Privacy Policy

Last updated: 7 July 2026

1. Who is responsible. Wine Exam Trainer operates wineexamtrainer.com and app.wineexamtrainer.com. For privacy questions, contact [email protected]. We process personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. What we collect.

Without an account: free practice works without registration. Your progress is stored locally in your own browser (localStorage) and is not sent to us.

With an account: we store your email address, a hashed password (or login token), your subscription status and your study progress (answers, scores, weak spots) so the trainer can adapt to you.

Payments: checkout and billing are handled by our merchant of record, Paddle (paddle.com). Paddle collects your payment details, billing address and VAT information under its own privacy policy. We never see or store your full payment details; we receive only confirmation of your subscription status.

Technical: our hosting providers (Cloudflare, Railway) process IP addresses and request logs to deliver and secure the service.

3. What we don't do. We do not sell personal data, we do not use third-party advertising trackers, and we do not send marketing email without your consent.

4. Legal bases. We process data to perform our contract with you (providing the trainer and your subscription), for our legitimate interest in securing and improving the service, and to comply with legal obligations (e.g. tax records held by Paddle).

5. Retention. Account data is kept while your account is active. You can delete your account at any time, after which personal data is removed or anonymised within 30 days, except where law requires longer retention (e.g. billing records).

6. Your rights. Under the GDPR you can request access, correction, deletion, restriction, or a portable copy of your data, and you can object to processing. Email [email protected]. You can also complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

7. International transfers. Our infrastructure providers may process data outside the EEA; where they do, transfers are covered by EU-approved safeguards such as Standard Contractual Clauses.

8. Changes. We may update this policy; material changes will be announced on this page.