Privacy Policy
Effective date: May 14, 2026
1. Who we are
This Privacy Policy describes how Enterprise Telecom Solutions, Inc., a Pennsylvania corporation, doing business as Cepaige (“Cépaige,” “we,” “us,” or “our”), collects, uses, and shares information when you use the Cépaige mobile application and the cepaige.com website (together, the “Service”).
Cépaige is a wine research and palate-matching companion. We help you identify wines, build a personal tasting journal, and receive recommendations matched to your taste. The data choices below are designed around two product principles: your journal is yours, and we don’t sell your taste.
2. Our privacy commitments — the short version
The detailed sections below explain the mechanics. The commitments themselves are simple:
- Your journal is private by default. Your ratings, tasting notes, tags, Wishlist, and Purchased list are visible only to you unless you explicitly choose to share specific entries with a community you’ve joined.
- Community sharing is opt-in per wine. When you do share, you choose which individual ratings to share, and you can revoke that sharing at any time. We never auto-publish a rating to a community.
- Members share numeric ratings only. Your free-text tasting notes are never shared with any community, by any path.
- Community ratings are anonymous by default. Named attribution requires a separate explicit opt-in.
- We never sell your taste data to third parties. Not to advertisers, not to wine retailers, not to anyone. Aggregated, non-identifying signal may inform the recommendation engine for other users; it never leaves us as a saleable dataset.
- No targeted advertising. Cépaige doesn’t display ads, doesn’t share data with ad networks, and doesn’t track you across other apps or websites.
3. Information we collect
3.1 Information you provide
- Account information — your email address (used for magic-link authentication; we do not require or store a password) and an optional display name when you create an account.
- Subscription information — when you subscribe through the Apple App Store or Google Play, those platforms handle your payment information and send us a confirmation of your active subscription tier. We do not see your card number or billing address.
- Wine label photos — when you scan a wine label, the image is sent to our servers for optical character recognition and identity research. Scan images are retained in active storage for approximately three months after upload to support research, quality review, and re-identification, then moved to archival storage where they are no longer routinely accessed.
- Ratings, tasting notes, and tags — anything you record in your Wine Journal, including the optional free-text fields and structured tasting vocabulary (Appearance, Nose, Palate, Finish, Overall).
- Wishlist and Purchased list entries — wines you’ve saved for later or recorded as purchased, with optional notes and prices you enter.
- Community memberships — if you join a Sommelier or Peer Community, the fact of your membership and, for individual ratings you’ve opted to share, the rating itself (anonymized unless you’ve opted into named attribution).
- Support correspondence — emails or messages you send us about your account or the Service.
3.2 Information collected automatically
- Device and app data — your device type, operating system, app version, and language settings, used to render the Service correctly and diagnose issues.
- Usage data — which features of the Service you use (e.g., “you ran a scan in Store Mode”), to operate the Service and improve it.
- Approximate location — for Menu Mode and partner-restaurant features that need to identify which venue you’re at. We use coarse location (city/restaurant-level), not precise GPS coordinates, unless a feature explicitly requests it and you grant permission.
- Error and crash reports — when something goes wrong, our error tracking service records technical details about the failure so we can fix it. These reports may include device information and the in-app action that triggered the error; they do not include your tasting notes or ratings.
- IP address — used for security, fraud prevention, and approximate regional content (e.g., currency display). We do not log full IP addresses long-term beyond what’s necessary for those purposes.
3.3 Information from third parties
- Subscription confirmations from the Apple App Store and Google Play.
- Community broadcasts — if you join a Sommelier Community, the sommelier’s published picks and tasting notes are delivered to your account so the Service can present them and seed your preference engine.
4. How we use information
We use the information described above to:
- Operate the Service — identify wines you scan, run research, generate Wine Profile Cards, and maintain your Journal, Wishlist, and Purchased list.
- Personalize recommendations — build your palate match profile and rank wines against it. This is the core of the product. Your data powers your own recommendations.
- Manage your subscription — confirm active billing status from Apple or Google and gate paid features accordingly.
- Communicate with you — send transactional messages (subscription confirmations, trial-end reminders, magic-link sign-in emails), respond to support requests, and — only if you opt in — send infrequent product update emails. You can unsubscribe from product updates at any time.
- Improve the Service — analyze aggregate usage patterns to identify bugs, prioritize features, and tune the research and recommendation engines. Aggregate analysis means we look at trends across all users; we don’t read individual journal entries to develop features.
- Maintain security — detect and prevent fraud, abuse, and unauthorized access.
- Comply with legal obligations — meet tax, accounting, and regulatory requirements.
5. How we share information
We share information only as described below.
5.1 With service providers (subprocessors)
We use third-party services to operate the Service. These providers process information on our behalf, under contract, and are not permitted to use it for their own purposes. Our current subprocessors are:
- Apple App Store and Google Play — subscription billing, platform delivery, and trial management.
- Fly.io — application hosting, managed Postgres database, and managed Redis queue. Application machines and primary database are located in Fly.io’s US East region (Ashburn, Virginia).
- Tigris — independent object storage provider used for wine label scan images.
- Wine-Searcher and Wine Vybe — third-party wine reference APIs used to look up identity, tasting notes, pricing, and grape/region data for a wine. When the Service queries these APIs, it sends the wine identity (producer, name, vintage) only — never your account information, your ratings, or your tasting notes.
- Anthropic — large-language-model and vision-model processing for the research agent and label OCR. The wine identity, scan images, and research-context prompts pass through Anthropic’s API. Anthropic does not use this data to train its models when accessed through the developer API. We access AI providers through a provider-independent abstraction so that we can add or change providers; we will update this policy if and when we do.
- Sentry — application error and crash reporting. Reports include technical context (device, app version, the in-app action that triggered the error) but not your journal entries.
- Postmark — transactional email delivery (magic-link sign-in, subscription confirmations, account notifications).
- Cloudflare — DNS, TLS certificate management, and inbound email
routing for
cepaige.com.
We maintain a current list of subprocessors and will provide it on request.
5.2 With communities you join
If you join a Sommelier Community or a Peer Community and explicitly opt in to share specific ratings:
- The community sees only the numeric rating you’ve shared, never your free-text tasting notes.
- Your share is anonymous by default. Named attribution requires a separate explicit opt-in, per wine or globally.
- Sommelier white-label operators see aggregate community data only — never your individual journal entries or identity, unless you’ve opted into named attribution.
- You can revoke any individual share or your entire community sharing at any time, and revocation removes the rating from forward-looking community views.
5.3 For legal and safety reasons
We may disclose information if we reasonably believe it’s necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to protect the rights, property, or safety of Cepaige, our users, or the public; or to detect, prevent, or address fraud, security, or technical issues.
5.4 In connection with a business transaction
If Enterprise Telecom Solutions, Inc. is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We’ll notify you of any such transfer that materially changes how your information is handled.
6. What we do not do
For clarity, things we will not do under this policy:
- We will not sell your taste data, journal entries, or personal information to anyone.
- We will not share your free-text tasting notes with any community, ever — sharing is limited to numeric ratings.
- We will not make your Journal, Wishlist, or Purchased list public.
- We will not show you targeted advertising, share data with ad networks, or track you across other apps and websites.
- We will not process alcohol sales through the Service in Phase 1 of the product; Cépaige is a research and curation platform, not a retailer. If we ever introduce commerce features, this policy will be updated and age-verification requirements will be added.
7. Your rights and choices
7.1 Access, correction, and deletion
You can access and edit most of your information directly in the app’s Account screen. To request a copy of your data, correct information we hold about you, or delete your account and associated data, email social@cepaige.com from the address associated with your account.
Account deletion removes your identifiable journal data on request. Some aggregated, non-identifying signal that has already informed the recommendation engine may persist in a form that cannot be tied back to you. Records we are legally required to retain (e.g., for tax) are kept for the applicable retention period and then deleted.
7.2 Community sharing controls
You can change which ratings are shared with a community, and whether shares are anonymous or attributed, at any time from the community settings within the app. Changes apply going forward.
7.3 Marketing communications
You can opt out of product update emails at any time using the unsubscribe link in those messages, or by emailing social@cepaige.com. Transactional messages (subscription confirmations, security notices, magic-link sign-in emails, trial reminders) are necessary to operate your account and aren’t subject to opt-out.
7.4 Mobile device permissions
You can grant or revoke camera and location permissions through your device settings. The Service degrades gracefully — Store Mode and Menu Mode need the camera, and Menu Mode benefits from approximate location, but you can still type wine names by hand in their absence.
7.5 Regional rights
Depending on where you live, you may have additional rights under local data protection law:
- European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR): rights of access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your supervisory authority. Our legal bases include contract performance (operating the Service for you), legitimate interests (security, product improvement on aggregate signal), and consent (opt-in community sharing, marketing emails).
- California (CCPA / CPRA): rights to know, delete, correct, and to opt out of “sale” or “sharing” — though we do not sell or share personal information for cross-context behavioral advertising, so opt-out has no effect by default. Non-discrimination for exercising your rights.
- Other jurisdictions: if your local law grants additional rights, contact us and we’ll honor them where applicable.
To exercise any of these rights, email social@cepaige.com.
8. Data retention
We retain information for as long as it’s needed to provide the Service and for the legitimate purposes described in this policy. In practice:
- Active accounts. Your Journal, Wishlist, and Purchased list are retained in full for the lifetime of your active account. This is intentional — long-term taste history is the product’s central value.
- Cancelled subscriptions. If you cancel your subscription, your account and journal data are retained for one year, so that if you re-subscribe within that window your full history is restored. After one year, cancelled-account data is deleted (aggregated, non-identifying signal may persist as described below). You can request immediate deletion of your account at any time before then (see §7.1).
- Deleted accounts. Identifiable data is removed on request, subject to the limits noted in §7.1.
- Wine label scan images. Retained in active storage for approximately three months after upload, then moved to archival storage where they are no longer routinely accessed.
- Aggregated, non-identifying data. Retained indefinitely as part of the cached wine database and recommendation engine.
- Operational logs, error reports, and security records. Retained for the period necessary to operate and secure the Service, typically no longer than 90 days, then deleted or anonymized.
9. Where your data is processed
The Service is currently intended for users in the United States and is operated from the United States. Our application servers, primary database, and object storage are located in the United States (Ashburn, Virginia). Some of our subprocessors (listed in §5.1) operate in additional regions; where they do, your data may be processed in those regions in support of the Service.
If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your home jurisdiction. By using the Service, you consent to that transfer.
10. Security
We use commercially reasonable technical and organizational measures to protect your information, including:
- Encryption in transit. All communication between the mobile app and our servers takes place over HTTPS. TLS is terminated at our hosting provider’s edge, and internal traffic between our application servers, database, and queue runs on a private network not exposed to the public internet.
- Password-less authentication. Cépaige uses magic-link email sign-in. We do not require or store user passwords. Sign-in tokens are stored only as one-way cryptographic hashes, are single-use, and expire after a short window.
- Session protection. Authenticated sessions use secure, HTTP-only cookies with SameSite protection, and we apply Cross-Site Request Forgery (CSRF) checks on requests that modify your data. Web traffic is served with HTTP Strict Transport Security (HSTS).
- Access controls. Production credentials are managed through our hosting provider’s secrets system. Administrative access to our infrastructure is limited to authorized personnel and audited.
- Private infrastructure. Our database, queue, and image storage are reachable only from our application servers over a private network. They are not exposed to the public internet.
- Subprocessor diligence. Service providers listed in §5.1 are chosen with attention to their security posture and the contractual protections they offer.
No system is perfectly secure, and we cannot guarantee absolute security. If we ever become aware of a breach that affects your information, we will notify you and the appropriate authorities as required by law.
11. Children’s privacy
The Service is intended for adults of legal drinking age — 21 or older in the United States and the equivalent legal drinking age elsewhere. The Service is not directed to children under 13, and we don’t knowingly collect personal information from children. If we learn that we’ve collected information from a child under 13, we’ll delete it. Parents or guardians who believe their child has provided us information should contact us at social@cepaige.com.
12. Third-party links and platforms
The Service may link out to third-party websites or services (for example, a sommelier’s external publication, or a generic web search for a wine). This Privacy Policy doesn’t apply to those third parties. We encourage you to review their privacy practices before using them.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we’ll update the “Effective date” at the top of this page. For material changes that meaningfully change your rights or how we use your data, we’ll provide notice through the Service or by email before the change takes effect. Continued use of the Service after the effective date of an updated policy means you accept the updated terms.
14. Contact us
Questions, requests under §7, or feedback on this policy:
- Email: social@cepaige.com
We aim to respond to privacy requests within 30 days.