WINEDEN
Privacy Policy
This Privacy Policy explains how DevsDen (Pty) Ltd ("we", "us") collects, uses, and shares personal information when you use the WineDen mobile application and related services (the "Service"). WineDen is an invite-based blind wine tasting platform.
1. Who we are
The Service is operated by DevsDen (Pty) Ltd, a company incorporated in South Africa. You can reach our data team at support@devsden.co.za.
2. Eligibility
WineDen is intended for adults of legal drinking age. You must be at least 18 years old to create an account. We enforce this with a date-of-birth check at registration; if you provide a date that indicates you are under 18, your account will not be created. We do not knowingly collect data from children.
3. Information we collect
3.1 Information you provide
- Account profile: full name, email address, phone number, password (stored hashed), and date of birth.
- Tasting content: events you host or attend, wines you add (estate, type, vintage, grapes, notes), labels you assign as decanter, and the scores or rankings you submit.
- Friend graph: friend requests you send or accept.
- Support correspondence: messages you send us by email.
3.2 Information collected automatically
- Authentication tokens stored on your device's secure storage so you stay signed in.
- Server logs kept for up to 30 days for security and abuse investigation. These contain IP address, request path, response status, and timestamp. They do not contain passwords or tasting content payloads.
We do not use third-party analytics SDKs, advertising identifiers, or device fingerprinting.
4. How we use information
- To create your account and authenticate you.
- To deliver core Service features: events, invites, blind labelling, ratings, results.
- To send WhatsApp invitation messages on your behalf when you invite a contact to a tasting. Phone numbers are forwarded to Twilio, our messaging processor, solely for delivering that invite.
- To respond to support requests and enforce our Terms of Service.
- To detect and prevent fraud, abuse, and security incidents.
5. Lawful bases (GDPR / POPIA)
- Contract: processing necessary to provide the Service you signed up for.
- Legitimate interest: security logging and abuse prevention.
- Consent: the date-of-birth age gate and the terms acknowledgement at registration.
- Legal obligation: retention of records where required by South African or other applicable law.
6. Sharing
We share personal data only with:
- Render — our cloud hosting and managed Postgres provider. Data is stored on Render's infrastructure.
- Twilio — for sending invite messages when you initiate them.
- Other tasters you invite — your display name is visible to people you invite to a tasting and to people who invite you. Your phone number and email are not shown to other tasters in the app.
- Authorities — where required by valid legal process.
We do not sell personal data and we do not share it for cross-context behavioural advertising.
7. Retention
- Account data is kept until you delete your account.
- Server logs are kept up to 30 days.
- Backups containing personal data are kept up to 35 days and are purged on a rolling basis.
- After account deletion, residual references in shared events (e.g., wines you brought) are anonymised — the wine record stays so co-tasters can still see their ratings, but your name is detached.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, restrict, or port the personal data we hold about you, and to object to or withdraw consent from certain processing.
- Access / portability: tap Profile → Download my data in the app to receive a JSON export of your profile, hosted events, invites, friendships, and ratings.
- Correction: edit your name, email, or phone number on the Profile screen.
- Deletion: tap Profile → Delete my account. Deletion is permanent and immediate; backups are purged on the next cycle.
- Other requests: email support@devsden.co.za.
9. Security
Passwords are hashed with ASP.NET Core Identity defaults. Authentication tokens are short-lived JWTs stored in OS-level secure storage (iOS Keychain / Android KeyStore) on your device. Traffic between the app and our API is TLS-encrypted. We restrict database access, rotate credentials, and run on managed infrastructure with provider-level isolation. No system is perfectly secure; we will notify you of any incident affecting your data without undue delay where required by law.
10. International transfers
Our hosting may store data in regions outside South Africa. Where personal data is transferred internationally, we rely on the contractual safeguards of our infrastructure providers.
11. Children
The Service is not directed to children under 18 and we do not knowingly collect their data. If you believe a minor has registered, contact support@devsden.co.za and we will remove the account.
12. Changes
If we change this policy materially we will update the "Last updated" date above and, where appropriate, notify you in the app or by email before the change takes effect.
13. Contact
DevsDen (Pty) Ltd
Email: support@devsden.co.za
Website: devsden.co.za