Privacy Policy
Last updated 2026-06-29
This policy explains what personal data Cellary collects, why, and what rights you have. We only collect what we need to run and improve the service.
Who is responsible for your data
The data controller is the operator of Cellary (cellary.io). You can reach us at hej@cellary.io for anything relating to your data.
What data we collect
- Account data: your email and name when you create an account (via our authentication provider).
- Your content: wines you log, ratings, tastings, your cellar and your taste profile.
- Billing status: your plan and subscription status (card details are handled by Stripe — we never store them).
- Email sign-ups and partnership inquiries you submit yourself.
- Technical data: basic logging (e.g. error events) and, with your consent, usage analytics.
Why we process it (legal basis)
- To provide the service and your account — performance of a contract.
- To send newsletters and wine insights — your consent, which you can withdraw at any time.
- For analytics and improvement — your consent (analytics cookies) or our legitimate interest.
- For security, operations and debugging — legitimate interest.
- For payments — performance of a contract and legal obligation (accounting).
Cookies and analytics
We use necessary cookies for the app to work (e.g. login). Analytics (Google Analytics) only loads after you choose “Accept all” in the consent banner. If you choose “Necessary only”, no analytics runs.
Who we share data with
We never sell your data. We use selected sub-processors that process data on our behalf:
- Supabase – database and authentication.
- Vercel – hosting and operations.
- Stripe – payments and subscriptions.
- Resend – sending email.
- Google Analytics – usage analytics (only with your consent).
- Axiom – technical logging.
How long we keep it
Account data and content are kept for as long as you have an account. Subscribers are kept until they unsubscribe. Technical logs are kept for a limited time. Accounting records are kept as long as the law requires.
Your rights
Under the GDPR you have the right to request access to, rectification or erasure of your data, to object to or restrict processing, to data portability, and to withdraw consent. Contact us at hej@cellary.io. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
Security
We protect your data with technical and organisational measures, including encrypted transfer and access controls. No system is entirely risk-free, but we work actively to keep your data safe.
Changes and contact
We may update this policy as the service evolves. We'll announce material changes in the app or by email. Questions? Email hej@cellary.io.