Privacy Policy

Version v1-2026-04-27 · Last updated April 27, 2026

1. Information We Collect

We collect only what's needed to run the app and the features you use.

You provide directly:

Email address and password (for authentication)
Display name (optional, for community features)
Taste preferences (during onboarding)
Bottles you add to your collection, wishlist, and shelves
Tasting notes, ratings, and flavor tags
Trip plans and store check-ins
Photos you upload (bottle scans, sighting photos, avatar)

Generated by your use:

Activity timestamps (when you added a bottle, logged a tasting note, etc.)
Device push tokens (only if you enable push notifications)
Sub-processor request logs (transient; see section 3)

Generated by social features (only if you opt in):

Latitude/longitude for sightings and store check-ins (you choose what to submit)
Follow relationships
Activity-feed entries that fan out to your followers

We do not collect data from third-party trackers, advertising networks, or your device's other apps. We don't fingerprint your device.

2. How We Use Your Information

Your data powers the app's features:

Collection tracking — your bottles, tasting notes, wishlist, and shelves are stored so you can access them across sessions and devices.
Personalized recommendations — the AI Sommelier uses your taste preferences and collection summary to suggest bottles. This feature is opt-in (see section 7).
Community features — sightings, store check-ins, follows, and activity feed are visible to other authenticated users to support the "find a bottle near me" use case. You control what's visible.
Push notifications — only if you enable them, and only for the categories you select in Settings.
Account security — minimal logging of authentication events.

We do not sell your personal data, and we do not share it for cross-context behavioral advertising. See section 10 for what these terms mean under California law.

3. Sub-processors

We share specific data with the following service providers, each subject to a data processing agreement:

Supabase

Data shared: All account data (database rows, files)

Purpose: Database hosting, authentication, file storage

Retention: Per their DPA; data deleted on account deletion

Google Gemini

Data shared: Taste preferences, collection summary, your AI Sommelier query

Purpose: Generating AI recommendations

Retention: Not retained beyond the request

api4ai

Data shared: Bottle label image you scan

Purpose: Recognizing the bottle

Retention: Not retained beyond the request

Expo

Data shared: Device push token

Purpose: Delivering push notifications you've enabled

Retention: Per their DPA

We don't add other sub-processors without updating this policy and (for material changes) prompting for re-consent.

4. Data Retention

We keep personal data only as long as needed for the purpose it was collected:

Account profile, collection, tasting notes, wishlist — until you delete your account
Activity feed entries — 180 days, then automatically deleted
Push notification tokens — 365 days from last device activity, then automatically deleted
Store sightings — 2 years; after that, your identity is removed from the report (the location data remains for community value)
Store check-ins — 2 years, then fully deleted
Sub-processor request logs (Gemini, api4ai) — not retained
Consent log (your privacy preferences over time) — until you delete your account; anonymized on deletion

Retention windows are recorded in our database and enforced by automated jobs.

5. Your Rights

You have the following rights over your personal data. Use the in-app surfaces below or email privacy@totaldram.app.

Right of access (GDPR Art. 15) and portability (GDPR Art. 20)

You can download all your personal data as a structured JSON file from Settings → Privacy & Data → Download My Data. Limited to one export per 24 hours.

Right to erasure (GDPR Art. 17, "right to be forgotten")

You can permanently delete your account and all associated data from Settings → Danger Zone → Delete Account. Some community-contributed content (tasting notes feeding aggregate ratings, sightings helping others find bottles) is retained but anonymized — the row stays, your name does not.

Right to rectification (GDPR Art. 16) and correction (CPRA § 1798.106)

Most of your information is directly editable in the app — your collection, tasting notes, wishlist, profile, and notification preferences. For information that isn't directly editable (timestamps, system-generated fields), use Settings → Privacy & Data → Request Data Correction.

Right to restrict / object (GDPR Art. 18 & 21)

You can opt out of specific data processing without deleting your account from Settings → Privacy & Data:

AI Sommelier — turn off to stop sending data to Google Gemini
Show my activity to followers — turn off to stop fan-out of your actions to others' feeds
Show my sightings publicly — turn off so future sightings are visible only to you

We respond to written requests within 30 days (GDPR) or 45 days (CPRA), as required.

6. Location Data

Location features are always opt-in — we do not track your location in the background.

When you report a sighting or check in at a store, the latitude and longitude you submit are stored with that record on our servers so other authenticated users can search for nearby bottles. Coordinates are stored at reduced precision (~111m) — sufficient for "is there a bottle near me" but not for fine-grained tracking.

You can opt out of public visibility of your future sightings via Settings → Privacy & Data → Show my sightings publicly. Past sightings remain visible until they age out per section 4.

7. AI Features (Google Gemini)

The AI Sommelier feature uses Google Gemini to generate personalized whiskey recommendations. It is opt-in — until you accept the disclosure, no data is sent to Google.

When you enable AI Sommelier, the following is sent with each query: your taste preferences (from onboarding), a summary of your collection (bottle names, distilleries, your ratings), and the question you typed.

Google processes this to generate the recommendation and does not retain it beyond the request. See Google's AI Privacy for their commitments.

You can revoke consent at any time via Settings → Privacy & Data → AI Sommelier. Once revoked, no further data is sent to Google.

8. Image Processing (api4ai)

When you scan a bottle label, the image is sent to api4ai for recognition. Images are processed in real-time and not retained by the recognition provider. We don't store the raw image — only the recognized bottle data is saved against your collection.

9. Data Storage and Security

All account data is stored in Supabase (PostgreSQL) with row-level security — only you and the systems acting on your behalf can access your account data.
We use HTTPS for all transit between the app and our servers.
Local data is cached on your device using SQLite for offline access. This local cache is removed when you uninstall the app.
Photos you upload are stored in Supabase Storage with per-user access controls. They're deleted when you delete your account.

10. California Residents (CCPA / CPRA)

If you reside in California, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Do Not Sell or Share My Personal Information

Total Dram does not sell your personal information for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.

You can record this preference at any time via Settings → Privacy & Data → "Do Not Sell or Share My Personal Information". Your preference is logged with a timestamp and will be honored if our practices ever change. (CCPA § 1798.135)

Right to Know

You can request the categories and specific pieces of personal information we have collected about you in the past 12 months. The data export described in section 5 satisfies this right.

Right to Delete

The account deletion described in section 5 satisfies this right.

Right to Correct

Correct user-editable information directly in the app, or request correction of system-generated fields via Settings → Privacy & Data → Request Data Correction. (CPRA § 1798.106)

Right to Limit Use of Sensitive Personal Information

We do not use sensitive personal information (as defined by CPRA § 1798.140(ae)) for purposes other than those reasonably necessary to provide the service. We don't process race, ethnicity, religion, union membership, health, sex life, or genetic data.

Authorized agents and financial incentives

You may designate an authorized agent to make a request on your behalf. We may require verification before responding. We don't offer financial incentives in exchange for personal information.

11. International Users

Total Dram is operated from the United States. By using the app, you consent to your data being processed in the US. If you're in the EU/EEA, UK, or Switzerland, GDPR applies and you can exercise your rights under it (see section 5).

12. Changes to This Policy

We may update this policy. Material changes (changes to what we collect, who receives it, or how long it's kept) will trigger an in-app prompt requiring you to acknowledge the new version before continuing. Cosmetic or clarifying changes will be noted in the version string at the top of this page.

13. Contact

For privacy questions, requests, or to exercise your rights:

Email: privacy@totaldram.app

We respond to verifiable requests within 30 days (GDPR) or 45 days (CPRA).

For data protection authority complaints, EU residents may contact their local supervisory authority. California residents may contact the California Privacy Protection Agency.

← Back to home