Privacy policy

1. Information we collect

Information you provide

• Account information: When you create a Spill account, we collect your email address, display name, and password.
• Your content: Tasting notes, winery visit records, photos you upload, lists you create, and any other content you add to your account.
• Preferences: Your saved wineries, followed wineries, list settings (public or private), and notification preferences.
• Communications: If you contact us by email or through the app, we keep records of that correspondence.
• Waitlist and marketing sign-ups: If you sign up for our waitlist or subscribe to emails through our website, we collect your email address.

Information collected automatically

• Usage data: How you interact with the app, including which screens you visit, features you use, actions you take, and the dates and times of your activity.
• Device information: Your device type, operating system and version, app version, unique device identifiers, and general device settings.
• Analytics data: Aggregated and anonymized information about app performance, crashes, and usage patterns.
• Log data: IP address, browser type (when using our website), access times, and referring URLs.

Information from other sources

• Winery data: Our winery database is compiled from publicly available sources, including public web data and Google Reviews. This data is about wineries, not about individual users.

2. How we use your information

We use the information we collect to:

• Provide the Service: Operate your account, store your tasting notes and lists, display winery information, and enable sharing features.
• Personalize your experience: Show you relevant wineries, recommendations, and content based on your activity and preferences.
• Send marketing communications: With your consent, send you promotional emails about new features, winery recommendations, events, and other content we think you will enjoy. (See Section 3 for your opt-out rights.)
• Send service communications: Send you non-marketing messages related to your account, such as account confirmations, security alerts, password resets, and important updates about the Service.
• Improve the Service: Analyze usage patterns to fix bugs, improve features, and develop new functionality.
• Ensure safety and security: Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations: Respond to legal requests and enforce our Terms of Service.

3. Marketing communications and CAN-SPAM compliance

We may send you marketing and promotional emails if you have opted in to receive them, for example by joining our waitlist or subscribing to our mailing list. These emails may include new feature announcements, winery recommendations, curated content, and promotional offers.

Your opt-out rights:

• Every marketing email includes an "unsubscribe" link at the bottom. Click it to stop receiving marketing emails.
• You can also opt out by emailing us at cheers@spillthewine.app with the subject line "Unsubscribe."
• We will process your opt-out request within 10 business days, as required by CAN-SPAM.
• Opting out of marketing emails will not affect service-related communications (such as account confirmations, security alerts, or policy updates). Those are not marketing and you will continue to receive them as long as you have an account.

We will never send you marketing emails without your consent, and we will always honor your opt-out requests.

4. Third-party service providers

We use trusted third-party services to operate and improve Spill. These providers process data on our behalf and are contractually required to protect your information. They may only use your data to provide services to Spill.

We review our service providers periodically and require them to maintain appropriate security measures. We do not give these providers permission to use your data for their own purposes.

5. Public content

Certain features of Spill allow you to share content publicly. It is important to understand how public content works:

• Shared lists: When you set a list to "public," it is rendered as a web page that anyone can access with the link, including people who do not have a Spill account.
• Search engine indexing: Public lists may be indexed by search engines such as Google. This means they can appear in search results.
• Display name visibility: Your display name (but not your email address) may appear alongside public content you create.
• Web preview cards: When you share a link to your public content, preview cards (with a title, description, and image) may be generated for social media and messaging platforms.

You control what is public. Content you keep private remains visible only to you. You can change the visibility of your lists at any time in the app. If you change a public list to private, it will no longer be accessible on the web, though search engines may take time to remove cached versions.

6. Data sharing

We do not sell your personal information. We never have, and if that ever changes, we will update this policy and give you the right to opt out before any sale occurs.

We may share your information only in the following circumstances:

• Service providers: As described in Section 4, with providers who help us operate the Service.
• Legal requirements: If required by law, regulation, legal process, or governmental request.
• Safety and rights: To protect the rights, property, or safety of Spill, our users, or the public.
• Business transfers: If Spill is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
• With your consent: We may share information in other ways if you specifically ask us to or give us permission.

7. Your California privacy rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know

You may request that we disclose:

• The categories of personal information we have collected about you
• The specific pieces of personal information we have collected
• The categories of sources from which we collected your information
• Our business purpose for collecting your information
• The categories of third parties with whom we share your information

Right to delete

You may request that we delete your personal information, subject to certain exceptions (for example, if we need to retain it for legal compliance or to complete a transaction you requested).

Right to opt out of sale

We do not sell your personal information. If this ever changes, we will provide a clear "Do Not Sell My Personal Information" link on our website and in the app.

Right to non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied service for making a privacy request.

How to exercise your rights

To submit a CCPA request, email us at cheers@spillthewine.app with the subject line "CCPA Request" and describe the right you wish to exercise. We will verify your identity before processing your request (typically by confirming your email address on file). We will respond within 45 days. If we need more time, we will let you know and explain why.

You may make a CCPA request up to twice in a 12-month period.

8. Data security

We take reasonable measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These include:

• Encrypted data transmission (HTTPS/TLS) between your device, our servers, and third-party providers
• Secure authentication through Supabase
• Access controls that limit who within Spill can access user data
• Regular review of our security practices

No method of electronic storage or transmission is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. If we become aware of a security breach that affects your personal information, we will notify you as required by applicable law.

9. Data retention

• Active accounts: We retain your information for as long as your account is active and as needed to provide the Service.
• Deleted accounts: When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as fraud prevention or resolving disputes).
• Backups: Your data may persist in encrypted backups for up to 90 days after deletion, after which it is purged.
• Marketing data: If you unsubscribe from marketing emails, we will remove you from our marketing lists promptly. We may retain a record of your email address on a suppression list to ensure we do not contact you again.
• Aggregated data: We may retain anonymized, aggregated data indefinitely for analytics and product improvement purposes. This data cannot be used to identify you.

10. Children's privacy

Spill is not directed at children. You must be at least 17 years old to use Spill, consistent with our Apple App Store rating (17+ for alcohol references).

We do not knowingly collect personal information from anyone under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at cheers@spillthewine.app.

11. Push notifications

With your permission, we may send you push notifications, including:

• App updates and features: Notifications about new features, improvements, or content in the app.
• Winery updates: Notifications from wineries you follow (when this feature becomes available).
• Recommendations: Personalized suggestions based on your activity and preferences.

You can enable or disable push notifications at any time through your device settings or in the Spill app settings. Disabling push notifications will not affect your ability to use the Service.

12. Cookies and tracking (website)

Our website at spillthewine.app may use cookies and similar tracking technologies:

• Essential cookies: Required for the website to function properly (such as maintaining your session).
• Analytics cookies: Used to understand how visitors interact with our website so we can improve it. These may be provided by third-party analytics services.

We do not use advertising cookies or cross-site tracking cookies. You can manage cookie preferences in your browser settings. Disabling cookies may affect certain website functionality.

The Spill mobile app does not use cookies, but it does collect usage and device data as described in Section 1.

13. Your rights

Regardless of where you live, you have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information (subject to legal exceptions).
• Export: Request a portable copy of your data in a commonly used format.
• Object: Object to certain processing of your information, including marketing.
• Withdraw consent: Where we rely on your consent, you may withdraw it at any time.

To exercise any of these rights, email us at cheers@spillthewine.app. We will respond within 30 days. If we cannot fulfill your request, we will explain why.

14. Changes to this privacy policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top of this page.
• For significant changes, we will notify you by email or through a notice in the app before the changes take effect.
• Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

15. Contact us

If you have questions, concerns, or requests related to this Privacy Policy or your personal information, contact us:

Email: cheers@spillthewine.app
Website: spillthewine.app

We aim to respond to all inquiries within 30 days.