Privacy Policy

This Policy applies to (a) the merchant dashboard at our domains, (b) the public QR menu interface shown to guests inside the Restaurant, (c) all transactional communications WineUp sends to Restaurant staff, and (d) any APIs or background services that support those surfaces.

WineUp does not establish any direct legal relationship with the Restaurant's guests. Guests do not create accounts, do not submit personally identifying information through the QR flow, and are not contractual users of WineUp. Any relationship between the Restaurant and its guests (including the sale or service of alcohol) is governed solely by the Restaurant and applicable local law.

• Restaurant account data: legal/trading name, address, country, currency, tax identifiers (when voluntarily provided for invoicing), time zone, subscription plan and billing status.
• Operational content uploaded by the Restaurant: menus, dish descriptions, wine lists, vintages, prices, allergen tags, photos and brand assets. The Restaurant is solely responsible for the accuracy and lawfulness of this content.
• Merchant staff identifiers: business email address, bcrypt-hashed password, optional display name. If you sign in with Google we receive your email and public profile photo via OAuth; we never receive your Google password.
• Operational telemetry: table sessions, internal order tickets (used by the Restaurant's own waiters), inventory adjustments, push notifications, AI credit usage and aggregated analytic events. These events never include personally identifying information about the guest sitting at the table.
• Device and security logs: IP address, user-agent, request timestamps, error stack traces and authentication events, retained for fraud prevention and platform security.
• Billing metadata: last four digits of the card, card brand, country and Stripe customer ID. We never store full card numbers, CVV codes or full bank details — these are tokenised by Stripe, our PCI-DSS Level 1 certified payment processor.
• Guest data: we do not collect names, emails, telephone numbers, addresses, payment details, age, geolocation or any other personal identifier from guests who scan a QR code. No guest accounts exist. No guest authentication occurs.

• Operate and improve the merchant dashboard, the public QR menu interface and the AI pairing engine.
• Generate pairings, dish summaries and wine descriptions by sending menu content to OpenAI (see §6 Third-party processors). The Restaurant accepts that AI-generated outputs may be inaccurate, incomplete, outdated or unsuitable and must be reviewed and approved by qualified Restaurant staff before being served to guests.
• Deliver transactional emails to merchant staff (password reset, magic-link, welcome, weekly summary, billing notices).
• Produce aggregated analytics for the Restaurant owner.
• Detect abuse, prevent fraud, enforce rate limits, investigate security incidents and comply with legal obligations.
• Bill the Restaurant's subscription through Stripe, including dunning for failed payments.

We use strictly necessary cookies and browser storage to keep merchant users authenticated, to remember language preferences and to support fraud detection. The public QR flow uses a session-scoped flag to remember the guest's 21+ age confirmation for the duration of the browser session only — it is purged when the browser is closed.

We do not use advertising cookies, cross-site tracking pixels, third-party marketing trackers, behavioural advertising profiles or fingerprinting on any surface served by WineUp.

• Performance of contract (Art. 6(1)(b) GDPR) for delivering the SaaS to subscribed Restaurants and their staff.
• Legitimate interests (Art. 6(1)(f) GDPR) for fraud detection, security, dispute resolution and platform analytics.
• Compliance with legal obligations (Art. 6(1)(c) GDPR) for tax, accounting and lawful disclosure requirements.
• Consent (Art. 6(1)(a) GDPR) where explicitly requested, for example to receive non-transactional product news.

• OpenAI — menu extraction, wine pairing generation and natural-language wine descriptions.
• MongoDB Atlas — encrypted primary data store (encryption at rest and in transit).
• Stripe — recurring subscription billing only. WineUp does not process payments between guests and the Restaurant. Stripe is the controller of card data and is PCI-DSS Level 1 certified.
• Resend — transactional email delivery.
• Emergent infrastructure — container hosting, CDN and TLS termination.

Each processor operates under written data-processing terms and processes data only on our documented instructions. The list of sub-processors may be updated; the current list is available on request to wineuptech@gmail.com.

Some sub-processors host or process data in jurisdictions outside the European Economic Area, including the United States. Where applicable we rely on the EU Standard Contractual Clauses (2021/914) and supplementary measures (encryption at rest and in transit, access logging, principle of least privilege) to safeguard such transfers. A copy of the safeguards may be requested at wineuptech@gmail.com or consulted online at /legal/safeguards.

We do not sell, rent, lease or trade personal data. We share data only with (a) the Restaurant that owns the account, (b) the processors listed in §6, (c) competent authorities and courts when legally required by valid process, and (d) acquirers as part of a merger, acquisition or asset transfer, subject to a binding confidentiality undertaking.

We may publish aggregated and fully anonymised statistics derived from platform-wide usage — for example, “X% average uplift in wine sales after onboarding WineUp”, total bottles paired, or category-level trends — on our marketing website and materials. These aggregates never identify any specific restaurant, dish, vintage or order, cannot be reverse-engineered to a single account, and are computed only on k-anonymised datasets (k ≥ 5). To exclude your Restaurant from anonymised aggregates, email wineuptech@gmail.com and we will action the opt-out within 30 days.

• Active accounts: data is retained while the subscription is active and the Restaurant continues to use the platform.
• Cancelled accounts: primary records are deleted within 90 days of cancellation; backups are purged within an additional 30 days.
• Billing records: retained for the period required by applicable tax and accounting law (typically 7–10 years).
• Security logs: retained for up to 12 months for incident response.
• Aggregated/anonymised analytics: may be retained indefinitely as they no longer identify any individual or Restaurant.

We apply administrative, technical and organisational measures appropriate to the risk, including bcrypt password hashing, TLS 1.2+ in transit, encryption at rest in MongoDB Atlas, isolated environments for production, restricted production access, audit logging, automated dependency scanning and regular review of access privileges. No system is 100% secure; we cannot warrant absolute security and the Restaurant accepts that residual risk inherent to internet-based services.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the affected Restaurant without undue delay and, where feasible, within 72 hours of becoming aware of it, and will cooperate in good faith with the Restaurant's obligations toward its supervisory authority and data subjects.

If you are a merchant user you may exercise the following rights, subject to the limits set by applicable law:

• Right of access, rectification, erasure (“right to be forgotten”) and restriction of processing.
• Right to data portability for data you have provided.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time, without affecting the lawfulness of processing carried out beforehand.
• Right to lodge a complaint with the competent supervisory authority in your country of residence.
• For California residents (CCPA/CPRA): right to know, delete, correct and to opt out of “sale” or “sharing” — we do not sell or share personal information as defined by CCPA.

To exercise any right, email wineuptech@gmail.com. We will respond within 30 days. We will not retaliate against any user exercising these rights.

WineUp is exclusively addressed to adults of legal drinking age, which under these Terms is defined as 21 years of age or older, regardless of the lower minimum drinking age that may apply in the user's jurisdiction. The platform is not directed to minors and we do not knowingly collect any personal data from any individual under 21 years of age.

If you believe that a person under 21 has provided personal data through a merchant account, contact us immediately at wineuptech@gmail.com and we will delete the data as soon as reasonably possible.

The Restaurant is solely responsible for verifying the age of any guest physically present in the venue before serving any alcoholic beverage. WineUp expressly disclaims any obligation or liability for in-venue age verification.

The pairing engine and natural-language descriptions are produced in whole or in part by automated systems (Large Language Models). They are statistical recommendations, not professional sommelier, nutritional, medical, legal or financial advice. The Restaurant is the human-in-the-loop and must review, approve, edit or remove any AI output before presenting it to guests. WineUp is not liable for inaccuracies, omissions, hallucinations, allergen mislabelling, vintage errors or any other defect in AI-generated content.

We may update this Policy from time to time. The “Last updated” date will reflect the most recent revision. For material changes we will notify the Restaurant administrator by email at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance.

Data controller for the platform and merchant accounts: WineUp Labs. Email wineuptech@gmail.com. For privacy and data-protection questions, write to the same address with subject line “Privacy Request”. EEA/UK users may also lodge a complaint with their local supervisory authority.