← Back to WINi

Privacy Policy

Effective date: March 2026

1. Data Controller

Digital Companion Oy (“WINi”, “we”, “us”)
Business ID: 3607674-4
Espoo, Finland
Email: privacy@winiapp.ai

WINi is the data controller for all personal data processed through this service, as defined under the EU General Data Protection Regulation (GDPR).

2. Legal Basis for Processing

  • Contract performance — account creation, wine pairing service, saved favorites and pairings.
  • Consent — analytics cookies, marketing communications (opt-in only).
  • Legitimate interest — service improvement through anonymized aggregate data, security monitoring.

3. What We Collect

  • Account data: name, email, hashed password (when you register).
  • Pairing data: menu photos you upload, dish/wine pairing results, and saved favorites.
  • Usage data: anonymous page views and feature usage (only with your explicit consent).

We do not sell your data to third parties. Ever.

4. How We Use Your Data

  • To provide the wine pairing service (analyzing menus, saving results).
  • To improve WINi through anonymized aggregate patterns (only with your consent).
  • To send transactional emails (password reset, account verification).

5. AI Processing & Automated Decision-Making

Menu photos and text are sent to Anthropic's Claude API for analysis. Anthropic does not use your data for training. See Anthropic's privacy policy.

WINi uses AI to generate wine pairing recommendations. These are informational suggestions only and do not constitute professional advice. You always make the final decision. This processing does not fall under GDPR Article 22 (automated individual decision-making) as it has no legal or similarly significant effects.

6. Data Storage & Security

Your data is stored on secure servers within the EU (Azure North Europe). Passwords are hashed with bcrypt (cost 12). Sessions use encrypted JWT tokens. All connections are HTTPS-encrypted.

7. Cookies

WINi uses essential cookies for authentication and consent preferences. Analytics cookies are only set with your explicit opt-in via our cookie banner.

8. Your Rights (GDPR)

You have the right to:

  • Access — Export all your data from Account settings.
  • Rectification — Edit your profile anytime.
  • Erasure — Delete your account and all data permanently.
  • Data portability — Download your data as JSON.
  • Withdraw consent — Revoke analytics consent anytime.
  • Lodge a complaint — Contact the Finnish Data Protection Ombudsman at tietosuoja.fi.

9. Data Retention

  • Account data: kept until you delete your account.
  • Pairing sessions: kept until you delete them or your account.
  • Menu photos: processed in-memory only, never stored on our servers.
  • Interaction events: anonymized after 24 months, then deleted.
  • After account deletion: active data removed within 1 day; encrypted backups purged within 7 days.

10. Third-Party Services (Subprocessors)

  • Anthropic (Claude API) — AI analysis (US-based, no training on your data).
  • Stripe — Payment processing (PCI DSS compliant).
  • Resend — Transactional emails.
  • Microsoft Azure — Hosting (EU North Europe region).

WINi links to external retailers (Alko, Viinikellari, Vivino) for wine purchases. We do not share your personal data with these services. Clicking a link takes you to their website under their own privacy policy.

11. Contact

For privacy questions or data requests, email: privacy@winiapp.ai