Privacy Policy
Your data, your palate.
Last updated: June 12, 2026
Palatora ("we", "us", "our") is committed to protecting your privacy. The Service is intended only for individuals located in the United States, is not directed to individuals outside the United States, and by using the Service you represent that you are located in the United States.
1. Scope
This Privacy Policy applies to personal information we collect from users of our services in the United States. The Service is intended exclusively for users who are 21 years of age or older.
2. Data We Collect
We collect the following categories of personal information from you and about you:
- —Account data: email address, age verification, username, and password. Your phone number is optional — you can add it at any time to let friends find you (see "Contacts and Friend Discovery"); we never share or sell it.
- —Wine preference and tasting data: wine tastes, reviews, ratings, and generated palate profiles.
- —Household guest palates: if someone at your table takes the taste quiz on your phone, the first name and taste answers you enter for them are stored under your account and used only to match wines for your table. You can rename or remove a guest's palate at any time from the "Tasting for" row, and guests can ask you to remove theirs.
- —Profile and demographic data: information you voluntarily provide in your profile, such as zip code, typical wine budget, and pronouns.
- —Device identifiers: IP address, device type, operating system, browser type, RAM, and screen resolution.
- —Usage and behavioral data: pages viewed, time spent, navigation paths, and feature interactions.
- —Photos and images: user-uploaded photos of wine labels, bottles, or other content, and associated metadata.
- —Approximate location: the zip code you optionally provide in your profile. We do not collect precise GPS location.
- —Communications data: messages or feedback you send us.
- —Contacts data (optional): if you choose to find friends from your contacts, the phone numbers in your device's address book. As described in "Contacts and Friend Discovery" below, these are hashed on your device and are never stored on our servers.
3. Contacts and Friend Discovery
Palatora offers an optional feature to help you find friends who already use the app by matching against your phone contacts. This feature is entirely optional and runs only when you tap "Find friends from your contacts" and grant the contacts permission.
When you use it, the phone numbers in your contacts are converted into irreversible cryptographic hashes (SHA-256) on your device. Only these hashes — never your contacts' actual phone numbers, names, or other details — are sent to our servers, solely to check for matches against existing Palatora members. We do not retain your contacts or the hashes after the match is performed, and we never sell or share your contacts data with third parties. Your contacts' information is used only to show you which of them are already on Palatora.
4. Aggregated & Pseudonymized Data
We may use and commercialize aggregated and pseudonymized data derived from user activity. This is the sole manner in which Palatora monetizes user data.
IMPORTANT: This data does not directly identify individuals. We implement safeguards to prevent re-identification and contractually prohibit re-identification by partners. We do NOT sell identifiable personal data.
5. Data Sharing
We share personal data only in the circumstances described below. We do not sell identifiable personal data to third parties.
- —AI Processing: Palatora's recommendations are generated by third-party AI model providers (currently Anthropic's Claude). When you request a wine match, menu analysis, or label scan, the data needed to produce it — your taste profile, your tasting notes, and any label or menu photo you submit — is processed by the AI provider on our behalf. In group matches, the taste summaries of the members of your group are included so the AI can find a wine the whole table will enjoy. This data is not used by the AI provider to train its models. We ask for your explicit consent to this processing before you first use the Service, and your phone number, contacts, and email address are never shared with AI providers.
- —Service Providers: Third parties that provide services on our behalf under contract, including hosting, information technology, customer support, email delivery, and website analytics.
- —Analytics Partners: Third-party analytics providers that help us understand how our Service is used, under contractual restrictions that prohibit re-identification.
- —Aggregated Data Recipients: Business partners who receive only aggregated and pseudonymized data for market research and industry analysis.
- —Business Transferees: We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in or financings of Palatora, public stock offerings, or the sale, transfer, or merger of all or part of our business, assets, or shares). In such cases, we will require the recipient to honor this Privacy Policy.
- —Authorities and Others: Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate to comply with applicable law, legal process, or governmental requests; to enforce our Terms of Service; or to protect the rights, property, or safety of Palatora, our users, or others.
- —Other Users: Parts of your profile and activity (such as your display name, the wines you log, and your palate) are visible to friends you have accepted into your circle, subject to your visibility settings. Nothing you do in the app is public to people outside your accepted friends.
6. User Rights
You have the following rights with respect to your personal data. To exercise any of these rights, you may use the in-app settings or contact us at privacy@palatorawines.com. We will verify your identity before processing your request.
- —Access: You may review and update certain account information by navigating to your Profile page in the app.
- —Correction: You may correct inaccuracies in your profile directly in the app on your Profile page.
- —Deletion: You may delete your account and personal data from your Profile page using the "Delete Account" button, or by emailing privacy@palatorawines.com.
- —Withdraw Consent: You may opt out of marketing emails by following the unsubscribe instructions at the bottom of any marketing email. You may remove the optional zip code from your profile at any time.
- —Opt-Out of Data Sale (CCPA): We do not sell identifiable personal data. If this practice changes, we will update this Policy and provide a Do Not Sell My Personal Information mechanism.
Response Timelines: We will respond to verifiable consumer requests within the time required by applicable law. If we require additional time where permitted, we will inform you of the reason and extension period in writing.
Do Not Track: We currently do not respond to "Do Not Track" or similar signals. If our practices change, we will update this Policy accordingly.
7. Data Retention
We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable law. The following specific retention periods apply:
- —Account data: retained for the life of your account and deleted within 30 days of account deletion.
- —Wine preference and tasting data: retained for the life of your account; anonymized within 30 days of account deletion.
- —Device and usage data: retained for up to 24 months from collection, then deleted or anonymized.
- —Photos and images: retained for the life of your account and deleted within 30 days of account deletion.
- —Aggregated and anonymized data: may be retained indefinitely for research and business purposes, as it cannot be used to identify individuals.
- —Contacts data: not retained — the on-device hashes are used only to perform the match and are discarded immediately afterward.
Upon account deletion, identifiers are removed within 30 days. Remaining data is anonymized and may be retained indefinitely for research and business purposes.
8. Security
We implement industry-standard security measures to protect your personal data, including encryption in transit and at rest, access controls, and monitoring and logging. However, no method of transmission over the internet or method of electronic storage is 100% secure.
9. Updates to This Policy
We reserve the right to change this Privacy Policy at any time. We will notify users of material changes by placing a notice on our site, sending an email to the address associated with your account, or via in-app notification. The effective date of the current version is stated at the top of this Policy. Continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy.