Privacy Policy
Last updated: 11 June 2026 · TheWineAI
This policy describes how we handle your personal information when you use TheWineAI.
1. Introduction
TheWineAI ("we", "us", "our") operates a wine discovery platform for wine lovers and wine farms in South Africa.
This Privacy Policy explains how we collect, use, store, disclose, transfer, and protect your personal information when you use our website, applications, accounts, recommendations, listings, route planning, events, and related services.
We process personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA), the Electronic Communications and Transactions Act, 2002, and other applicable South African laws.
2. Responsible party
The responsible party for POPIA purposes is TheWineAI. For privacy requests, complaints, corrections, objections, access requests, or deletion requests, contact us using the details at the end of this policy.
3. Age restriction and alcohol-related content
TheWineAI is intended only for persons aged 18 years or older.
Because the Platform relates to wine and alcoholic beverages, we may process age confirmation or age verification information to help prevent access by minors.
We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor, we may delete the information and close the account.
When you register or become a farm owner, we may ask you to confirm separately that you are 18 or older. That checkbox is not inferred from any other information you provide.
4. South African ID and passport numbers
When you create an account or accept a farm owner invitation, we may require your South African ID number or passport number.
We collect this information to verify identity, support farm owner onboarding and permission contracts, prevent fraud and duplicate accounts, and meet our legal and security obligations under POPIA.
ID and passport numbers are encrypted at rest. They are not displayed in full on the Platform after submission and are accessible only to authorised systems and personnel on a need-to-know basis.
We do not use your ID or passport number to determine whether you are 18 or older. Age eligibility is confirmed through your separate age declaration and our age-related controls.
We retain this information while your account is active and for as long as reasonably necessary thereafter for security, audit, dispute resolution, and legal compliance.
5. Information we collect
We may collect the following categories of personal information:
- Account details: name, surname, display name, email address, South African ID number (stored encrypted), password stored in hashed form, login details, account status, role, and age confirmation status
- Profile details: preferences, saved wines, favourite farms, preferred regions, taste profile, onboarding answers, dietary or pairing preferences you choose to provide, and recommendation history
- Farm business details: farm name, contact person, business email address, telephone number, address, location, trading information, opening hours, website, social links, images, listings, wines, tasting options, events, and verification information
- Usage and interaction data: page views, wine views, likes, saves, searches, clicks, route creation, recommendation interactions, event views, and other platform activity
- Route and location data: locations you search for, selected wine farms, route stops, map interactions, approximate location, and geocoding information where route features are used
- User content: reviews, ratings, comments, photographs, profile content, farm descriptions, event descriptions, and other content submitted to the Platform
- Wine label photos: images you submit in the mobile app for wine identification (processed server-side to suggest catalog matches; not stored unless we add storage for that feature later)
- Communication data: emails, support requests, feedback, complaints, survey responses, and correspondence with us
- Marketing preferences: opt-in status, consent records, unsubscribe records, and communication preferences
- Transaction and subscription information: billing status, subscription plan, payment method updates, invoices, and related records processed through our payment provider
- Technical data: IP address, browser type, device information, operating system, referral source, date and time of access, server logs, error logs, security logs, and cookie data
- Security and fraud-prevention data: authentication events, failed login attempts, rate-limiting data, abuse-prevention signals, and audit logs
6. How we collect information
We collect personal information in the following ways:
- Directly from you when you create an account, complete onboarding, manage a profile, submit content, contact us, or use Platform features
- From wine farms or business users when they register, update listings, manage events, or submit business information
- Automatically through cookies, server logs, analytics, security tools, and similar technologies
- From third-party service providers where required to operate features such as hosting, email, maps, geocoding, payments, media storage, analytics, and security
- From publicly available sources where reasonably necessary to verify business listings, farm details, location information, or public-facing wine farm information
7. How we use your information
We use personal information to:
- Create, manage, secure, and maintain user accounts
- Verify age confirmation and restrict access to alcohol-related content where required
- Provide personalised wine recommendations, farm suggestions, taste profiles, pairing suggestions, and route planning
- Display farm profiles, wine listings, tasting options, events, maps, media, and related content
- Verify farm registrations and administer business listings
- Moderate reviews, ratings, listings, photographs, events, and user-generated content
- Send transactional emails, including account verification, password reset, security alerts, service notices, and support responses
- Send marketing communications where permitted by law or where you have consented
- Improve recommendation quality, search results, user experience, performance, and Platform functionality
- Monitor usage, detect errors, troubleshoot issues, and maintain technical stability
- Protect the Platform, users, farms, and our systems against abuse, fraud, spam, scraping, unauthorised access, and security incidents
- Administer farm subscriptions, billing, invoices, and payment status
- Comply with legal obligations, enforce agreements, resolve disputes, and protect our rights
8. Legal basis under POPIA
We process personal information where you have consented, where processing is necessary to perform a contract with you, where processing is required by law, where processing protects a legitimate interest of you or another person, or where we have a legitimate interest that is not overridden by your rights.
Examples of legitimate interests include platform security, fraud prevention, service improvement, business administration, analytics, recommendation quality, and enforcing our terms.
You may withdraw consent where processing is based on consent, but withdrawal will not affect processing that occurred before withdrawal or processing that is otherwise permitted by law.
9. Automated recommendations and AI processing
TheWineAI may use automated systems, algorithms, and artificial intelligence technologies to generate wine recommendations, farm suggestions, tasting notes, pairing ideas, rankings, search results, and route suggestions.
In the mobile app, wine label photos you submit may be analysed by a vision model on our servers to extract producer and wine names and match them against our catalog. Those images are processed for identification and are not retained for advertising purposes.
Automated recommendations are based on information such as taste preferences, interactions, wine attributes, farm information, location, and availability data.
Recommendations are provided for discovery and informational purposes only. They may be incomplete, inaccurate, outdated, or unsuitable for your personal circumstances.
We do not use automated recommendations to make legally binding decisions about you.
11. Public farm and listing information
Information submitted for public farm profiles, wine listings, events, images, routes, or promotional pages may be displayed publicly on the Platform.
Farm users must ensure that any personal information, images, logos, trademarks, addresses, contact details, employee details, and third-party content they submit may lawfully be published.
12. International data transfers
Some of our service providers may process or store personal information outside South Africa.
Where personal information is transferred outside South Africa, we take reasonable steps to ensure that the recipient is subject to appropriate safeguards, contractual obligations, binding corporate rules, or laws that provide adequate protection for personal information as required by POPIA.
13. Marketing communications
We may send marketing communications about wine farms, events, recommendations, offers, Platform features, promotions, and related content where permitted by law or where you have consented.
You can opt out of marketing communications at any time by using the unsubscribe link in the message or by contacting us.
Even if you opt out of marketing, we may still send transactional, security, legal, or account-related communications.
15. Security
We use reasonable technical and organisational measures to protect personal information, including HTTPS, hashed passwords, encryption of ID and passport numbers at rest, access controls, environment-based secrets management, restricted administrative access, logging, backups where applicable, and security monitoring.
No method of transmission or storage over the Internet is completely secure. We cannot guarantee absolute security.
You are responsible for keeping your login credentials confidential and for using a secure password.
16. Security breaches
If we become aware of a security compromise affecting personal information and notification is required by law, we will notify affected individuals and the Information Regulator where required.
We may also take steps such as password resets, account restrictions, service notices, system changes, or other remedial actions where appropriate.
17. Retention
We retain personal information for as long as reasonably necessary to provide the Platform, maintain your account, comply with legal obligations, resolve disputes, prevent abuse, enforce agreements, and protect our rights.
Account information is generally retained while your account is active. After account deletion, we may retain limited information where required for legal, tax, audit, security, fraud-prevention, dispute-resolution, or legitimate business purposes.
User content that has been published publicly may remain visible where removal is not technically practical or where continued retention is permitted by law.
Interaction events may be retained in aggregated, de-identified, or anonymised form for analytics, recommendation improvement, and business reporting.
18. Account deletion and correction
You may request correction or deletion of your personal information by contacting us.
Deletion may not be immediate where information is stored in backups, logs, audit records, legal records, invoices, security records, or where retention is required or permitted by law.
If you are a farm user, deletion of your account may affect public listings, event pages, subscription status, and access to business features.
19. Your rights
Under POPIA, you may have the right to:
- Request access to personal information we hold about you
- Request correction of inaccurate, irrelevant, excessive, outdated, incomplete, misleading, or unlawfully obtained information
- Object to processing in certain circumstances
- Withdraw consent where processing is based on consent
- Request deletion or destruction of personal information, subject to legal retention requirements
- Request information about third parties with whom your personal information has been shared
- Object to direct marketing
- Request that we stop processing personal information where permitted by law
- Lodge a complaint with the Information Regulator of South Africa
20. Children
TheWineAI is intended for users aged 18 and over only.
We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so that we can investigate and take appropriate action.
21. Third-party links and services
The Platform may link to wine farms, event organisers, payment providers, maps, social media platforms, booking platforms, or other third-party websites and services.
We are not responsible for the privacy practices, content, security, or terms of third-party websites or services.
22. Changes
We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we do.
Material changes may be communicated through the Platform, by email, or by other reasonable means.
Continued use of the Platform after changes become effective constitutes acceptance of the updated policy.
23. Contact
For privacy questions, POPIA requests, complaints, corrections, objections, deletion requests, or access requests, email us at the address shown on this page.
You may also lodge a complaint with the Information Regulator of South Africa if you believe your personal information has been processed unlawfully.