Privacy Policy

Last updated 25 June 2025

1. Introduction

Winetraqr is a web-based platform that lets wineries create and manage QR codes that, when scanned, display nutritional information to consumers. The service is owned and operated worldwide by Beta Acid, Inc., 1425 Broadway, Seattle, WA 98122 USA ("we," "us," "our"). We respect your privacy and are committed to handling personal information in a lawful, transparent, and secure manner.

2. What This Policy Covers

This notice explains how we collect, use, share, and protect personal data when:

a winery or its staff creates a Winetraqr account,

a consumer scans a Winetraqr QR code, or

anyone contacts us or visits our websites.

Because we serve users in the United States, the European Union, Canada, and elsewhere, we comply with the GDPR, CCPA/CPRA, PIPEDA, and other applicable laws.

3. Information We Collect

Information you give us directly

Account-holder details such as name, email address, business name, postal address, tax or VAT number, and a hashed password.

Support or feedback content you choose to send us (emails, chat messages, screenshots).

Information we receive from others

Payment details are handled by Stripe. Stripe provides us only with a token, the last four digits of the card, and billing address so we can reconcile transactions and prevent fraud.

Information collected automatically

When a consumer scans a Winetraqr code, we log (where legally permitted):

IP address and coarse geographic location (city/region).

Device, operating-system, and browser information.

Language settings, referrer URL, and time stamp.

A randomly generated identifier that lets us count scans without identifying the individual.

When account-holders use the dashboard, we collect similar technical data plus usage analytics via Google Analytics and error logs via Sentry.

4. How and Why We Use Personal Data

Provide the service. We need basic account details to create workspaces, authenticate users, and issue invoices.

Display nutrition labels and analytics. Scan data is used to render the correct label and to give wineries aggregated, anonymised statistics.

Process payments. Stripe tokens allow us to charge subscription fees.

Improve and secure the platform. Error logs and analytics tell us what to fix and help detect abuse.

Send product updates or limited marketing. Winery users occasionally receive tips and offers; every message contains an unsubscribe link.

Comply with legal obligations. We keep certain records for accounting, tax, and anti-fraud purposes.

Under the GDPR our main legal grounds are (i) performance of a contract, (ii) legitimate interests that are not overridden by your rights, (iii) compliance with a legal duty, and, where required, (iv) your consent.

5. Sharing Personal Data

We never sell personal information. We disclose it only to trusted service providers that help us run Winetraqr:

Stripe – secure payment processing.

Vercel and AWS – application hosting, content delivery, and backups.

Google Analytics – usage analytics for the winery dashboard (IP anonymised in the EU).

Sentry – error and performance monitoring.

All processors are contractually bound to confidentiality, strong security, and—when EU data moves to the United States—Standard Contractual Clauses or equivalent safeguards.

We may also disclose data if required by law, court order, or to protect the rights, property, or safety of Beta Acid, our users, or others.

6. International Data Transfers

Your information is stored in the data-centre region closest to you, but technical operations sometimes require transfer to the United States. When that happens, we rely on Standard Contractual Clauses, UK addenda, Swiss addenda, and additional encryption to keep the data protected.

7. Data Retention

Active winery account data remains until the account is closed. We delete it within 30 days of closure.

Raw consumer-scan logs stay on live servers for 24 hours and are then aggregated and anonymised.

Encrypted disaster-recovery backups are overwritten on a rolling 30-day cycle. If you request deletion, your record will disappear on the next overwrite.

Financial records and invoices are kept for seven years as required by tax law.

8. Security Measures

TLS 1.2+ for all data in transit and AES-256 for data at rest.

Multi-factor authentication and least-privilege access for staff.

Continuous vulnerability scanning, automated patching, and annual penetration testing.

24 × 7 monitoring via Sentry and AWS GuardDuty.

Despite these controls, no online service can guarantee absolute security, so we urge you to keep passwords safe and contact us immediately if you suspect unauthorised activity.

9. Your Rights

Depending on where you live, you can:

Access the personal data we hold about you.

Correct inaccurate or incomplete information.

Delete your data ("right to be forgotten").

Restrict or object to certain processing.

Receive a portable copy of your data.

Opt-out of marketing messages at any time.

Appoint an authorised agent (California).

Send any request to hi@winetraqr.com. We respond within 30 days (GDPR) or 45 days (CCPA). If you are unhappy with our reply, EU residents may complain to their local data-protection authority.

10. Cookies and Similar Technologies

Essential cookies keep you logged in and secure.

Analytics cookies (Google Analytics) help us understand how winery users navigate the dashboard.

Most browsers let you block or delete cookies, but the platform may not work properly without the essential ones.

11. Children's Privacy

Winetraqr is not directed to anyone under 13 years old, and we do not knowingly collect data about children. If you believe a child has provided us personal information, please contact us so we can delete it.

12. Marketing Communications

We send product updates and occasional promotions only to winery account-holders. Consumers who scan QR codes never receive marketing from us. You can opt out of marketing at any time by clicking the unsubscribe link or emailing us.

13. Changes to This Policy

We may update this notice to reflect legal, technical, or business changes. If we make material changes we will notify account-holders by email and in-app at least 30 days before the new terms take effect.

14. Contact Us

Email: hi@winetraqr.com

Mail: Data Protection Officer, Beta Acid, Inc., 1425 Broadway, Seattle, WA 98122 USA

We value your trust and are committed to protecting your privacy.

Terms & Conditions•Privacy Policy