Privacy Policy
Last updated: March 2026
This policy explains what personal data Vinebound collects, why, how it is used, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Vinebound is operated as a sole trader. For data protection purposes the data controller is:
Vinebound
Email: info@vinebound.uk
If you have any questions about how we handle your data, please contact us at the address above.
2. What data we collect and why
2a. Account registration and sign-in
Data: Email address.
Why: To create and authenticate your Vinebound account (passwordless magic-link sign-in).
Lawful basis: Performance of a contract (providing the account service you requested).
Retention: For as long as your account is active. You can request deletion at any time (see section 6).
2b. Newsletter sign-up
Data: Email address, and optionally your name and vineyard preferences.
Why: To send you updates about new vineyards, features, and content we think you'll find useful.
Lawful basis: Consent. You can unsubscribe at any time using the link in any email we send you.
Retention: Until you unsubscribe or ask us to delete your data.
2c. Analytics (only with your consent)
Data: Anonymised browsing behaviour — pages visited, time on site, device type, approximate location (country/city level), clicks, and scroll depth.
Why: To understand how people use Vinebound so we can improve it.
Lawful basis: Consent. Analytics cookies are only set after you click "Accept" on our cookie banner. If you click "Reject", no analytics tools are loaded at all.
Retention: Aggregated analytics data is retained for up to 26 months (Google Analytics default).
2d. Session recording (only with your consent)
Data: Anonymised interaction recordings — mouse movements, clicks, scrolls, and rage-clicks. No keystrokes or personal details are captured.
Why: To identify usability problems and improve the site experience.
Lawful basis: Consent. Session recording (Contentsquare) only loads after you accept cookies.
Retention: Session recordings are retained for up to 13 months.
2e. Server and access logs
Data: IP address, browser type, referring URL, and page requested, generated automatically when you visit the site.
Why: Security, fraud prevention, and diagnosing technical errors.
Lawful basis: Legitimate interests (keeping the service secure and operational).
Retention: Typically 30 days, held by our hosting provider.
3. Cookies
We use the following categories of cookies:
- Strictly necessary: Essential for the site to function (e.g. remembering your cookie preference, keeping you signed in). These are set regardless of consent.
- Analytics & performance: Google Analytics (via Google Tag Manager) and Contentsquare. These are only set if you accept cookies.
You can change your cookie preference at any time by clearing the cookieConsent cookie from your browser settings and reloading the page.
4. Third-party processors
We share data with the following third parties, each of whom processes data only as necessary to provide their service:
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Supabase | Account authentication and data storage | Email address, session tokens | supabase.com/privacy |
| MailerLite | Email newsletter | Email address, name (if provided) | mailerlite.com |
| Google Tag Manager / Google Analytics | Analytics (consent required) | Anonymised usage data, IP address (anonymised) | policies.google.com |
| Contentsquare | Session recording and UX analytics (consent required) | Anonymised interaction data (clicks, scrolls, mouse movement) | contentsquare.com |
| Mapbox | Interactive maps (London Vineyard Finder) | IP address (to serve map tiles) | mapbox.com/legal/privacy |
All processors are contractually required to handle your data in accordance with UK GDPR. Where data is transferred outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).
5. Links to other websites
Vinebound contains links to third-party websites (vineyard websites, booking platforms, etc.). We are not responsible for the privacy practices of those sites and recommend you read their privacy policies before providing any personal information.
6. Your rights
Under UK GDPR you have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate data.
- Right to erasure — you can ask us to delete your data ("right to be forgotten"), subject to any legal obligations to retain it.
- Right to restriction — you can ask us to limit how we use your data in certain circumstances.
- Right to data portability — where processing is based on consent or contract, you can request your data in a structured, machine-readable format.
- Right to object — you can object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at info@vinebound.uk. We will respond within one month.
You also have the right to lodge a complaint with the UK supervisory authority: the Information Commissioner's Office (ICO).
7. Security
We use industry-standard measures to protect your personal data, including HTTPS encryption in transit and access controls on stored data. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but take all reasonable precautions.
8. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. For significant changes we will make reasonable efforts to notify users (e.g. via a banner on the site).
9. Contact
Questions or requests about this policy: info@vinebound.uk