Skip to content

Privacy Policy

Effective Date: February 15, 2026
Last Updated: February 16, 2026

1. Introduction

LemonCube LLC ("Company," "we," "us," or "our"), operating as WineAuction.ai, is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our website at wineauction.ai and any associated services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (hashed), and display name when you register.
  • OAuth Profile: Name, email, and profile picture when you sign in with Google.
  • User Content: Watchlists, tasting notes, ratings, and cellar data you create within the Service.
  • Communications: Bug reports, support requests, and feedback you send us.
  • Calendar Tokens: If you use our calendar integration, we store OAuth tokens to create auction reminder events on your behalf.

2.2 Information Collected Automatically

  • Server Logs: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps.
  • Session Cookies: Authentication cookies necessary to keep you signed in (see Section 8).

2.3 Product Analytics

We use PostHog, a privacy-friendly product analytics service, to understand how visitors use the Service. PostHog collects:

  • Page views and navigation paths;
  • Clicks, searches, and other interactions (autocaptured);
  • Browser type, screen size, and general location (country level).

PostHog runs in cookieless mode — it does not set any cookies or use localStorage. Each page load is treated as a new session, so we cannot track individual users across visits. We do not use advertising or tracking cookies, and we do not sell, rent, or trade your personal information.

3. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the Service;
  • Authenticate your identity and manage your account;
  • Send auction alerts and notifications you have opted into;
  • Process and respond to bug reports and support requests;
  • Create calendar reminders for upcoming auctions at your request;
  • Generate anonymized, aggregated statistics about Service usage (no individual user data is shared);
  • Detect and prevent fraud, abuse, and unauthorized access.

4. How We Share Your Information

We do not sell your personal information. We share it only with the following service providers who process data on our behalf:

  • Supabase: Authentication, database hosting, and row-level security.
  • Vercel: Website hosting and edge functions.
  • PostHog: Cookieless product analytics (page views, feature usage). Data processed in the United States.
  • Google: OAuth sign-in and Google Calendar integration (only if you enable calendar features).
  • Resend: Transactional email delivery (auction alerts, account notifications).

We may also share information:

  • Legal Requirements: When required by law, subpoena, court order, or government request.
  • Protection of Rights: To enforce our Terms of Service, protect our rights, privacy, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified via email or a prominent notice on the Service.

5. Data Retention

  • Account Data: Retained while your account is active. After account deletion, we retain data for 30 days to allow for recovery, then permanently delete it.
  • Server Logs: Retained for 90 days, then automatically purged.
  • Bug Reports: Retained indefinitely in anonymized form to help us improve the Service.
  • User Content: Deleted when you delete it or when your account is deleted.

6. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Encryption at Rest: Data stored in our database is encrypted at rest.
  • Row-Level Security: Database policies ensure users can only access their own data.
  • Password Security: Passwords are hashed using bcrypt and are never stored in plain text.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

7.1 All Users

Regardless of your location, you may:

  • Access your personal information through your account settings;
  • Correct inaccurate personal information;
  • Delete your account and associated data;
  • Export your data (watchlists, notes, cellar) in a portable format;
  • Opt out of non-essential emails at any time.

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide an opt-out mechanism.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at [email protected].

7.3 European Economic Area Residents (GDPR)

If you are in the EEA, you have additional rights under the General Data Protection Regulation:

  • Data Portability: Receive your personal data in a structured, commonly used format.
  • Restrict Processing: Request that we limit the processing of your personal data.
  • Object to Processing: Object to the processing of your data in certain circumstances.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your member state.

Our legal basis for processing is performance of our contract with you (providing the Service), your consent (where applicable), and our legitimate interests (security, fraud prevention, service improvement).

8. Cookies

We use only essential cookies required for the Service to function. Specifically, we use Supabase authentication cookies to maintain your session. These cookies are strictly necessary and cannot be disabled without breaking the sign-in functionality.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Our product analytics (PostHog) operates in cookieless mode and does not set any cookies.

9. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will promptly delete that information. If you believe a child has provided us with personal information, please contact us at [email protected].

10. International Data Transfers

Your information is stored and processed in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

For transfers from the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission and other lawful transfer mechanisms.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify registered users via email before the changes take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

See also our Terms of Service.