Vinster Privacy Policy
Vinster ("we", "us", "our") is an AI sommelier app that helps you choose wines at restaurants, build a personal cellar, and discover recipes that pair with your bottles. This policy explains what data we collect, why we collect it, and your rights.
Vinster is operated by Hilary Green, a sole trader based in the United Kingdom, who is the data controller for your information. You can contact us using the email address listed under Contact us.
What we collect
Account details: Your email address, hashed password (we never see it in plain text), and any display name you choose.
Profile preferences: Wine preferences, recipe requirements, dietary needs, and any optional fields you fill in.
Content you create: Wines you add to your cellar, wish list, and archive; tasting notes; restaurant reviews; scores; and photos of wine lists or labels (see Photos below).
Photos:
Wine-list photos (when you scan a restaurant's wine list) are sent to our AI to read the wines and generate recommendations, then discarded — they are not stored on our servers.
Wine-label photos (when you add a photo of a bottle to your cellar) are stored on your account so we can show your label thumbnails on the rack view and in your Label Library. They are kept until you remove the photo, delete the wine, or delete your account.
AI-generated content: Recommendations, recipes, drinking-window assessments, and personality sketches generated from your activity. These are stored on your account.
Location (optional): With your permission, when you save a scan or write a wine review we may capture your approximate location — including your device's GPS coordinates — to suggest a nearby city and record where a wine was discovered. This is stored alongside that scan or review. If you decline the location permission, the app works normally and we capture no location.
Device and usage info: Anonymous app version, OS version, and crash diagnostics from Expo / React Native.
How we use your data
To provide the service: Storing your cellar, surfacing past scans, generating recommendations, and building personality sketches.
To personalise: The more you use Vinster, the better its AI understands your taste. Personalisation is per-account; your data is not used to train shared models.
To communicate: Account-related emails (password resets, sign-up confirmations) and occasional product updates. We do not send marketing emails without explicit opt-in.
To improve the app: Aggregate, anonymous metrics on feature usage.
Legal bases for processing (UK GDPR)
We rely on the following legal bases:
Performance of a contract — to run the core service: storing your cellar and reviews, and generating recommendations and recipes you ask for.
Consent — for optional features you switch on, including device location, optional profile fields, sharing content to the community, and product-update emails. You can withdraw consent at any time.
Legitimate interests — to keep the service secure, prevent misuse, and understand feature usage through anonymous analytics.
Automated processing and profiling
Vinster uses your activity to personalise recommendations and to build wine and food "personality sketches." This is a form of profiling, but it does not produce legal or similarly significant effects on you. You can object to this processing or request human review by contacting us.
Community and public content
Vinster includes a community feature where users share wine and restaurant reviews. When a review is shared to the Vinster community feed, the following becomes visible to other Vinster users: your chosen display name/username, the wine or restaurant, your score, your tasting note, and the restaurant and city where relevant. Your email address and account details are never shown.
You stay in control: you can remove a shared review from the community feed at any time by deleting the underlying review, and deleting your account removes all of your community content.
Third parties
We use a small number of carefully chosen third-party services:
Supabase (database, authentication, file storage, edge compute): Your account, content, and stored photos are held on Supabase's managed infrastructure. Supabase is GDPR-compliant; data is hosted in EU regions where available.
Anthropic (Claude API): We send wine-list photos, label photos, and short summaries of your profile and activity to Claude to generate recommendations, recipes, and personality sketches. Anthropic does not retain this data to train its models.
Expo (build and update infrastructure): Expo collects anonymous crash and performance data.
We do not sell your data.
International data transfers
Some of our processors operate outside the UK and EEA. In particular, Anthropic (Claude) processes data in the United States. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards — such as the providers' data-processing agreements and standard contractual clauses — to protect it. Supabase hosts your stored data in EU regions where available.
AI and your data
Vinster uses Claude (by Anthropic) to power its recommendations. When you scan a wine list, scan a label, or generate a recipe pairing, the photo and relevant context (preferences, wine name, etc.) are sent to Claude's API.
Responses returned by Claude are stored on your account. Claude does not learn from your specific inputs; Anthropic's API terms ensure your data is not used to train shared models. Wine-list photos are processed to extract the wines and then discarded; wine-label photos you attach to a cellar wine are stored on your account as described under Photos.
Age restriction
Vinster is intended for adults of legal drinking age (18+ in the UK). On first launch we ask for your date of birth to confirm this. We do not knowingly collect data from anyone under 18. If you believe a minor has used Vinster, contact us and we will delete the account.
Your rights
Under UK GDPR and other privacy laws, you have the right to:
Access the data we hold about you (request via email)
Delete your account and all associated data (via the app or by emailing us)
Export your data in a portable format (request via email)
Correct inaccurate data (edit your profile or contact us)
Withdraw consent for processing (e.g. turn off location, or delete your account)
Object to certain types of processing, or lodge a complaint with the UK Information Commissioner's Office (ICO)
We respond to data requests within 30 days.
Data retention
We keep your account data, content, and stored label photos for as long as your account is active. When you delete your account — or delete a specific wine or photo — that data is removed from our primary database and file storage within 30 days. Encrypted backups may take up to 90 days to fully expire.
Security
All network requests are made over HTTPS. Passwords are hashed by Supabase Auth and never seen in plain text by Vinster or its developers. Database access is gated by Supabase Row Level Security so users can only see their own data, and stored photos are served through access-controlled URLs.
If you become aware of a security issue, please contact us so we can investigate.
Changes to this policy
We may update this policy from time to time. Material changes will be flagged in the app and via email where appropriate. The version number and "last updated" date at the top of this page reflect the current revision.
Contact us
Questions, requests, or feedback — email us at tellme@vinsterapp.com.