WineOS.eu logoWineOS.eu
Draft · Early access

Privacy Policy

Last updated: 2026-05-29

This text is a draft privacy policy for the WineOS controlled-early-access phase. It does not replace a full legal policy and will be finalized prior to commercial release, including the required GDPR compliance.

1. Purpose

WineOS is a digital winery-management platform. We collect and process data exclusively to provide the service, manage production, inventory, analyses, shipments and compliance for the wineries that use the platform.

2. Data we collect

The data collected is limited to what is necessary to operate the service:

  • Account details: email, full name, user role, authentication credentials.
  • Organization details: winery name, contact details, tax ID, address, logo.
  • Production data: lots, winemaking operations, jobs, vessels, additives, fermentation records.
  • Inventory data: stock counts, bottling, stock movements, finished wines.
  • Lab data: wine analyses, alcohol content, acidity, other quality parameters.
  • Shipment / WAD data: recipient details, quantities, wine types, transport information.
  • E-label / compliance data: e-label data, TARIC / excise information.
  • Contact requests: messages submitted through the contact form, if used.
  • Technical logs: error logs, access timestamps, IP address (anonymized where feasible), required for security and debugging.

3. Legal basis for processing (GDPR)

Data processing relies on the following legal bases, depending on the type of data:

  • Performance of a contract / provision of the service: account, organization and production data are necessary to operate the platform.
  • Legitimate interest: technical logs for security, fraud prevention and stability.
  • Consent: where a contact form or marketing opt-in exists, consent is requested explicitly.
  • Legal obligation: compliance data (e-label, excise, TARIC) required by regulation.

4. Infrastructure and data processors

Data is hosted on infrastructure provided by:

  • Lovable (hosting platform): application hosting, CDN and database hosting via Lovable Cloud.
  • Supabase: database management, authentication and row-level security.
  • Email provider: will be announced when transactional email is activated (e.g. invites, password reset).
  • Analytics: no third-party analytics are currently used. If enabled, this policy will be updated.

5. Data retention

Data is retained for as long as necessary for the purpose for which it was collected:

  • Active account: for the duration of the subscription or early-access participation.
  • Backups: created at the infrastructure level by the hosting provider. Backups are retained according to the provider's policy.
  • Contact requests: up to 12 months from submission, unless longer retention is required for legal reasons.
  • Deleted / archived organizations: following organization deletion or deactivation, data may be retained in backups for a limited period. Automated permanent deletion is not implemented in this phase and will be added before commercial release.

6. Data isolation and security

Each organization (winery) has an isolated data space via Row-Level Security (RLS). User access is strictly limited to the organization they belong to. Platform administrators only access data for support, troubleshooting and compliance purposes, under strict controls.

7. User rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Access: the right to obtain a copy of your data.
  • Rectification: the right to correct inaccurate or incomplete data.
  • Erasure: the right to be forgotten, subject to limitations of legal obligations.
  • Portability: the right to receive your data in a structured, commonly used format.
  • Restriction of processing: the right to request processing restriction under specific conditions.
  • Objection: the right to object to processing based on legitimate interest.

8. Data Processing Agreement (DPA)

A separate Data Processing Agreement (DPA) will be provided before commercial release, where required by the Regulation. During the early-access phase, this privacy policy is the baseline framework.

9. Contact

For questions about your data, your rights or this policy: hello@wineos.eu

10. Policy changes

This policy may be updated during the early-access period. Material changes will be communicated by email or via an in-app notice. The current version applies from the date shown in "Last updated".

Final legal texts (GDPR, DPA, cookie policy) will be confirmed before commercial release. This text does not constitute legal advice.