Privacy Policy
Last updated: March 2026
Welcome to Wine Study App (winestudyapp.com). Your privacy is important to us. This Privacy Policy explains how we collect, use, protect, and manage your information when you use our Service.
By using the Service, you agree to the practices described in this policy. We are committed to managing your personal information in accordance with the Australian Privacy Principles (Privacy Act 1988 (Cth)) and comply with international privacy laws including GDPR for EU users.
1. Our Privacy Commitment
We believe privacy is a fundamental right. We aim to be transparent about how we handle your data and provide you with meaningful control over your personal information. This policy outlines:
- What information we collect and why
- How we use and protect your information
- Your rights to access and correct your information
- How to contact us about privacy concerns
- How we handle data breaches
2. Australian Privacy Principles Overview
We comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). The APPs establish standards for how private sector organisations handle personal information. Here's what this means for you:
- APP 1 (Open & Transparent): We provide this policy so you understand how we handle your data
- APP 2 (Anonymity): You can use our Service without providing your email (limited features available)
- APP 3-5 (Collection): We collect information only when necessary for the Service; you'll receive notice when we collect your data
- APP 6 (Use & Disclosure): We use your data for quiz functionality and improvement; we may transfer data overseas (details below)
- APP 8-10 (Correction & Access): You can request to see, correct, or update your information within 30 days
- APP 11 (Security): We use technical and organisational measures to protect your data from unauthorised access
- APP 13 (Access Disputes): If we hold inaccurate information, you can request correction
3. Information We Collect
Information You Provide
When you create an account or use our Service, we collect:
- Email address: Required for account creation and login
- Password (hashed): Required for security; we never store plain text passwords
- Quiz responses and learning progress: Your answers are recorded to personalise your learning and track your progress
- Study preferences: Any settings or preferences you choose
Information Collected Automatically
When you use the Service, we automatically collect:
- Device type: Browser, operating system (used for troubleshooting)
- IP address: Used for security monitoring and to infer country-level location
- Pages visited and time spent: Used to understand how the app is used
- Interaction with quizzes: Quiz questions viewed, responses, attempt timing
- Firebase Analytics data: Anonymised usage patterns and engagement metrics
Cookies and Similar Technologies
We may use cookies or similar technologies to:
- Keep you logged in (session management)
- Remember your preferences (theme, language)
- Improve security and prevent fraud
Your Cookie Choices: You can disable cookies in your browser settings, although some features may not function properly. We respect browser "Do Not Track" signals by not setting analytics cookies.
4. How We Use Your Information
Primary Purposes (Necessary for the Service)
- Provide quiz functionality and personalised learning experience
- Verify your identity and secure your account
- Store and track your quiz responses and progress
- Enable password reset and account recovery
Secondary Purposes (Improvement & Security)
- Service Improvement: Analyse how you interact with quizzes to improve content quality and user experience (Legal basis: Legitimate interest in platform improvement)
- Security Monitoring: Detect fraud, unauthorised access, and technical errors (Legal basis: Legitimate interest in security)
- Analytics: Understand aggregate usage patterns to make better design decisions (Legal basis: Legitimate interest; data anonymised after 24 months)
- Legal Compliance: Comply with legal obligations or respond to lawful requests
What We Do NOT Do: We do not sell your personal data to third parties. We do not use your data for marketing without your consent. We do not combine your data with external datasets for profiling.
5. Overseas Disclosure of Personal Information
Important: Your personal information may be held, processed, or transferred to service providers outside Australia. Under the Australian Privacy Act, you should be aware of this.
Service Providers Located Overseas
| Service | Purpose | Location | Data Types |
|---|---|---|---|
| Google Firebase | Authentication, Database, Analytics | Singapore (primary) with USA & multi-region replication | Email, password hash, quiz responses, preferences |
| Vercel | Web hosting, CDN | USA (auto-replicated globally) | Request data, logs (temporary) |
What This Means
- These overseas service providers are not bound by the Australian Privacy Act
- However, we have agreements requiring them to protect your data to equivalent standards
- For EU/GDPR users, data transfers are protected by Standard Contractual Clauses (SCCs)
- You have the right to know where your data is held and object to overseas disclosure (contact: info@winestudyapp.com)
6. Data Sharing & Service Providers
We may share your information with trusted third-party service providers who help operate the website. All providers are:
- Contractually required to handle data securely
- Restricted to using data only for supporting the Service
- Not permitted to use data for their own marketing purposes
Sub-Processors & Third-Party Services
| Provider | Service | Location | Legal Basis |
|---|---|---|---|
| Google Firebase Auth | Authentication, login security | Singapore (primary) with USA replication | Contractual necessity (Data Processing Agreement in place) |
| Google Firestore | Database, quiz data storage | Singapore (primary) with multi-region replication | Contractual necessity (Google DPA) |
| Vercel | Application hosting, CDN | USA | Contractual necessity (Vercel DPA) |
We may also disclose information if required by law (e.g., to comply with a court order or government request).
7. Data Retention & Deletion
Data Retention Schedule
We retain personal information only as long as necessary to provide the Service, comply with legal obligations, and pursue our legitimate interests. Here's our retention schedule:
| Data Type | Purpose | Retention Period | Legal Basis |
|---|---|---|---|
| User Account Email | Authentication | Until deletion + 30 days (legal hold) | Contractual |
| Password Hash | Security | Until deletion + 30 days | Security (legitimate interest) |
| Quiz Responses (Identified) | Personalised feedback | 24 months | Legitimate interest (service improvement) |
| Quiz Responses (Anonymised) | Analytics, content improvement | Indefinite | Legitimate interest; anonymised |
| Auth Logs (IP, timestamp) | Security monitoring | 90 days | Security (legitimate interest) |
| Analytics Data (Anonymous) | Platform usage analysis | 24 months (aggregated) | Legitimate interest; anonymised |
| Backup Data | Disaster recovery | 90 days | Business continuity |
Data Deletion
If you delete your account:
- Your account and associated personal information (email, password) will be removed within 5 business days
- Your identified quiz responses will be deleted or anonymised within 30 days
- Backup copies may take up to 90 days to fully delete (technical constraints)
- Anonymised data (unable to identify you) may be retained indefinitely for analytics
- Data required by law (e.g., for legal disputes) will be retained as needed
8. Your Privacy Rights & How to Exercise Them
Depending on your location, you have specific rights regarding your personal information. Here's how to exercise them:
8.1 Right to Access Your Data (Australian Privacy Act APP 9 / GDPR Article 15)
What is this? You have the right to request and receive a copy of the personal information we hold about you.
How to request:
- Email:
info@winestudyapp.com - Subject line: "Data Access Request"
- Include: Your name, email address, account login, and what information you want
What we'll provide:
- A copy of your personal information in a portable format (PDF or CSV)
- An explanation of how we use the data
- Information about any disclosures to third parties
Timeline: 30 days (Australian Privacy Act) or 45 days (GDPR)
Cost: First access request is free. Additional requests may incur a reasonable fee (not more than cost to provide).
8.2 Right to Correct Your Data (Australian Privacy Act APP 8 / GDPR Article 16)
What is this? You can ask us to correct information that is inaccurate or incomplete.
How to request:
- Email:
info@winestudyapp.com - Subject line: "Data Correction Request"
- Include: Which information is wrong, what it should be, and why you believe it's incorrect
What we'll do:
- Verify your request within 5 business days
- Assess whether the information should be corrected
- If we agree: Correct the data and notify affected parties
- If we disagree: Provide a written explanation
Timeline: Response within 30 days; correction within 30 days of approval
8.3 Right to Delete Your Data (GDPR Article 17)
What is this? Subject to certain exceptions, you can request we delete your personal information and close your account.
How to request:
- Email:
info@winestudyapp.com - Subject line: "Data Deletion Request"
- Include: Your name, email, and confirmation you want to delete your account
What happens:
- Your account will be deactivated within 5 business days
- Your personal data (email, password) will be deleted within 30 days
- Anonymised quiz data may be retained for analytics (cannot identify you)
- Backup copies may take up to 90 days to fully delete
What's NOT deleted:
- Data required by law (e.g., tax records for 7 years)
- Data needed to resolve disputes or legal claims
- Anonymised, aggregated data
Timeline: Account deactivation 5 days; full deletion 30 days
8.4 Right to Restrict Processing (GDPR Article 18 - EU Users Only)
What is this? EU residents can ask us to stop processing your data while we investigate a complaint or dispute.
How to request: Email info@winestudyapp.com with subject "Restrict Processing Request". We'll respond within 30 days.
8.5 Right to Data Portability (GDPR Article 20 - EU Users Only)
What is this? EU residents can request your data in a portable format to move to another service.
How to request: Email info@winestudyapp.com with subject "Data Portability Request". We'll provide data as CSV/JSON within 45 days.
8.6 Right to Object (GDPR Article 21 - EU Users Only)
What is this? EU residents can object to processing for marketing or profiling purposes.
How to request: Email info@winestudyapp.com with subject "Objection to Processing". We'll stop processing within 30 days.
9. Legitimate Interest Assessment
We use your data for secondary purposes based on our legitimate business interests. Here's how we balance your privacy with our legitimate needs:
Analytics (Google Analytics)
- Purpose: Understand how users interact with quizzes to improve content and user experience
- Legitimate Interest: Platform improvement and feature development
- Proportionality: We collect anonymised behaviour data, not personal identifiers; data deleted after 24 months
- Safeguards: Analytics data not shared with third parties; not used for profiling
Security Logging
- Purpose: Detect fraud, unauthorised access, and technical issues
- Legitimate Interest: Platform security and integrity
- Proportionality: Minimal data (IP addresses, timestamps, error logs)
- Safeguards: Logs retained 90 days; encrypted; access restricted
10. Data Security & Breach Notification
Security Measures
We take reasonable technical and organisational measures to protect your information from unauthorised access, disclosure, or loss:
- Encryption in Transit: TLS 1.2+ (HTTPS) for all data transmission
- Authentication: Passwords hashed using secure algorithms; never stored in plain text
- Access Controls: Restricted access to personal data; only authorised personnel can access
- Network Security: Firewalls and security monitoring
- Firebase Security: Google's enterprise-grade security infrastructure
However, no internet service can be completely secure. We cannot guarantee absolute security.
Notifiable Data Breaches Scheme
We comply with Australia's Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC). If a serious breach of your personal information occurs, we will:
1. Assess the Breach
- Investigate within 30 days of discovering the breach
- Determine if it's an "eligible data breach" (unauthorised access likely to result in serious harm)
2. Notify Affected Individuals
If a serious eligible data breach is confirmed, we will notify you and provide:
- What information was accessed
- Nature of the breach
- Likely consequences for you
- Remedial actions we're taking
- Contact point for further information
3. Notify OAIC (If Serious)
If the breach is serious and likely to cause serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) at the same time or shortly after notifying you.
4. Report Suspected Breaches
If you suspect a data breach or security issue, contact: info@winestudyapp.com with subject "Security Incident Report".
11. International Data Transfers (GDPR Chapter V)
For EU and EEA residents: Your data may be transferred to countries outside the EU/EEA (specifically USA) for processing by Google Firebase and Vercel.
Safeguards
- Standard Contractual Clauses (SCCs): Google and Vercel have committed to using SCCs for all transfers
- Data Processing Agreements: Both providers have signed Data Processing Addendums (DPAs)
- Adequacy Assessment: We regularly assess the adequacy of safeguards
- Supplementary Measures: Where necessary, we implement supplementary safeguards (encryption, contractual commitments)
If you have concerns about international transfers, contact: info@winestudyapp.com
12. Children's Privacy
This Service is designed for students aged 16+ preparing for WSET Level 1 wine education. We do not knowingly collect personal information from children under 13.
For Children Under 13
- This Service is not intended for children under 13
- We do not knowingly collect identifiable information from users under 13
- If we discover collection from a child under 13, we will:
- Immediately discontinue collection
- Notify the parent or guardian
- Delete the data within 30 days
- If you believe a child under 13 has created an account, contact:
info@winestudyapp.com
For Ages 13-17 (Minors)
- Minors using the app receive the same data protections as adults
- We recommend parental awareness of online activities
- Parents can request their child's data by emailing
info@winestudyapp.comwith proof of relationship
Australian Consumer Law Protections
Minors have additional protections under Australian Consumer Law. If a minor disaffirms a transaction for this digital service, we will comply with their request.
13. Australian Consumer Law Notice
This product is provided for educational purposes in support of WSET Level 1 study. Under the Australian Consumer Law (Schedule 2, Competition and Consumer Act 2010):
- Warranties: This Service is provided on an "as-is" basis; we make no warranty that quiz content will guarantee exam success or be completely error-free
- Consumer Guarantees: We have a duty to ensure digital services are of acceptable quality and fit for purpose as a study aid
- Remedies: If the Service breaches consumer guarantees, you can contact us for refund, correction, or replacement of defective content
- Disclaimer: This app is not endorsed by WSET and should not replace official WSET study materials
Consumer Law contact: info@winestudyapp.com
14. Privacy Complaints & Dispute Resolution
Step 1: Contact Us
If you have a privacy complaint, please contact us:
- Email:
info@winestudyapp.com - Subject: "Privacy Complaint"
- Include: Description of the complaint, dates, what you'd like to happen
- Response time: 30 days
Step 2: Our Investigation
We will:
- Review your complaint
- Gather relevant information
- Determine whether we've breached privacy laws
- Decide on remedial actions
Step 3: Escalation (If Not Satisfied)
Australian Users
Contact the Office of the Australian Information Commissioner (OAIC):
- Website: https://www.oaic.gov.au
- Phone: 1300 363 992
- Online Complaint: https://www.oaic.gov.au/individuals/
- The OAIC will investigate and can order corrective action
EU/GDPR Users
You can lodge a complaint with your local data protection authority (DPA):
- Member List: https://edpb.ec.europa.eu/about-edpb/members_en
- Note: You can contact your DPA in addition to contacting us first
15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised "Last updated" date. For significant changes:
- We will notify users via email (for registered accounts)
- We will provide a 30-day notice period before changes take effect (for material changes)
- Previous versions of this policy will be archived (available upon request)
Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.
16. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us:
General Privacy Inquiries
- Email:
info@winestudyapp.com - Response time: 5 business days
Data Access/Correction/Deletion Requests
- Email:
info@winestudyapp.comwith subject "Data Access Request" - Response time: 30 days (may extend to 60 days if complex)
Security Issues & Breach Reports
- Email:
info@winestudyapp.comwith subject "Security Incident Report" - Response time: 24 hours
Privacy Complaints
- Email:
info@winestudyapp.comwith subject "Privacy Complaint" - Response time: 30 days (see Privacy Complaints section for escalation)
Last updated: March 2026
This Privacy Policy applies to Wine Study App (winestudyapp.com) and all services provided through the website.