Italian Wine Routes

Legal

Privacy Policy

Last updated: 24 April 2026

1. Who we are

Italian Wine Routes ("we", "us") operates the website italianwineroutes.com and the Italian Wine Routes application (the "Service"). For the purposes of the EU/UK General Data Protection Regulation ("GDPR"), we act as the data controller for personal data you provide directly to us. Contact: hello@italianwineroutes.com.

2. What we collect

  • Account data: email address, authentication identifiers, optional company logo.
  • Itinerary inputs: regions, dates, guest count, preferences and any free-text notes you submit.
  • Generated content: itineraries produced by the Service and stored in your history.
  • Technical data: IP address, browser type, device, pages viewed, and aggregate analytics.
  • Cookies & local storage: strictly necessary cookies for authentication and session management.

3. Why we process it (legal basis)

  • Contract (Art. 6(1)(b) GDPR): to deliver the Service you signed up for — generating, storing and exporting itineraries.
  • Legitimate interests (Art. 6(1)(f)): product analytics, security, fraud prevention, and improving the Service.
  • Legal obligation (Art. 6(1)(c)): compliance with tax, accounting and applicable laws.

4. Sub-processors

We rely on the following providers, each contractually bound to GDPR-compliant processing:

  • Lovable Cloud — application hosting, database and authentication (EU/US infrastructure).
  • Lovable AI Gateway — routes prompts to large language models (currently Google Gemini and OpenAI GPT families) to generate itinerary content.
  • Google Maps Platform — place autocomplete, geocoding and routing for driving logistics.

International transfers (e.g. to the US) rely on Standard Contractual Clauses and equivalent safeguards.

5. How long we keep it

Account and itinerary data is retained for as long as your account is active, plus up to 12 months after deletion for backup and legal compliance. Aggregate analytics are retained for up to 24 months.

6. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, and to withdraw consent at any time. You can exercise these rights by emailing hello@italianwineroutes.com. You may also lodge a complaint with your local supervisory authority.

7. Security

We use TLS in transit, encrypted storage at rest, row-level security on the database, and least-privilege access controls. No method is 100% secure; we will notify affected users and authorities of any qualifying breach without undue delay.

8. Children

The Service is intended for travel professionals and is not directed to anyone under 18.

9. Changes

We may update this policy. Material changes will be communicated by email or in-app notice at least 14 days before they take effect.

← Back to home