Effective Date: 26.03.2026
1. Controller
Responsible for data processing:
OhMyCellar! GbR
Hauptstr. 17, 10827 Berlin
Email: info@ohmycellar.com
2. Overview
We process personal data in accordance with the General Data Protection Regulation (GDPR).
This Privacy Policy explains what data we collect, how we use it, and your rights.
3. Our Privacy Approach
We aim to collect and process as little personal data as possible.
- We only collect data necessary to operate the Service
- We do not sell your data
- We currently do not use third-party analytics or tracking tools
- Your data is used only to provide and improve the Service
4. Data We Process
4.1 Account Data
- Email address
- Password (hashed)
- Subscription status
Purpose: account management
Legal basis: Art. 6(1)(b) GDPR
4.2 Usage Data
- Wine entries, notes, and labels
- Import data (e.g. CSV uploads)
Purpose: providing the Service
Legal basis: Art. 6(1)(b) GDPR
4.3 AI Processing
We may process user-provided data (e.g. wine data, images, text input) using AI services to generate insights.
- Processing is limited to providing requested functionality
- We do not use your data to train publicly available AI models
Legal basis: Art. 6(1)(b) GDPR
4.4 Payments
Payments are processed by Stripe. We do not store full payment details.
We receive limited information necessary to manage subscriptions, such as:
- customer ID
- subscription status
Legal basis: Art. 6(1)(b) GDPR
4.5 Technical Data
We process minimal technical data:
- IP address
- browser information
- timestamps
Purpose: security and operation of the Service
Legal basis: Art. 6(1)(f) GDPR
5. Data Retention
Account data is deleted upon request.
After deletion, data may be retained for up to 90 days in backups or for technical reasons, after which it is permanently deleted.
Data required for legal obligations (e.g. billing or tax) may be retained for longer as required by law.
6. Data Sharing
We only share data where necessary:
- payment provider (Stripe)
- hosting providers
- AI providers (for requested features)
We do not sell personal data.
7. International Transfers
Some providers may process data outside the EU.
Appropriate safeguards are in place.
8. Your Rights
You have the right to:
- access your data
- correct your data
- delete your data
- restrict processing
- data portability
- object to processing
You may also lodge a complaint with a supervisory authority.
9. Security
We use appropriate technical measures, including encrypted connections and secure storage.
10. Changes
We may update this Privacy Policy. Continued use of the Service constitutes acceptance.