Privacy Policy

1. Introduction

Rumfolio ("Company," "we," "us," "our," or "Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (https://www.rumfolio.com) and related services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

• Email address
• Username
• Password (encrypted)
• Full name (optional)
• Profile photo (optional)
• Bio/description (optional)

Collection Information:

• Bottles in your collection
• Quantities and purchase prices
• Bottle conditions and storage locations
• Personal tasting notes and ratings
• Photos of bottles (if uploaded)

Communications:

• Comments and reviews on bottles
• Messages within the community
• Support requests and correspondence
• Feedback and suggestions

Payment Information:

If applicable, billing address and payment details (processed securely by third-party providers)

2.2 Information Collected Automatically

Device Information:

• Device type and operating system
• Browser type and version
• IP address
• Device identifiers

Usage Information:

• Pages or features accessed
• Time spent on pages
• Links clicked
• Search queries
• Collection browsing history

Cookies and Similar Technologies:

• Session cookies (temporary)
• Persistent cookies (for remembering preferences)
• Web beacons and pixels

3. How We Use Your Information

3.1 Service Delivery

• Creating and maintaining your account
• Processing transactions
• Delivering and personalizing content
• Enabling collection management features
• Facilitating community interactions

3.2 Communication

• Sending transactional emails (account confirmations, password resets)
• Responding to inquiries and support requests
• Sending newsletters and updates (with your consent)
• Notifying you of changes to our Service

3.3 Analytics and Improvement

• Understanding how you use Rumfolio
• Identifying trends and usage patterns
• Improving features and user experience
• Conducting research and analytics
• Detecting and preventing fraud or abuse

3.4 Marketing and Promotion

• Sending promotional emails (only with your consent)
• Personalizing advertisements
• Conducting market research
• Creating aggregated, anonymized reports

3.5 Legal and Safety

• Complying with legal obligations
• Enforcing our Terms of Service
• Protecting against fraud, security threats, and abuse
• Responding to legal requests from authorities

4. How We Share Your Information

4.1 Public Profile Information

If your profile is set to public, the following information may be visible to other users:

• Username
• Profile photo
• Bio
• Public collection data
• Ratings and reviews you post
• Comments on bottles

You can control privacy settings to make your profile private.

4.2 Service Providers

We may share information with third-party service providers who assist us:

• Cloud hosting providers (Supabase)
• Email service providers
• Analytics platforms
• Payment processors
• Customer support tools

These providers are contractually obligated to protect your data.

4.3 Legal Requirements

We may disclose your information when required by law or in response to subpoenas, court orders, government requests, law enforcement inquiries, or protection of legal rights.

4.4 Business Transfers

If Rumfolio is acquired, merged, or assets are sold, your information may be transferred as part of that transaction. We will notify you of any such change.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent, such as connecting to social media accounts or integrating with external services.

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you for industry reports, statistical insights, and market research.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your information:

• SSL/TLS encryption for data in transit
• Password hashing and encryption
• Secure database storage
• Access controls and authentication
• Regular security audits
• Employee confidentiality agreements

5.2 Limitations

Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, and you use our Service at your own risk.

5.3 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your password
• Notifying us of unauthorized access
• Logging out when using shared devices

6. Your Privacy Rights and Choices

6.1 Access and Correction

You have the right to:

• Access your personal data
• Correct inaccurate information
• Update your profile information

You can do this by logging into your account or contacting us.

6.2 Data Deletion

You may request deletion of your account and associated data at any time. Upon request, we will delete your personal information within 30 days, except where:

• We are required to retain data by law
• Data is needed for business purposes
• Data has been anonymized

6.3 Opt-Out

You can opt out of:

• Marketing emails (unsubscribe link in every email)
• Cookies (browser settings)
• Targeted advertising
• Analytics tracking

6.4 Privacy Settings

You can control:

• Profile visibility (public/private)
• Collection visibility
• Who can comment on your posts
• Email notification preferences

7. International Data Transfers

7.1 Data Location

Your information may be stored and processed in the Czech Republic and may be transferred to, stored in, and processed in other countries, including countries outside the EU/EEA.

7.2 GDPR Compliance

For users in the EU/EEA, we comply with the General Data Protection Regulation (GDPR), including:

• Legal basis for processing
• Data subject rights
• International data transfer mechanisms
• Data protection impact assessments

7.3 Data Processing Agreement

If applicable, we will execute a Data Processing Agreement (DPA) for EU users.

8. Children's Privacy

8.1 Age Restrictions

Rumfolio is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

8.2 Parental Consent

If we discover we have collected information from a minor, we will:

• Delete the information promptly
• Not use the information for any purpose
• Notify the parent/guardian

Parents who believe their child has provided information should contact us immediately.

9. Cookies and Tracking Technologies

9.1 Types of Cookies

Essential Cookies:

• Session management
• Security and fraud prevention
• Account authentication

Preference Cookies:

• Remember your settings
• Language and theme preferences

Analytics Cookies:

• Track usage patterns
• Understand user behavior
• Improve Service

Marketing Cookies:

• Personalize advertisements
• Track campaign performance

9.2 Cookie Management

You can control cookies through:

• Browser settings
• Cookie preference manager on our website
• Third-party cookie management tools

Disabling certain cookies may affect Service functionality.

9.3 Third-Party Trackers

We may use third-party analytics services that track your behavior across websites. These providers have their own privacy policies.

10. Third-Party Links

Our Service may contain links to third-party websites and services. We are not responsible for their privacy practices. We recommend reviewing their privacy policies before providing personal information.

11. Data Retention

11.1 Retention Periods

We retain your information for as long as:

• Necessary to provide our Service
• Required by law
• Needed for business purposes
• As set out in this policy

11.2 Specific Retention Periods

• Account data: Until deletion or inactivity period
• Collection data: Until deletion or account termination
• Communications: Up to 1 year (or as required by law)
• Analytics data: Up to 24 months (anonymized)
• Payment records: As required by law (typically 7 years)

11.3 Data Deletion

Upon account deletion:

• Personal data is deleted within 30 days
• Public content (reviews, comments) may remain anonymized
• Backup copies deleted within 90 days

12. Email Communications

12.1 Types of Emails

Transactional:

• Account confirmations
• Password resets
• Order confirmations
• System notifications

Marketing (Optional):

• Newsletters
• Product updates
• Promotions
• Community highlights

12.2 Unsubscribe

You can unsubscribe from marketing emails by:

• Clicking the unsubscribe link in any email
• Updating email preferences in your account settings
• Contacting us directly

Transactional emails cannot be unsubscribed from as they are essential to Service operation.

13. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected
• Know whether personal information is sold or shared
• Delete personal information
• Opt-out of the sale or sharing of personal information
• Non-discrimination for exercising privacy rights

To exercise these rights, contact us with "California Privacy Request" in the subject line.

14. European Privacy Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Lodge a complaint with your data protection authority

Contact us to exercise these rights, and we will respond within 30 days.

15. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. Updates will be posted on this page with an updated "Last Updated" date.

Material changes will be communicated via:

• Email notification
• Prominent notice on our website
• Request for your consent (if required)

Your continued use of Rumfolio after changes constitute acceptance of the updated policy.

16. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, please contact us:

Email: privacy@rumfolio.com
Support: support@rumfolio.com
Website: https://www.rumfolio.com

16.1 Response Time

We will respond to privacy requests within 30 days. If we need more time, we will notify you.

16.2 Verification

To protect your privacy, we may request verification of your identity before processing requests.

17. Third-Party Privacy Contacts

Supabase (Database Provider):
Privacy Policy: https://supabase.com/privacy
Contact: privacy@supabase.com