Privacy Policy

Effective February 12, 2026 · Last updated February 12, 2026

Overview

Claret is operated by Taylor Clauson d/b/a Claret AI ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered wine recommendation mobile application and related services (collectively, the "Service").

By using Claret, you consent to the collection and use of your information as described in this Privacy Policy.

Information We Collect

1. Account Information

When you create an account, we collect:

• Email address
• Name (if provided via your authentication provider)
• Profile photo URL (from Google or Apple)
• Authentication provider identifiers (Google OAuth, Apple Sign-In)

2. Wine Preferences and Behavior Data

To provide personalized recommendations, we collect:

• Wine type preferences (red, white, sparkling, etc.)
• Preferred wine regions and grape varieties
• Price range preferences
• Dietary restrictions and allergies
• Wine ratings and personal tasting notes you provide
• Saved favorite wines in your Wine Journal
• Chat conversation history with our AI assistant
• AI-derived learned preferences (taste profile built from your interactions)
• Chat summaries generated from your conversation history
• Preference intake questionnaire responses

3. Usage and Interaction Data

We automatically collect:

• Monthly message count and lifetime scan counts
• Features used and modes selected (general, food pairing, label scan, menu scan, etc.)
• Chat messages and queries sent to our AI system
• Message feedback (thumbs up/down ratings on AI responses)
• Subscription tier and expiration status

4. Image Data

When you use our wine label or menu scanning features:

• Photos of wine labels you scan
• Photos of restaurant menus you upload
• Metadata associated with uploaded images
• AI-processed analysis results from images

5. Menu Cache Data

When you use the menu scanner, we may store:

• Venue name and address
• Latitude and longitude coordinates (when available)
• Parsed wine list data extracted from menu images
• Menu content hashes for change detection

6. Device and Technical Information

We collect standard technical information:

• Device type, model, and operating system version
• App version
• IP address
• Crash reports and error logs
• Diagnostic logs (device model, OS version, error details) uploaded for troubleshooting

7. Push Notification Data

If you enable push notifications:

• Device push notification token
• Notification preferences and settings

8. Payment Information

For premium subscriptions:

• Subscription status, tier, and billing period (processed through Apple App Store and RevenueCat)
• We do NOT collect or store payment card details (handled entirely by Apple)

How We Use Your Information

Core Service Functionality

• AI Wine Recommendations: Generate personalized wine suggestions based on your preferences, chat history, and behavior patterns
• Account Management: Create and maintain your user account
• Preference Learning: Build and refine your taste profile over time using your feedback, favorites, and conversation history
• Content Personalization: Customize the app experience based on your wine knowledge level and interests
• Menu Caching: Store parsed menu data to speed up repeat visits to the same venue

Service Improvement

• Analytics: Track anonymized usage patterns to understand which features are used and improve the product (via PostHog)
• AI Quality Monitoring: Trace AI model inputs and outputs to monitor recommendation quality and debug issues (via LangSmith)
• Error Tracking: Monitor application errors and crashes to maintain service reliability (via Sentry)
• Feature Development: Analyze aggregated usage data to prioritize new features

Communication

• Push Notifications: Send wine recommendations, feature updates, or account-related alerts (if enabled)
• Customer Support: Respond to your inquiries and provide assistance

Third-Party Data Processors

We share your information with the following service providers, each of which processes data on our behalf under appropriate agreements:

Supabase

• Purpose: Database hosting, user authentication, and file storage (uploaded images)
• Data shared: Account information, wine preferences, chat history, conversation data, uploaded images
• Privacy policy: supabase.com/privacy

OpenAI

• Purpose: AI-powered wine recommendations, wine label analysis (Vision API), menu scanning, and preference analysis
• Data shared: Chat messages, conversation context, wine preferences, uploaded images (for label/menu scanning)
• Note: We send the minimum context necessary for each request. Your messages are sent to OpenAI's API for processing.
• Privacy policy: openai.com/privacy

Anthropic

• Purpose: Alternative AI provider for wine recommendations and preference analysis (used interchangeably with OpenAI)
• Data shared: Same data categories as OpenAI when Anthropic is the active provider
• Privacy policy: anthropic.com/privacy

PostHog

• Purpose: Product analytics and usage tracking
• Data shared: Anonymized user ID, event data including wine_recommendation_request, wine_recommendation_response, wine_recommendation_error, wine_stream_session_start, message_feedback_submitted, message_feedback_deleted
• Privacy policy: posthog.com/privacy

LangSmith (LangChain)

• Purpose: AI model observability, prompt/response tracing, and user feedback tracking
• Data shared: AI conversation traces (inputs, outputs, metadata), user feedback scores, conversation IDs
• Privacy policy: langchain.com/privacy-policy

RevenueCat

• Purpose: Subscription and in-app purchase management
• Data shared: Anonymous app user ID, subscription status, purchase transactions
• Privacy policy: revenuecat.com/privacy

Render.com

• Purpose: Backend server hosting
• Data shared: All data processed by our backend transits through Render's infrastructure
• Privacy policy: render.com/privacy

Sentry

• Purpose: Error tracking, performance monitoring, and crash reporting
• Data shared: Error logs, stack traces, request metadata (with sensitive data redacted — authorization headers and message content are stripped before transmission)
• Privacy policy: sentry.io/privacy

Apple

• Purpose: App distribution (App Store), authentication (Apple Sign-In), subscription billing
• Data shared: App Store analytics, subscription transactions
• Privacy policy: apple.com/privacy

Google

• Purpose: Authentication (Google OAuth Sign-In)
• Data shared: OAuth tokens for authentication only. We do not use Google Analytics or Google advertising services.
• Privacy policy: policies.google.com/privacy

We Do NOT Sell Your Personal Information

Claret does not sell, rent, or trade your personal information to third parties for their commercial purposes. We do not share anonymized or aggregated wine preference data with wine industry partners. We have no affiliate partnerships with wine retailers.

Legal Requirements

We may disclose your information if required by law or in response to:

• Valid court orders or government requests
• Legal processes or regulatory investigations
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you before your information becomes subject to a different privacy policy.

Data Security and Protection

Security Measures

• Encryption: All data is encrypted in transit using TLS
• Database Security: Row Level Security (RLS) policies ensure users can only access their own data
• Access Controls: Backend validates Supabase JWTs for all authenticated requests
• Data Minimization: We collect only the data necessary for service functionality
• Log Sanitization: Server logs redact sensitive data (authorization headers, message content, query parameters)
• Sentry Filtering: Sensitive request parameters and headers are stripped before error reports are sent

Data Retention and Deletion

• Account Deletion: When you delete your account, all associated data is cascade-deleted immediately, including user profile and authentication records, all conversations and messages, wine preferences and taste profiles, saved wines and favorites, uploaded images (removed from storage), usage tracking records, menu cache entries, push notification tokens, and feedback records
• No 30-Day Hold: Data deletion is immediate upon account deletion — we do not retain your data for a waiting period
• Menu Cache: Cached menu data expires automatically after 30 days
• Third-Party Data: Data sent to third-party processors (PostHog, Sentry, LangSmith) is subject to those providers' retention policies. We cannot guarantee immediate deletion from their systems, but we delete all data within our control immediately.

Your Privacy Rights

Account Control

• Access: View your personal data through the app
• Correction: Update your preferences and profile information at any time
• Deletion: Delete your account and all associated data through the app settings (Settings > Delete Account)
• Data Portability: Export your wine preferences and favorites data

Communication Preferences

• Push Notifications: Control notification preferences in the app or disable via iOS Settings
• Notification Settings: Granular control over notification types within the app

California Residents (CCPA)

Categories of personal information we collect:

• Identifiers (email, name, device identifiers)
• Internet activity (usage data, chat history, browsing patterns within the app)
• Inferences (AI-derived taste profiles and learned preferences)
• Commercial information (subscription status)
• Geolocation data (approximate, from IP address; precise coordinates only in menu cache if provided)

Your rights:

• Right to know what personal information we collect and how it's used
• Right to delete personal information
• Right to opt-out of sale of personal information — We do not sell your personal information
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at support@claretai.app.

EU/UK Residents (GDPR/UK GDPR)

Legal bases for processing:

• Contract Performance: Processing necessary to provide the wine recommendation service you've requested
• Legitimate Interests: Improving our service, preventing fraud, and ensuring security
• Consent: Push notifications and optional analytics (which you can withdraw at any time)

Your rights:

• Right to access, rectify, erase, or restrict processing of personal data
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to object to automated decision-making, including AI-based profiling used to generate your taste profile and recommendations
• Right to withdraw consent for consent-based processing
• Right to lodge complaints with your local data protection authority

Note on EU presence: Claret is operated from the United States. We do not currently maintain an EU representative, as we do not actively target or market to EU residents. EU residents who choose to use the Service may exercise their rights by contacting us directly.

Children's Privacy

Claret is not intended for use by anyone under the legal drinking age in their jurisdiction. We do not knowingly collect personal information from minors. If you become aware that someone under the legal drinking age has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

International Data Transfers

Your information is processed in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States where our servers and third-party processors are located.

Cookie Policy

Claret is a native iOS app and does not use traditional website cookies. We use similar technologies:

• Authentication Tokens: Secure login session management stored on your device
• Local Preferences: App settings stored locally on your device

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

• The "Last Updated" date will be revised
• Material changes will be communicated through the app
• Continued use of the app after changes constitutes acceptance of the updated policy

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: support@claretai.app
Website: claretai.app

Dispute Resolution

For disputes related to privacy or data protection:

1. Contact us directly using the information above
2. We will respond within 30 days (or as required by applicable law)
3. For unresolved disputes, you may contact relevant regulatory authorities

---

Policy Version: 2.0