Privacy Policy

Last updated: May 15, 2026

Vintages Releases ("we", "us") is an independent service that helps wine enthusiasts discover and compare LCBO Vintages releases. This policy explains what data we collect, why we collect it, and the choices you have.

Information we collect

Account information

When you sign up, we collect your email address and a hashed password. If you sign in with Google, we store your name and email from your Google account. We never see your Google password.

Subscription information

Payments are processed by Stripe. We store your Stripe customer and subscription identifiers so we can grant access to paid features and manage your billing, but we do not store your full card number, CVV, or billing address — that data lives with Stripe under their privacy policy.

Activity within the service

We store the wines you wishlist, the smart alerts and notification preferences you configure, and any data reports you submit. This information is tied to your account so we can render your personalised views.

Analytics and error monitoring

We use Umami for privacy-friendly analytics. Umami records aggregate page views without cookies and without identifying individual visitors. We use Sentry to capture application errors so we can fix them; Sentry receives your user ID, IP address, and a stack trace when an error occurs.

Server logs

Our web servers log standard request metadata (URL, IP address, user agent, timestamp, request ID) for security, debugging, and abuse prevention. Logs are retained for a rolling 30-day window.

How we use your information

  • To create and authenticate your account.
  • To provide and personalise the features of the service.
  • To process subscription payments and manage your plan.
  • To send transactional emails (release notifications, smart alerts, account messages) you have opted in to.
  • To debug, monitor, and improve the service.
  • To comply with legal obligations and enforce our Terms of Service.

How we share your information

We do not sell your personal information. We share data only with the service providers we need to operate the product:

  • Stripe — payment processing.
  • Google — if you choose to sign in with Google.
  • Umami — aggregate, anonymous analytics.
  • Sentry — error monitoring.
  • Our email delivery provider — sending transactional email.

We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of our users or the public.

Data retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal information from our active systems within 30 days, except where we are required to retain it for tax, accounting, or legal reasons (typically up to seven years for billing records).

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise any of these rights, use our privacy & legal contact form (no account needed). We will respond within 30 days.

Security

We protect your data with industry-standard safeguards: TLS for all connections, password hashing with bcrypt, encrypted backups, and least-privilege access controls. No system is perfectly secure, however, so we encourage you to use a strong, unique password.

Hosting and international transfers

Our application servers are hosted in Canada. Some of our service providers (Stripe, Google, Sentry, Umami) may process data in the United States or Europe. By using the service, you consent to this transfer.

Children

The service is intended for users of legal drinking age in their jurisdiction (19+ in Ontario). We do not knowingly collect information from anyone under that age. If you believe a minor has provided us with personal data, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or by a prominent notice within the service before they take effect. The "Last updated" date at the top of this page always reflects the most recent revision.

Contact

Questions about this policy? Use our privacy & legal contact form (no account needed).