Privacy Policy

Last updated: 28 March 2026

1. Data Controller

Viniq ("we", "us") is the data controller for personal data processed through the Viniq wine-cellar management service available at viniq.se. You can reach us at privacy@viniq.se with any questions about this policy or your personal data.

2. Data We Collect

We collect the following categories of data:

  • Account data: name, email address, and (if you set one) a hashed password, or your Google / Apple identity token if you sign in with those providers.
  • Wine & cellar data: bottle records, bins, sites, vintages, tasting notes, ratings, and purchase/consumption history that you enter into the service.
  • Usage data: pages visited, features used, session timestamps, and your approximate IP address, collected to operate and improve the service.
  • Technical data: browser type, device information, and error logs needed to diagnose problems.

We do not collect payment card data. Patreon handles all subscription payments.

3. How We Use Your Data

We use your data to:

  • Provide and operate the Viniq service (contract performance, Art. 6(1)(b) GDPR).
  • Send transactional emails such as password resets and account notifications (contract performance).
  • Detect abuse, enforce our terms, and comply with legal obligations (legitimate interest / legal obligation, Art. 6(1)(c)(f) GDPR).
  • Improve the service through aggregated, anonymised analytics (legitimate interest).

We do not sell your data or use it for third-party advertising.

3A. Google User Data (Google Sign-In)

If you choose Google Sign-In, we request only the minimum Google account information needed to authenticate and create your account (typically your Google account identifier, name, and email address via OpenID Connect profile scopes).

  • Access: we access this data only when you choose Google Sign-In.
  • Use: we use it only for authentication, account creation, and account support.
  • Storage: we store the minimum account profile data in your Viniq account and do not store your Google password.
  • Sharing: we do not sell Google user data and do not share it with third parties except service providers needed to operate Viniq, or where required by law.
  • Retention and deletion: this data is retained while your account is active and deleted with your account according to Section 4.

You can revoke Viniq access to your Google account at any time in your Google Account security settings. If you do so, you may need to use another available sign-in method to continue using your account.

4. Data Retention

Your account and cellar data are retained for as long as your account is active. If you delete your account, your personal data is removed within 30 days, except where we are required by law to retain it longer (for example financial records). Anonymised, aggregated statistics may be kept indefinitely.

5. Third-Party Services

To operate the service we work with a limited number of trusted infrastructure providers. We share only the data each provider needs to perform their function:

  • Hosting & database: your account and cellar data is stored on cloud infrastructure operated within the EU or under contractual safeguards equivalent to EU data protection standards.
  • Email delivery: a third-party email service is used to send account-related messages such as password resets. It receives only your email address and the content of that specific message.
  • Sign-in providers: if you choose to sign in with a social login (such as Google or Apple), that provider handles the authentication step and their own privacy policy applies to it. We receive only the basic profile information needed to create your account.
  • File storage: wine label images you upload are stored on a dedicated, access-controlled cloud storage service and are not shared further.

We do not use advertising networks or cross-site tracking of any kind. All usage analytics are first-party and aggregated.

6. Cookies & Local Storage

We use a single session cookie (HTTP-only, Secure in production) to keep you signed in. We also use browser localStorage to remember your theme (light/dark) and language preference. No third-party tracking cookies are set.

7. Your Rights (GDPR)

Under the General Data Protection Regulation you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion of your account and data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction: ask us to stop processing your data in certain circumstances.
  • Object: object to processing based on legitimate interest.

To exercise any of these rights, email privacy@viniq.se. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority (for Sweden: Integritetsskyddsmyndigheten, imy.se).

8. Data Security

Passwords are stored as bcrypt hashes and are never logged or transmitted in plain text. All traffic is encrypted in transit using TLS. Access to production systems is restricted to authorised personnel.

9. Children's Privacy

Viniq is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact privacy@viniq.se and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date above. For material changes affecting how we access, use, store, or share personal data (including Google user data), we will provide a prominent notice in-product or by email before or at the time the change becomes effective. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact

Viniq

privacy@viniq.se

https://viniq.se

See also our Terms of Service.