Privacy policy

Last updated: 2026-05-21

The short version

WineTone is a research prototype. Every piece of information you enter on this site is public, indexed, and visible to every other visitor — signed in or not.

• Your username is public.
• The wines you label are public.
• The descriptions you write about those wines are public.
• Who you follow is public. Who follows you is public.
• Your fitted personal taste-projection is queryable indirectly by anyone who searches the corpus.

If any of that sounds undesirable, please use a pseudonym (the sign-in banner at the top of every page reminds you of this), and don't enter anything you wouldn't post publicly elsewhere.

What we collect

• Authentication data via Clerk. Your email address, sign-in method (email / Google / GitHub), and the session JWT that authorizes your requests. Clerk's own privacy policy governs how they handle this. See clerk.com/privacy.
• Your application data. Username, wine labels, label descriptions, sentiment markers (positive / negative), fitted projection matrices, follow relationships, and any wines you submit to the catalog via "Add a wine."
• Server logs. HTTP request URLs, timestamps, response codes, and (briefly) the IP your request originated from. Hosted by Hugging Face Spaces with their retention policy.
• Analytics (if enabled): visit counts and browser-language summaries via cookieless web analytics. No identifiers, no fingerprinting.
• Error reports (if enabled): stack traces of server-side exceptions via Sentry, with send_default_pii disabled so request URLs and POST bodies are scrubbed.

What we share

With everyone, all the time. Your labels, descriptions, and follow graph are exposed on every wine's page and on every user's profile page. The wine submissions you make become part of the public catalog. The conversational LLM router on /ask sees your query and may include sample labels from the public corpus when prompting the model.

We do not sell your data to third parties because there is no business model — WineTone is a research demonstration. Your data is already public on the internet via this site.

Your right to be deleted

Sign in, go to your dashboard, scroll to the bottom, click Delete my account permanently. We will:

• Delete the row in users that identifies you.
• Cascade-delete your wine labels, label embeddings, fitted projections, calibration history, and follow relationships (in both directions — you stop following and stop being followed).
• Call Clerk's Backend API to delete your authentication record.
• Email confirmation: none. The deletion is immediate. If the Clerk-side delete fails for any reason we still delete locally — your application data goes regardless.

Wine entries you submitted to the catalog via "Add a wine" remain in the catalog after your account deletion — they become attribution-less catalog entries indistinguishable from pipeline-imported wines. This is intentional: deleting the wine would break recommendations for everyone who has been calibrated against it. If you want a specific wine removed, email me@archisgore.com.

Server logs, analytics aggregates, and error traces are not individually keyed to your username so are not deletable. They contain no personal data beyond the IP from which a request originated, which the hosting providers age out per their own policies.

Cookies

WineTone uses one cookie: __session, set by Clerk on sign-in. It's Secure (HTTPS-only), SameSite-Lax, and contains a short-lived signed JWT that proves you're signed in. Deleting your account removes it; signing out clears it.

We do not show a cookie-consent banner, and here's why: under the EU ePrivacy Directive (and equivalent rules in the UK, California, etc.), consent is required only for cookies that are not strictly necessary for the service the user is requesting. The __session cookie is the mechanism by which we know you're signed in — it's how the "you signed in two minutes ago" state persists across page loads. Without it, you couldn't add labels to your own profile because we'd have no way to know it's you. Under established EU guidance that qualifies as strictly necessary and is exempt from the consent requirement. This determination is documented for our own records — if regulation tightens, we'll revisit it.

We do not use:

• Tracking cookies — no Google Analytics, no Facebook Pixel, no advertising identifiers.
• Persistent profiling cookies beyond the session JWT.
• Third-party cookies set by anyone other than Clerk for the sign-in flow itself.

Analytics (when enabled) use cookieless beacon counters — no identifier persisted on your machine, no fingerprinting.

Children

WineTone is about wine. Don't use it if you're under the legal drinking age in your jurisdiction. We don't verify ages but the no-PII banner is a notice that this isn't a child-appropriate service.

Changes

When this policy changes, the date at the top updates and a note appears in the release notes (in the repo). There's no separate notification — this site is too small for an email list, and that would itself be PII collection.

Contact

Email me@archisgore.com or open an issue at github.com/archisgore/WineTone/issues.