Privacy Policy

Kjellermester ("we" or "us") takes your privacy seriously. This Privacy Policy explains how we collect, use, and protect personal data when you use our app and related services. We comply with the General Data Protection Regulation (GDPR) and Norwegian law, ensuring your data is processed lawfully and responsibly. By creating an account or using Kjellermester, you consent to our processing of your personal data as described here. We may collect the following types of personal data: Account information: When you register, we ask for your email address and a password. Passwords are stored securely (encrypted). Your wine cellar and content: Data you enter in the app, such as details about wine bottles (e.g., name, vintage, type), tasting notes, and uploaded label photos. This is linked to your account to provide a personalized experience. Usage and technical data: We automatically collect certain technical information to help operate the service. This may include device type, OS, IP address, login timestamps, and actions performed in the app. Such data is typically anonymized or aggregated and used for debugging, security, and statistics. Payment information: If you choose to purchase a subscription or extra features, necessary payment details will be processed. The transaction is handled by our payment providers (App Store/Google Play). We store only non-sensitive metadata like product type, price, and timestamp – not full card details. Communication: Information you provide when contacting support or communicating with us, such as your email and the content of your inquiry. If you subscribe to our newsletter (only with consent), we store your email for sending messages. How we use your data We only process personal data for specific, stated purposes: To deliver and operate the service: Your data is used to create and manage your account, store your wine cellar, and provide app functionality. For example, we use your email for login and verification, and store your wine data to give you a full overview and personal recommendations (including AI-based suggestions based on your collection). Personalized recommendations: The app’s AI features may process your cellar data to suggest food pairings or optimal drinking windows. This is automated and does not involve sensitive personal data. Improving the service: We analyze usage data and feedback to improve the interface, features, and performance of Kjellermester. This is mostly done using aggregated or anonymized data that cannot identify you. Customer service and communication: We use your email to send important messages (e.g., confirmations, password resets, policy updates) and to respond to support requests. If you provide a name, we may use it to personalize messages. Marketing: We may send newsletters or information about features and offers. You can unsubscribe at any time. Security and legal obligations: We may use data to detect and prevent abuse of the service (e.g., violations or unauthorized access). Where legally required, we may also process and share data to comply with legal obligations. Legal basis: Most data is processed because it is necessary to fulfill our agreement with you (GDPR Art. 6(1)(b)). In some cases, we rely on consent (Art. 6(1)(a)) or legitimate interest (Art. 6(1)(f)) to ensure safe and effective operation of the service. Data sharing (processors) We may share it in these cases: Our data processors (third-party vendors): We use trusted providers to run Kjellermester. These parties process data only on our behalf and under GDPR-compliant agreements: Supabase: Handles authentication and data storage, hosted in the EU/EEA. Email service (e.g. Zoho Mail): Used for sending verification codes, messages, and newsletters. They process emails securely in accordance with GDPR. AI service: Used for label recognition and personalized wine advice. Only the minimum data (like a label image or question) is shared for this purpose. If the service is located outside the EU/EEA, we use standard contractual clauses to ensure protection. Legal obligations: If required by law or court order, we may disclose only the necessary data. Business transfers: In the event of a merger, acquisition, or sale of Kjellermester, user data may be transferred to the new owner, in accordance with this policy. We have data processing agreements in place with all providers to ensure your personal data is properly protected. They may only use it to deliver services on our behalf. Storage and security We retain your data only as long as necessary for its purpose. In practice, this means your data is stored while your account is active. If you delete your account, we will delete or anonymize your data shortly afterward, unless we are required to retain it longer (e.g., for accounting records). We take data security seriously: All data transferred between your app/browser and our systems is encrypted via HTTPS/SSL. Your data is stored in secure, monitored infrastructure managed by professional providers. Access to data is restricted to authorized personnel and covered by confidentiality obligations. We regularly update systems and are prepared for incidents. In case of a breach affecting your data, we will notify you and the authorities as required. Your rights You have the following rights regarding your data: Access: You can request a copy of the personal data we store about you. Correction: You can ask us to correct any incorrect or incomplete information. Deletion: You can request to delete your data (“right to be forgotten”), including your account. Some data may be retained if legally required (e.g., proof of payment). Restriction: In certain situations, you may ask us to limit how your data is used. Portability: You can request your data in a machine-readable format or have it sent to another provider. Objection: You can object to certain types of processing, like marketing. Withdraw consent: If processing is based on consent, you can withdraw it at any time. Complaint: You can file a complaint with the Norwegian Data Protection Authority (Datatilsynet), but we encourage you to contact us first. We aim to respond without undue delay, and no later than 30 days. Changes to this policy We may update this Privacy Policy as needed (e.g., due to changes in law or service). Significant changes will be communicated via the app, email, or website. The latest version is always available online. Contact Data controller: Kjellermester (the app team) Email: support@kjellermester.no