Khollar← Back to home
Legal

Privacy Policy

How we handle your data, in plain language. This document is being finalized — sections marked WIP will be filled in shortly.

Last updated: Draft — not yet finalized

Khollar ("we", "our", "us") is operated from Switzerland. This Privacy Policy explains what data we collect, why we collect it, and what rights you have over it under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. What data we collect WIP

1.1 Information you provide

When you create an account, we collect your email address, a username, and any profile information you choose to add. When you log a wine, we store the wine you logged, your rating, any notes, photos, and tags you add.

1.2 Information collected automatically

We collect basic usage information: pages visited, broad device type, approximate location based on IP. We do not use third-party ad-tech tracking.

2. How we use your data WIP

We use your data exclusively to operate the product: showing your feed, building your taste profile, sending you essential product emails, and improving the service.

We do not sell your personal data. We do not share it with advertisers. We do not use it to train machine learning models owned by third parties.

3. Who we share data with WIP

We rely on a small number of service providers to run the product. Each receives only the data necessary to provide their service.

  • Supabase — database and authentication (EU region)
  • Vercel — hosting
  • Stripe — payments, only if you subscribe to a paid tier

4. Cookies and tracking

See our Cookie Policy for details about what cookies we set and why.

5. Your rights WIP

You have the right to access, correct, export, or delete your personal data at any time. You can do most of this directly from your account settings; for anything else, contact us.

6. Data retention WIP

We keep your account data as long as your account exists. If you delete your account, we delete all your personal data within 30 days, except where retention is required by law.

7. International transfers WIP

Your data is primarily stored in the European Union. Some sub-processors may transfer it elsewhere; in those cases we rely on Standard Contractual Clauses or equivalent safeguards.

8. Changes to this policy

We may update this policy. When we do, we'll update the date at the top of this page and notify users of significant changes.

9. Contact

For privacy questions, reach us at the channels listed on our contact page.

This document is a working draft. The final version will be finalized using a GDPR-compliant generator before broad launch.