Effective 16 May 2026
Privacy Policy
This Privacy Policy explains how Northstar Digital Pty Ltd (ACN forthcoming) ("we", "us", "our") collects, uses, stores and discloses personal information when you use the Winerack service at winerack.online (the "Service"). We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Information we collect
- Account data: email address, password hash, and authentication tokens (including Google OAuth identifiers if you choose Google sign-in).
- Cellar data: bottles, racks, cellars, photos, purchase prices, drinking notes, ratings, and consumption history you record.
- Usage data: AI assistant queries, label scans, request logs, IP address, device and browser metadata.
- Billing data: if you upgrade to a paid plan, billing identifiers held by our payment processor (we do not store card numbers).
2. How we use it
- To provide the Service: store your cellar, run label scans, answer Sommelier questions, generate reports.
- To improve the Service, including aggregated community wine insights (see Section 3).
- To communicate with you about your account, billing, security, and product updates.
- To comply with legal obligations and respond to lawful requests.
3. Community wine insights
By default, your anonymized tasting notes, ratings, occasions, and drinking dates are aggregated with at least one other user's data to build community insights for each unique wine (e.g. "12 users rated this Penfolds 4.3"). This aggregate is shown to other signed-in users to make recommendations smarter over time.
- We never reveal your identity, email, or which specific bottles you own.
- A wine only appears in the community pool once at least 2 different users have logged it.
- You can opt out at any time in Sommelier → Settings. Opting out removes your data from future aggregations.
4. AI processing
To power the Sommelier and label-scan features, we send relevant queries and metadata to third-party AI providers (Google Gemini, OpenAI, Perplexity) through the Lovable AI Gateway. We do not send your email address or other directly identifying information to these providers.
5. Sharing and disclosure
We share personal information only with: hosting and database providers (Supabase, Cloudflare), the AI providers listed above, our payment processor, our email provider (Resend), and where required by law. We do not sell your personal information.
6. Storage and security
Data is hosted on Supabase infrastructure (primarily in the Asia-Pacific region) and edge-cached via Cloudflare globally. We use row-level security, encrypted transport, and access controls. No system is perfectly secure; you use the Service at your own risk.
7. Overseas disclosure
Some of our service providers are located outside Australia (including the United States and European Union). By using the Service you consent to your personal information being processed in those jurisdictions under their applicable laws.
8. Your rights
Under the APPs you may request access to, correction of, or deletion of your personal information. Most of this is available in-product (account settings, delete cellar). For anything else email hello@northstardigital.au. You may also complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
9. Cookies
We use essential cookies and local storage for authentication and preferences. We do not use third-party advertising or cross-site tracking cookies.
10. Children
The Service is intended for adults of legal drinking age. We do not knowingly collect data from children under 18.
11. Changes
We may update this policy from time to time. We will notify you of material changes via email or in-product notice.
12. Contact
Northstar Digital Pty Ltd, New South Wales, Australia. Privacy contact: hello@northstardigital.au.