Legal
Privacy Policy
VaultSomm is built for privacy-conscious collectors. We do not sell your data, share it with advertisers, or use it to train AI models. Your cellar is yours.
1. Who We Are
VaultSomm ("VaultSomm," "we," "us," or "our") operates the VaultSomm platform at vaultsomm.com and vaultsomm.pages.dev. We provide wine portfolio tracking, market intelligence, and tax reporting tools for serious wine collectors.
For questions about this policy, contact us at privacy@vaultsomm.com.
2. Information We Collect
We collect information you provide directly and information generated through your use of the platform.
- Account information: Email address and password (stored securely via Supabase Auth).
- Profile information: Name, subscription tier, and preferences you set in your profile.
- Cellar data: Wine bottle records you add — including producer, vintage, region, purchase price, current value, storage location, and notes.
- Usage data: Pages visited, features used, and actions taken within the app (e.g., reports generated, searches made).
- Device data: Browser type, operating system, IP address, and approximate location (country/region level only).
- Communications: Any messages you send to our support team.
3. How We Use Your Information
We use your information only to provide and improve the VaultSomm service:
- Authenticate your account and secure your data.
- Display your cellar, portfolio, and valuation data.
- Generate PDF reports (Insurance Valuation, Schedule D, Estate Inventory, Form 709).
- Power the AI Sommelier feature — your queries are sent to Perplexity AI's API but are not stored by VaultSomm beyond your session.
- Send transactional emails (account confirmation, password reset). We do not send marketing emails without your explicit consent.
- Analyze aggregate usage patterns to improve features (never linked to individual identities).
- Comply with applicable law.
4. Data Storage & Security
Your data is stored in a Supabase-managed PostgreSQL database hosted in the United States. We implement the following safeguards:
- All data in transit is encrypted via TLS 1.2+.
- All data at rest is encrypted using AES-256.
- Authentication uses industry-standard JWT tokens with short expiry windows.
- Row-level security policies ensure users can only access their own data.
- We do not store payment card information — billing is handled by a third-party payment processor.
No security system is impenetrable. In the event of a breach that may affect your data, we will notify you within 72 hours of becoming aware of it.
5. Data Sharing
We do not sell, rent, or share your personal data with third parties for their own purposes. We share data only in these limited circumstances:
- Service providers: Supabase (database), Cloudflare (hosting/CDN), Perplexity AI (AI Sommelier queries — no persistent storage), Mapbox (wine region map tiles — no user data transmitted).
- Legal requirements: If required by law, court order, or governmental authority.
- Business transfers: In connection with a merger, acquisition, or sale of assets — you will be notified before your data is transferred to a new entity.
6. Cookies & Tracking
VaultSomm uses minimal, essential cookies only:
- Authentication session cookies — to keep you logged in.
- Preference cookies — to remember your theme (dark/light mode) choice.
We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that identify individuals. We do not use Google Analytics.
7. Your Rights
Depending on your location, you may have the following rights under applicable privacy law (including GDPR, CCPA, and similar regulations):
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate data.
- Deletion: Request that we delete your account and all associated data. You can also delete your account directly from the app settings.
- Portability: Request your cellar data in a machine-readable format (CSV export available in-app).
- Restriction: Request that we limit how we process your data.
- Objection: Object to processing based on legitimate interests.
- Non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, email privacy@vaultsomm.com. We will respond within 30 days.
8. Data Retention
We retain your account and cellar data for as long as your account is active. If you delete your account, we will permanently delete all associated data within 30 days, except where retention is required by law (e.g., financial records).
9. Children's Privacy
VaultSomm is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has created an account, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you via email or an in-app banner at least 14 days before the change takes effect.
11. Contact Us
For privacy-related questions, requests, or concerns:
- Email: privacy@vaultsomm.com
- General: hello@vaultsomm.com
- Website: vaultsomm.com