Skip to content

Instantly share code, notes, and snippets.

@taylorwc

taylorwc/claret_privacy_policy.md

Created October 10, 2025 20:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save taylorwc/228c422dac1d727c141fd51722bf718c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save taylorwc/228c422dac1d727c141fd51722bf718c to your computer and use it in GitHub Desktop.
Download ZIP
Claret Privacy Policy
Raw
claret_privacy_policy.md

Privacy Policy for Claret

Effective Date: 10/10/25 Last Updated: 10/10/25

Overview

Claret ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered wine recommendation mobile application and related services (collectively, the "Service").

By using Claret, you consent to the collection and use of your information as described in this Privacy Policy.

Information We Collect

1. Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Profile information from third-party authentication services (Google, Apple Sign-In)
  • Unique device identifiers

2. Wine Preferences and Behavior Data

To provide personalized recommendations, we collect:

  • Wine type preferences (red, white, sparkling, etc.)
  • Preferred wine regions
  • Price range preferences
  • Dietary restrictions and allergies
  • Wine ratings and personal notes you provide
  • Saved favorite wines and collections
  • Chat conversation history with our AI sommelier
  • Wine recommendation acceptance/rejection patterns

3. Usage and Interaction Data

We automatically collect:

  • App usage patterns and session duration
  • Features used and frequency of use
  • Chat messages and queries sent to our AI system
  • Response times and user satisfaction indicators
  • Technical performance metrics

4. Image Data

When you use our wine label or menu scanning features:

  • Photos of wine labels you scan
  • Photos of restaurant menus you upload
  • Metadata associated with uploaded images (but not location data)
  • OCR-processed text from images (temporarily stored for processing)

5. Device and Technical Information

We collect standard technical information:

  • Device type, model, and operating system version
  • App version and installation details
  • IP address and general geographic location (city/region level)
  • Crash reports and error logs
  • Network connection information

6. Payment Information

For premium subscriptions:

  • Subscription status and billing history (processed through Apple App Store)
  • We do NOT collect or store payment card details (handled by Apple)

How We Use Your Information

Core Service Functionality

  • AI Wine Recommendations: Generate personalized wine suggestions based on your preferences, chat history, and behavior patterns
  • Account Management: Create and maintain your user account
  • Preference Learning: Improve recommendation accuracy over time by analyzing your feedback
  • Content Personalization: Customize the app experience based on your wine knowledge level and interests

Premium Features (Paid Subscribers)

  • Advanced Personalization: Develop detailed taste profiles for more sophisticated recommendations
  • Unlimited AI Interactions: Remove usage limits on AI recommendations
  • Enhanced Wine Data: Provide detailed wine information, vintage data, and expert tasting notes
  • Priority Support: Faster response times and premium customer service

Service Improvement

  • Performance Optimization: Monitor app performance and fix technical issues
  • Feature Development: Analyze usage patterns to develop new features
  • AI Model Training: Improve our recommendation algorithms (using anonymized, aggregated data only)
  • Quality Assurance: Ensure recommendation accuracy and user satisfaction

Communication

  • Service Notifications: Send important updates about your account or subscription
  • Feature Announcements: Notify you about new features or improvements (optional)
  • Customer Support: Respond to your inquiries and provide assistance

Legal Bases for Processing (GDPR)

For users in the European Economic Area, we process your personal data based on:

  • Contract Performance: Processing necessary to provide the wine recommendation service you've requested
  • Legitimate Interests: Improving our service, preventing fraud, and ensuring security
  • Consent: Marketing communications and optional features (which you can withdraw at any time)
  • Legal Obligation: Complying with applicable laws and regulations

Information Sharing and Disclosure

We Do NOT Sell Your Personal Information

Claret does not sell, rent, or trade your personal information to third parties for their commercial purposes.

Limited Sharing for Business Operations

AI Service Providers

  • We use OpenAI's GPT models to power our wine recommendations
  • Only necessary context (your query and relevant preferences) is sent to AI providers
  • No personally identifiable information is included in AI requests
  • All data is processed according to strict data processing agreements

Wine Data Partners

  • We may share anonymized, aggregated wine preference data with wine industry partners
  • This helps us maintain accurate wine databases and pricing information
  • Individual users cannot be identified from this data

Analytics and Performance

  • We use privacy-focused analytics tools to understand app usage patterns
  • All data is aggregated and anonymized before analysis
  • We use Apple's App Store analytics for subscription and download metrics

Legal Requirements We may disclose your information if required by law or in response to:

  • Valid court orders or government requests
  • Legal processes or regulatory investigations
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you before your information becomes subject to a different privacy policy.

Data Security and Protection

Security Measures

  • Encryption: All data is encrypted in transit using TLS and at rest using AES-256
  • Access Controls: Strict employee access controls with multi-factor authentication
  • Infrastructure Security: Secure cloud hosting with regular security audits
  • Data Minimization: We collect only the data necessary for service functionality
  • Regular Updates: Security measures are continuously reviewed and updated

Data Retention

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Chat History: Stored for the duration of your subscription; deleted upon account closure
  • Wine Preferences: Retained to maintain recommendation quality; anonymized after account deletion
  • Usage Analytics: Aggregated data retained for up to 2 years for service improvement

Your Privacy Rights

Account Control

  • Access: View and download your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your wine preferences and favorites data

Communication Preferences

  • Marketing Opt-out: Unsubscribe from promotional communications
  • Notification Settings: Control app notifications in device settings
  • Feature Opt-out: Disable optional features like usage analytics

Regional Rights

California Residents (CCPA)

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information
  • Right to opt-out of sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

EU/UK Residents (GDPR/UK GDPR)

  • Right to access, rectify, erase, or restrict processing of personal data
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent for consent-based processing
  • Right to lodge complaints with supervisory authorities

Children's Privacy

Claret is not intended for use by children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

International Data Transfers

Your information may be processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place for international transfers:

  • Standard Contractual Clauses for EU data transfers
  • Adequacy Decisions where applicable
  • Encryption and security measures for all data transfers

Cookie Policy

Claret is a native iOS app and does not use traditional website cookies. However, we use similar technologies:

  • App Preferences: Store your settings locally on your device
  • Analytics Identifiers: Anonymous usage tracking (can be disabled)
  • Authentication Tokens: Secure login session management

Third-Party Integrations

Apple App Store and Services

  • Authentication: Apple Sign-In for secure account creation
  • Payments: All subscriptions processed through Apple's secure payment system
  • Analytics: Apple's App Analytics for download and usage statistics

OpenAI Integration

  • AI Recommendations: Wine suggestions powered by OpenAI's models
  • Data Processing: Only necessary context sent; no personal identifiers
  • Privacy Protection: Governed by our Data Processing Agreement with OpenAI

Google Services (Optional)

  • Authentication: Google Sign-In as an alternative login method
  • No Other Google Services: We do not use Google Analytics or advertising services

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We'll notify you through the app or by email (if you've provided one)
  • The "Last Updated" date will be revised
  • Continued use of the app constitutes acceptance of the updated policy
  • For material changes, we may require explicit consent

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

For EU/UK residents, you may also contact our EU representative: [INSERT EU REPRESENTATIVE CONTACT INFORMATION IF REQUIRED]

Dispute Resolution

For disputes related to privacy or data protection:

  1. Contact us directly using the information above
  2. We will respond within 30 days (or as required by applicable law)
  3. For unresolved disputes, you may contact relevant regulatory authorities
  4. Binding arbitration may be available as specified in our Terms of Service

Apple App Store Compliance Statement: This privacy policy complies with Apple's App Store Review Guidelines and privacy requirements. Users can control data sharing through iOS privacy settings, and the app requests permissions only when necessary for functionality.

Industry Standards Compliance: This policy follows best practices from the International Association of Privacy Professionals (IAPP) and incorporates requirements from major privacy frameworks including GDPR, CCPA, PIPEDA, and other applicable regulations.

Last reviewed: 10/10/2025 | Policy Version: 1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment