1. Information We Collect
We collect the following types of information:
- Account information: Email address, name, and authentication credentials managed by our identity provider (Clerk).
- Wine collection data: Wine details, tasting notes, bottle inventory, storage locations, and purchase information you provide.
- Usage data: Feature usage, AI interaction history, and session information to improve the Service.
- Third-party credentials: If you connect CellarTracker or other integrations, those credentials are encrypted at rest using industry-standard encryption (Fernet/AES).
2. How We Use Your Information
- To provide and maintain the Service, including AI-generated content
- To process your wine data through AI models for tasting notes, recommendations, and analysis
- To send transactional emails (welcome, drinking window alerts, account updates)
- To improve the Service and develop new features
- To enforce our Terms of Service and protect against misuse
3. AI Data Processing
Your wine collection data is sent to Anthropic's Claude AI models to generate tasting notes, drinking windows, valuations, food pairings, and conversational responses. This data is processed under Anthropic's data usage policies, which do not use API inputs for model training. We do not share your personal information with AI providers — only wine-related data necessary for generating content.
4. Data Storage and Security
- All data is stored in PostgreSQL databases with row-level security (RLS) ensuring strict tenant isolation
- Sensitive credentials are encrypted at rest using Fernet symmetric encryption
- All connections use TLS/SSL encryption in transit
- Authentication is managed by Clerk with industry-standard JWT token validation
- We follow OWASP security best practices
5. Third-Party Services
We use the following third-party services:
- Clerk — Authentication and user management
- Anthropic (Claude) — AI content generation
- Vercel — Frontend hosting
- Railway — Backend hosting and database
- Resend — Transactional email delivery
- Lemon Squeezy — Payment processing and subscriptions
6. Cookies
SommAI uses essential cookies for authentication session management. We do not use tracking cookies or third-party advertising cookies. Our authentication provider (Clerk) may set session cookies necessary for secure login.
7. Your Rights
You have the right to:
- Access: Request a copy of all personal data we hold about you
- Export: Download your complete wine collection data at any time
- Delete: Request permanent deletion of your account and all associated data
- Correct: Update or correct your personal information
- Object: Opt out of non-essential data processing
To exercise these rights, use the export and delete features in your account settings, or contact us at privacy@sommai.com.
8. Data Retention
We retain your data for as long as your account is active. Upon account deletion, all personal data and wine collection data is permanently removed within 30 days. Anonymized usage statistics may be retained for service improvement.
9. Children's Privacy
SommAI is not intended for individuals under the legal drinking age (21 in the United States). We do not knowingly collect data from minors.
10. Changes to This Policy
We will notify you of material changes to this policy via email or in-app notification at least 30 days before they take effect.