Privacy Policy — WineMaker

App: WineMaker (Android — package com.winemaker.app)
Last updated: March 28, 2026

Version française · Subscription · Account deletion

1. Introduction

This policy describes how WineMaker (“the app”) processes personal data when you use it.

Data controller:
Tommy Gélinas

Privacy contact:
tgelinas@concepts3dg.com

By using the app, you agree to the practices below where required by law and subject to your choices (account, permissions, system settings).

2. Data we collect and how

2.1 Account and sign-in

• Email and password sign-in: email address and account identifiers are handled by Google Firebase Authentication.
• Sign in with Google: Google account identifier, name, and email address as provided by Google under the “Sign in with Google” flow, in line with Google’s Privacy Policy.

2.2 Information you enter in the app

Depending on platform and subscription (see §2.11), data you save (recipes, production, inventory, calendar, profile, marketplace where applicable) is handled as follows:

• Web: stored in Cloud Firestore under your account (Firebase UID) and marketplace rules.
• Mobile app:
  • Active “cloud sync” subscription (Google Play, where offered): personal winemaking data in Firestore for backup and sync.
  • No active cloud subscription: that personal data in local SQLite only; marketplace content may remain in Firestore when you publish or interact.

Marketplace publishing on mobile may require an active subscription, depending on version and region.

2.3 Notifications

• Local notifications (production / calendar reminders): scheduled on your device; reminder content depends on data you entered.
• Push notifications (Firebase Cloud Messaging): on mobile, a device token may be stored on your profile document in Firestore when cloud sync is active (subscription), for delivery via Google’s servers if you grant permissions. Without cloud sync, the token is generally not kept in Firestore this way.

2.4 Ads (Google AdMob)

If ads are shown (unless you have purchased a “remove ads” option where available), Google may process ad-related data, including an advertising ID and technical or interaction data, under Google’s / AdMob policies and your device and Google account ad settings.

2.5 In-app purchases and subscriptions (Google Play)

Purchases and subscriptions use Google Play Billing; Google handles payment, billing, and lifecycle. We do not receive full card details; the app receives entitlement status to enable cloud sync, ad removal where applicable, etc. See §2.11.

2.6 Security and integrity (Firebase App Check)

The app may use Firebase App Check to reduce abuse and protect Google backends tied to the project.

2.7 Voice dictation

If you use voice dictation, audio or transcription may be processed by the device’s speech recognition services (e.g. Google on Android, Apple on iOS), depending on your device and settings. That processing is governed by the OS vendor and, where applicable, Google or Apple.

2.8 Data stored only on your device

Besides SQLite for winemaking data without cloud sync (or after local migration — §2.11), preferences (theme, reminders) use SharedPreferences, not synced unless stated.

2.9 Analytics (Firebase Analytics)

The app uses Google Analytics for Firebase for aggregated usage statistics (screen flows where routes are named, optional custom events, etc.). An Analytics user identifier may be linked to your Firebase UID (a technical ID, not your email). Google processes this data under its Privacy Policy. You can adjust personalized ads and related controls in your device and Google account settings.

2.10 Crash reporting (Firebase Crashlytics)

The app uses Firebase Crashlytics (Google) to receive crash reports and some unhandled errors on Android and iOS to improve stability. Reports may include stack traces, device type, app version, and, if you are signed in, the same technical user ID (Firebase UID) as for Analytics. In development builds, sending to Crashlytics is usually turned off to reduce noise. Google processes this data under its privacy policy. Declare Crashlytics in Google Play’s Data safety form (often under “diagnostics” / “crash logs”).

2.11 Subscription policy (Google Play)

Supplements §2.2, §2.4, and §2.5 for paid offers on Google Play.

• Payment contract: with Google under Google Play Terms and the offer shown at purchase. WineMaker unlocks features when Play reports a valid entitlement.
• Access period: if you cancel auto-renew, you typically keep access until the end of the paid period (Google’s billing rules). The app relies on Play for subscription state.
• End of “cloud sync” subscription: the app may copy personal winemaking data from Firestore to local SQLite, then delete those documents from Firestore, while keeping your account. This is not account deletion (§9).
• Refunds: Google Play policy and tools; we do not process card refunds directly.
• Product support: email in section 1.

3. Purposes of processing

We use data to:

• create and manage your account;
• provide WineMaker features (winemaking tracking, calendar, inventory, marketplace, etc.);
• sync your data across devices via the cloud;
• deliver local notifications and, where applicable, push notifications;
• measure audience and app usage (Firebase Analytics, via Google);
• diagnose crashes and errors to fix the app (Firebase Crashlytics, via Google);
• show ads and measure ad performance (via Google), except where disabled by purchase or applicable settings;
• process in-app purchases and subscriptions through Google Play and apply entitlements (cloud sync, ads, etc.);
• maintain security, prevent fraud, and meet legal obligations.

4. Legal bases (including GDPR / UK GDPR)

Depending on the situation:

• Contract or pre-contract steps: providing the service when you create an account and use cloud-synced features.
• Legitimate interests: security, abuse prevention, and service improvement consistent with your rights.
• Consent: where required by law (e.g. certain notifications; web equivalents if a browser version exists; personalized ads per local rules).
• Legal obligation: where the law requires us to process data.

5. Recipients and processors

Data hosted in Firebase / Google Cloud is processed by Google Ireland Limited (or another Google entity depending on your region) as a processor or separate controller for specific services—see Google’s documentation.

Google Play, Google Payments, and AdMob also process data as controllers or joint controllers under their own policies.

We do not sell your personal data in the usual sense of “data sales.”

6. Transfers outside the European Economic Area

Google may process data in countries outside the EEA using safeguards allowed under applicable law (standard contractual clauses, adequacy decisions, etc.). See Google’s Privacy Policy.

7. Retention

• Account and Firestore data: while the account is active. Personal winemaking data in Firestore on mobile mainly while cloud sync is active; it may be removed from Firestore after subscription ends (local copy first — §2.11). Account deletion: §9.
• FCM tokens: updated or removed on sign-out or device change, per how the app works.
• Ad-related data: per Google’s retention and your settings.

8. Security

We use reasonable technical and organizational measures (authentication, server-side access rules, encryption in transit via HTTPS/TLS for Google services, etc.). No system is risk-free.

9. Your rights

Where GDPR, UK GDPR, or similar laws apply, you may have rights of access, rectification, erasure, restriction, objection, portability, and to withdraw consent where consent is the legal basis.

To exercise your rights: contact us at the email in section 1. You may also lodge a complaint with your local data protection authority (e.g. CNIL in France, www.cnil.fr; ICO in the UK, ico.org.uk).

Account deletion: In the Android app, open Settings → Account and data → Delete account and data. This permanently deletes your Firebase Authentication account, your profile document in Firestore, recipes, production batches, inventory, and calendar events in Firestore, marketplace evaluations and replies tied to your account, local SQLite copies of those user documents, cancels local production reminders, and removes the push token from your Firestore profile when applicable. Firebase may ask you to reconfirm with password or Google. Not the same as canceling a subscription (§2.11). The web app does not offer this flow—email us (section 1). See account deletion.

10. Children

WineMaker is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe your child has provided data, contact us so we can delete it.

11. Changes

We may update this policy to reflect app or legal changes. The “Last updated” date at the top will be revised. For material changes, we may notify you in-app or by email when possible.

12. Useful links

• Google Privacy Policy
• Google Play Terms of Service
• Google Play Help — Subscriptions
• Firebase / Google Cloud privacy

This document is provided to support compliance efforts. It is not legal advice. Have it reviewed by a qualified professional if you operate in highly regulated sectors.