Introduction
Welcome to VinoBytes, an educational wine app (“we,” “us,” or “our”). Your privacy is important to us. This Privacy Policy outlines how we collect, use, and protect your personal data. We have designed our practices to comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR), as well as other international regulations. This policy also describes your rights under the California Consumer Privacy Act (CCPA) if you are a California resident.
For purposes of UK data protection law, VinoBytes is the data controller of your personal data. For purposes of EU data protection law, VinoBytes is also considered the data controller of your personal data. Our contact details are provided in the “Contact Us” section below.
User Consent
By using VinoBytes, you explicitly consent to the collection, use, and processing of your personal data as outlined in this Privacy Policy. If you do not agree with any part of this policy, please do not use our app.
Data Collection Section
Minimal Direct Collection:
If you choose to contact us through the feedback form within the app, we collect the name and email address you provide. We use this information solely to respond to your inquiries or feedback. Providing this data is voluntary. If you do not wish to share it, do not use the feedback form.
Local and iCloud Storage (No Direct Access by VinoBytes):
Your wines, flashcard sessions, and conversation history are stored locally on your device and synchronized with your iCloud account using Apple’s CloudKit services. VinoBytes does not directly store your personal data on its own servers. Your data remains under your control and Apple’s security infrastructure. We do not have direct access to your local or iCloud data.
Third-Party Processors (OpenAI and RevenueCat):
• OpenAI: When you use AI functionalities, your text input is sent to OpenAI for processing. VinoBytes does not retain these inputs on its servers. OpenAI may temporarily store this data according to their own policies (see the 'Interaction with OpenAI' section of this privacy policy for detailed information).
• RevenueCat: We use RevenueCat to manage subscriptions and in-app purchases. RevenueCat accesses your Apple ID to verify purchases and manage subscription statuses. VinoBytes does not receive your Apple ID credentials or payment details (see the 'Interaction with RevenueCat' section of this privacy policy for detailed information).
Data Usage
We use the limited data we collect (name and email if you submit feedback) solely to enhance your experience, respond to inquiries, and ensure proper functioning of the app. We do not sell or share your personal data with third parties for marketing or advertising purposes. Any data sharing that does occur is limited to what is necessary to operate the app and/or comply with legal obligations.
Lawful Bases for Processing (UK Users)
Under UK data protection law, we rely on the following lawful bases for processing your personal data:
1. Consent (Article 6(1)(a) UK GDPR):
• When it applies: When you voluntarily provide your name and email address through the feedback form.
• Purpose: To respond to your inquiries or feedback.
2. Contract (Article 6(1)(b) UK GDPR):
• When it applies: When processing is necessary to provide the app’s functionalities, such as synchronizing data across your devices.
• Purpose: To fulfill our obligations to you as a user of the app.
3. Legal Obligation (Article 6(1)(c) UK GDPR):
• When it applies: When processing is necessary to comply with legal or regulatory requirements.
• Purpose: To ensure compliance with applicable laws and regulations.
4. Vital Interests (Article 6(1)(d) UK GDPR):
• When it applies: In rare cases where processing is necessary to protect someone’s life.
• Purpose: To safeguard vital interests. (Note: This basis is typically not applicable for VinoBytes unless in extraordinary circumstances.)
5. Public Task (Article 6(1)(e) UK GDPR):
• When it applies: When processing is necessary to perform a task in the public interest or for official functions.
• Purpose: To carry out public duties. (Note: This basis is generally not applicable to VinoBytes as a private entity.)
6. Legitimate Interests (Article 6(1)(f) UK GDPR):
• When it applies: When processing is necessary for our legitimate interests or the legitimate interests of a third party, provided these interests are not overridden by your rights and freedoms.
• Purpose: To improve our services, ensure security, and manage subscriptions.
Cross-Border Data Transfers
When you use certain features of VinoBytes that involve AI processing and subscription management, your input data (which may or may not contain personal information depending on what you choose to share) is transferred to and processed by third-party service providers. Specifically, we work with Heroku (Salesforce, Inc.), OpenAI, and RevenueCat. Each of these third parties may process data in jurisdictions outside the UK or European Economic Area (EEA), such as the United States, where data protection laws may differ from those in your home country.
Data Flow:
Contractual Safeguards and Data Protection Agreements:
Important Note on Data Content:
VinoBytes itself does not directly collect personal data for AI processing. The text and data you submit are at your discretion. If you choose to include personal information in your prompts or interactions, please be aware that it will be processed by these third parties. We encourage you not to include personal data in these requests.
Third-Party Compliance and Safeguards:
Your Rights and Further Information:
You can request more information about the nature of these data transfers, the DPAs, and the associated safeguards by contacting us. If you are not satisfied with our response, you may lodge a complaint with the UK’s Information Commissioner’s Office (ICO). If you reside in the EEA, you have the right to lodge a complaint with your local supervisory authority if you believe your rights under the EU GDPR have been infringed. A list of EU supervisory authorities is available on the European Data Protection Board’s website.
Interaction with OpenAI
When using AI functionalities, your interactions may be sent to OpenAI for processing via our secure Heroku server. This includes any text input provided for generating responses. OpenAI’s handling of this data is governed by their Privacy Policy.
Specifically, OpenAI may:
• Retain data for up to 30 days for the purpose of providing and improving their services and identifying abuse.
• Use automated systems to classify and ensure the safety of the content.
• Limit human access to data strictly for resolving issues and compliance with legal requirements.
• Not use data submitted through the API to train their models.
Interaction with iCloud and CloudKit
VinoBytes utilizes Apple’s iCloud services, specifically CloudKit, to synchronize your data across multiple devices. This ensures that your wines, flashcard sessions, and conversation history are consistently available wherever you use the app.
Data Synchronization
• Storage: Your data is stored both locally on your device and securely in iCloud. This dual storage mechanism allows for seamless access and backup.
• Syncing: Any changes made to your data on one device are automatically synced to iCloud and reflected on your other devices connected to the same Apple ID.
Data Deletion and Reset:
• Local and iCloud Data Removal: When you choose to reset or delete your data through the account settings in VinoBytes, the app removes the corresponding data from both your device and iCloud. This ensures that your information is completely erased and cannot be recovered from either storage location. These deletions are not reversible.
User Control Over Data
Deletion Options:
• Delete My Wines: Deletes all wine entries from your device and iCloud.
• Delete Flashcard Sessions: Deletes all flashcard sessions from your device and iCloud.
• Delete Vino Chat Conversation History: Deletes all conversation history from your device and iCloud. These actions are irreversible and will result in the permanent loss of the respective data.
• User-Controlled Deletion: You have full control over your data. Through the account settings, you can delete your wines, reset flashcard sessions, or clear your conversation history. These actions will synchronize across all your devices and remove the data from your device and your iCloud.
Security Measures
• Encryption: Data stored in iCloud is protected using industry-standard encryption methods. This ensures that your information remains secure both during transmission and while stored.
• Access Controls: Only you have access to your iCloud data associated with VinoBytes. Apple’s robust security infrastructure safeguards your information against unauthorized access.
User Responsibilities:
• iCloud Account Security: It is your responsibility to maintain the security of your Apple ID and iCloud account. Ensure that you use strong, unique passwords and enable two-factor authentication to protect your data.
User Rights
UK and EU Users:
Under the UK GDPR, EU GDPR, and applicable data protection laws, you have the right to:
• Access Your Data: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure (“Right to be Forgotten”): Request deletion of your personal data where applicable.
• Restriction of Processing: Ask us to limit how we process your data in certain circumstances.
• Data Portability: Receive your personal data in a structured, commonly used format or have it transferred to another controller where technically feasible.
• Object: Object to certain processing activities based on our legitimate interests.
• Automated Decision-Making and Profiling: We do not engage in solely automated decision-making that produces legal effects on you.
You can exercise these rights by contacting us as detailed below. If you are a UK resident, you may lodge a complaint with the UK ICO. If you are in the EU, you may lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available on the European Data Protection Board’s website.
California Users:
If you are a resident of California, you have specific rights under the CCPA regarding your personal information. Even though VinoBytes collects minimal personal data, we are committed to transparency and respecting your rights.
1: Your Rights Under the CCPA
• Right to Know: You have the right to request information about the categories and specific pieces of personal information that we have collected about you over the past 12 months.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out: We do not sell personal information. However, if this changes in the future, you will have the right to opt-out of the sale of your personal information.
• Right to Non-Discrimination: You will not be discriminated against for exercising any of your CCPA rights. This means we will not deny you services, charge you different prices, or provide you with a different level of service for exercising your privacy rights.
2: Categories of Personal Information Collected and Purposes of Use
In the past 12 months, we may have collected the following categories of personal information, for the purposes described below:
• Identifiers:
• Internet or Other Electronic Network Activity Information:
To exercise your CCPA rights, you may submit a verifiable request by contacting us:
Email: support@vinobytes.com
Please provide enough information for us to verify your identity and process your request. This may include confirming your name and email address. We will acknowledge your request within 10 days and respond within 45 days. If we need additional time, we will notify you of the extension and provide an explanation. You may designate an authorized agent to make a request on your behalf. The agent must provide proof of your written permission and be verified by us.
Data Retention
Data processed by OpenAI may be retained for up to 30 days to enhance service quality and identify potential abuse.
VinoBytes uses RevenueCat to manage subscriptions and in-app purchases. According to RevenueCat's policies:
Interaction with Apple Services
Apple’s handling of your data is governed by their Privacy Policy. Specifically, Apple may:
• Collect information necessary to provide and improve their services, such as your Apple ID and associated credentials.
• Use this information to enhance the security and functionality of the apps you use.
• Provide data protection through features like end-to-end encryption and secure token storage.
• Manage all payments for subscriptions through the App Store, ensuring secure and direct handling of payment transactions.
VinoBytes does not have access to your Apple ID credentials. Any authentication, authorization, and payment processing are handled directly by Apple and RevenueCat. For more information on how Apple manages your data and processes payments, please refer to Apple’s Privacy Policy and RevenueCat's Privacy Policy.
Interaction with RevenueCat
VinoBytes uses RevenueCat to facilitate subscription management. Here's how RevenueCat interacts with your data:
• Subscription Management: RevenueCat helps manage the lifecycle of subscriptions including trials, renewals, and cancellations. It tracks subscription statuses and assists with analytical insights into user subscriptions.
• Data Handling: RevenueCat stores minimal information necessary to manage subscriptions. This includes subscription status, purchase history, and basic account data necessary for verifying and managing subscriptions effectively. RevenueCat does not store credit card information or other payment details.
• Privacy and Security: RevenueCat maintains a robust privacy policy to protect your data. The data used for managing subscriptions is securely stored and is used solely for providing subscription services.
• Data Deletion: You can manage your subscription directly through your Apple ID settings. RevenueCat facilitates these processes by interfacing with the App Store but does not handle payment processing, which is conducted by the App Store.
For detailed information on how RevenueCat handles your data and to review their privacy practices, please refer to the RevenueCat Privacy Policy available on their website.
Data Breach Notification
In the unlikely event of a data breach involving personal data, we will notify affected users via an in-app notification within 72 hours of becoming aware of the breach. Where required by law, we will also report the breach to the UK’s Information Commissioner’s Office (ICO) within 72 hours. We will provide you with information about what data may have been compromised, steps we are taking to address the breach, and how you can protect yourself.
Third-Party Services
Our app may contain links to or interact with third-party services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of every site you visit.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes through the app.
Contact Us
If you have any questions about this Privacy Policy, please contact us at support@vinobytes.com
Last Updated: 12/06/2024
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.