Privacy Policy
Last updated: March 2026
VINEA Wine Academy ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the VINEA Service, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.
1. Data Controller
VINEA Wine Academy is the data controller responsible for your personal data. You can contact us at: privacy@vinea.academy
2. Data We Collect
We collect the following categories of personal data: (a) Account data: your email address, provided when you register via magic link; (b) Profile data: your display name and profile photo, if you choose to provide them; (c) Progress data: your learning progress, exam results, XP points, and completed lessons; (d) Usage data: information about how you interact with the Service; (e) Technical data: IP address, browser type, device information, and cookies.
3. How We Use Your Data
We use your personal data to: (a) provide, maintain, and improve the Service; (b) personalise your learning experience and track your progress; (c) send you authentication emails and important service notifications; (d) analyse usage patterns to improve our content and features; (e) comply with legal obligations.
4. Legal Basis for Processing
Under GDPR, we rely on the following legal bases: (a) Contract performance (Article 6(1)(b)): processing necessary to provide you with the Service; (b) Legitimate interests (Article 6(1)(f)): analytics and service improvement; (c) Consent (Article 6(1)(a)): for optional profile data and non-essential cookies, where applicable.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where retention is required for legal compliance. Anonymised usage data may be retained indefinitely.
6. Third-Party Services
We use the following third-party processors: (a) Supabase: authentication, database, and file storage — EU servers; (b) Vercel: web hosting and content delivery; (c) Resend: transactional email delivery. Each processor is bound by a Data Processing Agreement and GDPR-compliant practices.
7. International Transfers
Some third-party processors may transfer data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Your Rights
Under GDPR, you have the right to: (a) access your personal data; (b) rectify inaccurate data; (c) request erasure ("right to be forgotten"); (d) restrict processing; (e) data portability; (f) object to processing. To exercise any right, contact us at privacy@vinea.academy. We will respond within 30 days.
9. Cookies
We use essential cookies to maintain your authentication session and preferences. We do not use advertising or tracking cookies. You can control cookies through your browser settings; however, disabling essential cookies may affect Service functionality.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. All data is transmitted over HTTPS and stored with encryption at rest.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice within the Service.
12. Contact & Complaints
For privacy questions or to exercise your rights, contact us at: privacy@vinea.academy. You also have the right to lodge a complaint with your national data protection authority (e.g., AEPD in Spain, ICO in the UK, or CNIL in France).