Privacy Policy
Last updated: March 18, 2026
1. Introduction
Moments in Vine ("we," "our," or "us") is committed to protecting your privacy. This policy explains how we handle your information when you use our wine collection management service at momentsinvine.com (the "Service").
By creating an account, you agree to the collection and use of your information as described here. If you do not agree, do not use the Service.
2. Data We Collect
Information you provide
- Account information — your email address, password (stored securely hashed), and display preferences (timezone, currency)
- Wine collection data — details about your wines including names, vintages, regions, tasting notes, ratings, and drinking windows
- Communications — feedback you submit and support requests
Information collected automatically
- Usage data — how you interact with the Service, pages visited, features used
- Technical data — browser type, device information, and error logs when something goes wrong
We do not collect financial information, payment details, or any information unrelated to operating the Service.
3. How We Use Your Data
| Purpose | Data used |
|---|---|
| Providing the Service (storing your collection, displaying your data) | Account information, wine collection data |
| Sending email reminders about your wines | Account information, wine collection data, your preferences |
| Sending essential service emails (confirmation, password reset) | Account information |
| Maintaining security and preventing abuse | Account information, technical data |
| Fixing errors and improving reliability | Technical data, usage data |
| Understanding how the Service is used and improving it | Usage data, de-identified wine data |
| Responding to your enquiries and feedback | Account information, communications |
4. Legal Basis (UK GDPR)
If you are in the UK or EEA, we process your data under the following legal bases:
- Contract performance (Article 6(1)(b)) — to provide and operate the Service you signed up for, including your account, wine data, and email reminders you opted into
- Legitimate interest (Article 6(1)(f)) — for security, error tracking, fraud prevention, and product improvement using de-identified data
- Legal obligation (Article 6(1)(c)) — where we are required to retain data by law
5. Who We Share Data With
We use the following service providers to operate the Service. All process data on our behalf under contractual obligations to protect it:
| Provider | Purpose | Data location |
|---|---|---|
| Supabase | Database and authentication | EU |
| Resend | Email delivery | EU |
| Amplitude | Product analytics and session replay | EU |
| Sentry | Error tracking and monitoring | EU |
| Netlify | Hosting and deployment | EU / US (under UK-US Data Bridge) |
We do not sell, rent, or share your information with third parties for their marketing purposes.
International transfers
Your data is primarily stored and processed within the European Union. Where any provider processes data outside the EU/UK (currently only Netlify for hosting), transfers are protected by the UK International Data Transfer Agreement or the UK-US Data Bridge, as applicable.
6. Data Retention
We keep your data for as long as your account is active and as necessary to provide the Service.
When you deactivate your account:
- Your account becomes immediately inaccessible
- After a 30-day grace period, your account data (including your email address) is irreversibly anonymised
- Once anonymised, your account cannot be recovered
Internal operational logs are automatically deleted after 90 days.
We may retain anonymised or de-identified data indefinitely for product improvement, as it can no longer identify you.
7. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data (via account deactivation or by contacting us)
- Export your data (using the export feature in the Service)
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest
- Withdraw consent where consent is the basis for processing
To exercise any of these rights, email us at hello@momentsinvine.com. We will respond within one month.
8. Security
We take reasonable technical and organisational measures to protect your information, including:
- HTTPS encryption for all data in transit
- Encrypted database storage with row-level access controls
- Authentication via secure, hashed passwords
- Rate limiting and input validation
No system is perfectly secure. In the event of a data breach that poses a high risk to your rights, we will notify you without undue delay in accordance with applicable law. If you become aware of a security issue, please contact us immediately at hello@momentsinvine.com.
9. Cookies and Local Storage
The Service uses local storage (not cookies) to store your authentication session and consent preferences. This is essential for the Service to function and cannot be disabled.
We use Amplitude for product analytics, which uses session tracking to understand how the Service is used. Amplitude data is processed in the EU (see Section 5).
We do not use advertising cookies or tracking pixels.
10. Children's Privacy
The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.
12. Supervisory Authority
If you are in the UK or EEA and are not satisfied with how we handle your information, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
13. Contact
If you have questions about this policy or your information:
Email: hello@momentsinvine.com
Website: momentsinvine.com