Legal
Vitola — Privacy Policy
Vitola is an adults-only (21+, attested in-app) reference, tasting-journal and pairing companion for people who already enjoy cigars and their spirit/coffee companions. This policy explains exactly what we collect, why, who we share it with, how long we keep it, and the rights you have. It is written to be specific to how the app actually works — not a generic template.
We (the “operator”) run our own self-hosted backend (Supabase — Postgres, Auth and Storage — plus an AI proxy and a webhooks service). We also use Google’s Firebase services for analytics, crash reporting and push notifications (see §1). We are the data controller for the data described below.
1. What we collect and why
Account (required to sign in)
- Email address and a password — created through Supabase Auth (GoTrue). Your password is stored only as a salted hash by the auth service; we never see or store it in plaintext.
- User ID (a random UUID) that links your data together.
Purpose: to create and secure your account. Legal basis: performance of a contract.
Social sign-in (optional)
Instead of a password you can sign in with Apple or Google:
- Sign in with Apple shares your name and email address — or, if you choose “Hide My Email”, an Apple private relay address — which we use to create your account.
- Sign in with Google shares your name, email address and profile picture (avatar).
We receive only this basic identity data from the provider; we never see your Apple or Google password. Purpose: account creation and sign-in. Legal basis: performance of a contract.
Profile & preferences
- Display name (optional), experience level, 21+ adult attestation
(
is_adult), onboarding status, subscription tier (mirrored from the store — see §3), and a coarse region (ISO country from your storefront / device) used to filter which products are shown. - AI consent flag and timestamp (
ai_consent,ai_consent_at) — recorded only if and when you grant AI consent (see §2).
Purpose: to run the age gate, personalise the catalogue, and honour your AI choice. Legal basis: contract; legal obligation (age restriction); consent (AI).
Taste profile, collection, journal, wishlist
- Taste profile: preferred body, flavour preferences, drink companions.
- Collection: items you add (a catalogue reference or a custom name, quantity, acquired/resting dates, your notes).
- Journal: your tasting entries (the cigar and its pairing, a 1–5 rating, notes, detected flavours, and any photos you attach) with timestamps.
- Wishlist: products you save.
Purpose: to provide the core journal + pairing features. Legal basis: contract (consent for optional photos). Photos you attach are stored in our self-hosted Supabase Storage.
Reviews & community (UGC)
- Reviews you post (a rating and optional text — one per product), reports you file on other reviews, and users you block.
Purpose: to power product reviews and to keep the community safe. Legal basis: contract; legitimate interest and legal obligation (moderation of user content).
AI Sommelier (only after you consent)
- Conversation history (your messages and the AI’s replies) and daily usage counters. These are created only once you grant AI consent and use the feature, and only for subscribers.
Purpose: to provide the AI sommelier and to enforce fair-use limits. Legal basis: consent.
Purchases & entitlement
- Your subscription tier / entitlement status and purchase history (auto-renewing subscriptions and consumable AI message packs). Payments are processed by the App Store / Google Play; neither we nor our billing processor receive your card number or full payment details. RevenueCat manages the purchases and reports the resulting purchase history and entitlement, which we process server-side and mirror onto your profile.
Purpose: to unlock paid features and restore purchases. Legal basis: contract.
Technical / device data
- Standard connection metadata (IP address, request timestamps) inherent to any request to our backend, handled by the self-hosted server.
- Push notifications (FCM): if — and only if — you grant the notification permission, the app registers a Firebase Cloud Messaging (FCM) push token (processed by Google LLC) so notifications can be delivered to your device. If you never grant the permission, no push token is created. Reminders may also be scheduled locally on your device.
Analytics & crash reporting (Firebase, Google LLC)
- Firebase Analytics collects product-interaction events (e.g. screens viewed, features used) tied to a random app instance ID so we can understand how the app is used and improve it. You can turn analytics off at any time with the analytics opt-out toggle in Settings (it is on by default); opting out stops analytics collection on your device.
- Firebase Crashlytics collects crash logs and diagnostics (stack traces, device model, OS version) so we can find and fix crashes.
- The app ships no third-party advertising SDKs, performs no ad tracking, and does not collect the platform Advertising ID.
2. The AI Sommelier and the third-party AI provider
The AI Sommelier is off until you explicitly consent (App Store Guideline 5.1.2). Before your first AI message the app shows a consent screen that discloses what is shared, with whom, and why; the chat is unreachable until you agree, and you can revoke consent at any time in Settings.
When you use the feature, the app sends your message to our AI proxy, which forwards it to Google Gemini to generate a reply. To ground answers in your own palate, relevant context from your own collection and taste profile (which already lives in your account) may be added server-side by the proxy. Your data is not used for advertising. Google processes this data under its API terms and may process it outside your country. If you decline or later revoke consent, no messages are sent to the AI provider.
Your pairing recommendations outside the AI feature are computed on your device by a local engine — no data leaves the app for ordinary pairings.
3. Who we share data with
| Recipient | What they receive | When |
|---|---|---|
| Self-hosted Supabase (our own servers) | All account, profile, collection, journal, review, and AI-history data above | Always — this is our backend |
| Google LLC (Firebase) | Analytics events + app instance ID (unless you opt out in Settings); crash logs + device model/OS; FCM push token (only if you enable notifications) | While you use the app |
| Google Gemini (via our AI proxy) | Your AI chat message + relevant collection/taste context | Only after AI consent, for subscribers |
| RevenueCat | An app user identifier + purchase history / entitlement info | When you subscribe or buy a message pack |
| Apple App Store / Google Play | The payment itself | When you subscribe or buy a message pack |
We do not sell your data and do not share it with advertising networks.
4. Retention
We keep your data while your account is active. When you delete your account (§5), a real server-side cascade removes your rows from every user-owned table and your auth record. AI daily-usage counters are keyed by day and removed with your account. Backups, where they exist, age out on the operator’s normal cycle.
5. Your rights and choices
- Access / rectification — view and edit your profile, collection and journal in the app.
- Export — Settings → “Export my data” produces a JSON bundle of your collection, journal and taste profile that you can copy/share. (To obtain a copy of your reviews or AI conversation history, contact us — see §7.)
- Erasure — Settings → “Delete account” performs a type-to-confirm, real server-side deletion (App Store Guideline 5.1.1(v)) and then wipes the local copy. This is permanent.
- Withdraw AI consent — Settings → toggle AI consent off at any time.
- Opt out of analytics — Settings → toggle analytics off at any time (on by default); this stops Firebase Analytics collection on your device.
- Object / restrict — contact us.
Depending on where you live, these rights arise under the GDPR and, for users in Türkiye, the KVKK; residents of other regions may have comparable rights.
6. Children / age restriction
Vitola is strictly for adults (21+) and requires an in-app 21+ attestation before use. It is not directed to, and we do not knowingly collect data from, anyone under 21. If you believe a minor has created an account, contact us and we will delete it.
7. Contact & region
- Privacy contact: privacy@vitola.my (general support: support@vitola.my)
- Operator / data controller: the Vitola developer, an individual based in Istanbul, Türkiye.
- International transfers: because Google (the AI provider, and the processor behind Firebase analytics/crash/push) may process data outside your region, using the app may involve an international transfer; we rely on your consent (AI) and the provider’s contractual safeguards.
If we make material changes to this policy we will update the “Last updated” date and, where appropriate, notify you in the app.