Privacy Policy

1. What We Collect

• Account data: name, email, hashed password (when you register).
• Pairing data: menu photos you upload, dish/wine pairing results, and saved favorites.
• Usage data: anonymous page views and feature usage (only with your explicit consent).

We do not sell your data to third parties. Ever.

2. How We Use Your Data

• To provide the wine pairing service (analyzing menus, saving results).
• To improve WINi through anonymized aggregate patterns (only with your consent).
• To send transactional emails (password reset, account verification).

3. AI Processing

Menu photos and text are sent to Anthropic's Claude API for analysis. Anthropic does not use your data for training. See Anthropic's privacy policy.

4. Data Storage & Security

Your data is stored on secure servers within the EU (Azure North Europe). Passwords are hashed with bcrypt (cost 12). Sessions use encrypted JWT tokens. All connections are HTTPS-encrypted.

5. Cookies

WINi uses essential cookies for authentication and consent preferences. Analytics cookies are only set with your explicit opt-in via our cookie banner.

6. Your Rights (GDPR)

You have the right to:

• Access — Export all your data from Account settings.
• Rectification — Edit your profile anytime.
• Erasure — Delete your account and all data permanently.
• Data portability — Download your data as JSON.
• Withdraw consent — Revoke analytics consent anytime.

7. Data Retention

• Account data: kept until you delete your account.
• Pairing sessions: kept until you delete them or your account.
• Menu photos: processed in-memory only, never stored on our servers.

8. Third-Party Services

• Anthropic (Claude API) — AI analysis (US-based, no training on your data).
• Stripe — Payment processing (PCI DSS compliant).
• Resend — Transactional emails.
• Microsoft Azure — Hosting (EU region).

9. Contact

For privacy questions or data requests, email: privacy@alfredleppanen.com