoo is not responsible for third-party privacy practices
Third-party services are governed by their own privacy policies
We encourage you to review their policies before providing information
Your use of third-party services is at your own risk
13. Changes to This Privacy Policy
13.1 Right to Modify
WineFoo reserves the right to modify this Privacy Policy at any time, at our sole discretion.
13.2 Notice of Changes
Changes will be posted in the App
The "Last Updated" date will be updated
For material changes, we will provide prominent notice (email, in-app banner, etc.)
Changes to legal rights require 30 days' notice
13.3 Your Acceptance
Continued use of the App after changes constitutes your acceptance of the modified Privacy Policy.
If you do not agree with changes, you must uninstall the App.
14. Data Protection Officer & Representative
GDPR Representative (for EU/UK):
If you have privacy concerns, contact:
Email: kellerkollektiv@gmail.com
Address: KELLER KOLLEKTIV, Teczowa 82d/1, 53-603 Wroclaw, Poland
15. Contact Information
For Privacy Questions, Data Requests, or Concerns:
Email: kellerkollektiv@gmail.com
Website: https://kellerkollektiv.com/winefoo
Mailing Address: KELLER KOLLEKTIV, Teczowa 82d/1, 53-603 Wroclaw, Poland
Response Timeframe: We will respond to privacy inquiries within 30 days.
16. Jurisdiction-Specific Information
16.1 Poland (Primary Jurisdiction)
This Privacy Policy is governed by Polish law and GDPR requirements.
16.2 EU/UK Residents (GDPR Compliance)
All rights described in Section 7.2 apply to you.
Data Protection Authorities:
European Union: https://edpb.ec.europa.eu/
United Kingdom: https://ico.org.uk/
16.3 California Residents (CCPA/CPRA Compliance)
All rights described in Section 7.3 apply to you.
California Attorney General: https://oag.ca.gov/
16.4 Other US Residents
We comply with applicable state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, UtahUCPA, etc.).
17. Sensitive Personal Information
17.1 What We Do NOT Collect
We explicitly do NOT collect or request:
Biometric data (fingerprints, facial recognition)
Health information
Financial information beyond subscription status
Precise GPS location
Social security numbers
Passport or ID numbers
Genetic information
Racial or ethnic origin
Political opinions
Religious beliefs
Sexual orientation or gender identity
Membership in unions or political organizations
17.2 If You Voluntarily Share Sensitive Information
If you email us or contact us with sensitive personal information:
We will delete it upon request
We will not use it for purposes other than responding to your inquiry
We recommend NOT sharing sensitive information via email
18. Data Retention Summary
Accounts (active) → Retention: While active → Reason: Service provision
Accounts (deleted) → Retention: 1 year → Reason: Legal compliance, audit trails
Subscription data → Retention: Active + 1 year → Reason: Billing records
Usage analytics → Retention: 2 years → Reason: Service improvement
Crash reports → Retention: 30-90 days → Reason: Technical troubleshooting
Backup data → Retention: Google standard → Reason: Disaster recovery
19. Automated Decision-Making & Profiling
WineFoo does NOT:
Make automated decisions about you that have legal or significant effects
Create detailed profiles for behavioral prediction
Use algorithms to make judgments about your character or reliability
Use purely automated means for eligibility determinations
We DO:
Use algorithms for wine recommendations (but this is a suggestion, not a binding decision)
Analyze usage patterns to improve the App
20. LEGAL NOTICE & DISCLAIMER
This Privacy Policy is provided for immediate use in your App Store and Google Play listings.
Important:
While created based on comprehensive legal templates and current data protection standards,
youshould have this Privacy Policy reviewed by a qualified attorney licensed in Poland and familiar with:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA/CPRA)
Other applicable international privacy laws
Mobile app privacy requirements
Your specific implementation details
Privacy laws vary significantly by jurisdiction and are frequently updated.
This policy reflects currentstandards but may require adjustments based on:
Your specific app functionality
Your target user markets
Regulatory developments
Legal counsel recommendations
Your data processing practices
This is not legal advice.
Consult a qualified attorney in your jurisdiction before launch.
Additional Resources:
Terms of Service: https://kellerkollektiv.com/winefoo-terms
Privacy Policy: https://kellerkollektiv.com/winefoo-privacy
Last Updated: 01/12/2025
Effective Date: 01/12/2025
By using WineFoo, you acknowledge you have read, understood, and agree to this Privacy Policy.
Don't know if or how any of this can help your busines, product, service stand out?
