Skip to main content

Legal · Australian Privacy Principles

Privacy Policy

Last updated: April 2026

1. Introduction

Cork (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wine recommendation service.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Name, email address, profile image (from Google OAuth)
  • Age Verification: Date of birth (to comply with legal drinking age requirements)
  • Location Data: Country, state, postcode, city (for region-specific recommendations)
  • Wine Preferences: Favorite varietals, preferred wine types, price range, knowledge level
  • Dietary Information: Dietary preferences, alcohol tolerance
  • Usage Data: Wine recommendations requested, saved wines, food pairings, taste descriptions

2.2 Photos and Images

If you use our Premium meal photo or wine menu photo features, we process photos you submit to generate wine pairing recommendations. Photos are processed in real time and immediately discarded — they are never stored on our servers, in our database, or shared with any third party beyond the AI processing service (OpenAI) used to analyse them.

2.3 Automatically Collected Information

  • Session information and authentication tokens (JWT)
  • Device information, browser type, and platform (web, Android, or iOS)
  • IP address and general location
  • Usage patterns and timestamps
  • Push notification tokens (if you opt in to notifications)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

  • Provide personalized wine recommendations
  • Save and manage your wine cellar
  • Pre-fill forms with your saved preferences
  • Verify you meet legal drinking age requirements

3.2 Analytics and Insights (with your consent)

  • Understand Australian wine buyer preferences and habits
  • Improve our recommendation algorithms
  • Generate anonymized insights for the Australian wine industry
  • Identify trends in wine consumption and preferences

3.3 Communication

  • Send important service updates
  • Respond to your inquiries
  • Notify you of changes to our service
  • Send push notifications (if you opt in) about recommendations, seasonal wine tips, and cellar milestones
  • Send marketing emails via our email platform (if you opt in)

4. Analytics Consent

We ask for your explicit consent to use your data for analytics and wine buyer insights. You can:

  • Opt in or opt out of analytics at any time in your Profile settings
  • Use our service fully even if you opt out of analytics
  • Request details about how your data is used in analytics

When you consent to analytics, your data is anonymized and aggregated with other users' data to generate insights. Individual user data is never shared with third parties.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: Third-party services that help us operate (e.g., Google OAuth, database hosting, AI services)
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Anonymized Data: Aggregated, anonymized insights may be shared with the Australian wine industry (only with your analytics consent)

6. Third-Party Services

We use the following third-party services to operate Cork. Each processes only the minimum data required:

  • Google OAuth: Authentication — receives your Google account name, email, and profile image to create your Cork account
  • OpenAI (GPT-4o): AI wine recommendations — receives your taste preferences, food descriptions, and photos (Premium only) to generate recommendations. OpenAI does not use this data to train its models under our API agreement.
  • Stripe: Payment processing — handles Premium subscription billing. We do not store your credit card details; Stripe manages all payment data under their own privacy policy.
  • Firebase Cloud Messaging (FCM): Push notifications on Android — receives a device token to deliver notifications. Google processes this data under their Firebase privacy policy.
  • Resend: Transactional emails (welcome emails, account notifications) — receives your email address and name.
  • MailerLite: Marketing emails (if you opt in) — receives your email address, name, and subscription tier for segmented email campaigns. You can unsubscribe at any time.
  • Vercel: Hosting and infrastructure — processes standard web request data (IP address, user agent).
  • Neon (PostgreSQL): Database hosting — stores your account data with encryption at rest and in transit.

7. Push Notifications

You may opt in to push notifications on the web or through our Android app. We use:

  • Web Push (VAPID): Your browser generates a push subscription endpoint and encryption keys, which we store to send notifications.
  • Firebase Cloud Messaging (Android): Your device generates an FCM token, which we store to deliver notifications.

You can control notification categories (recommendations, engagement, seasonal tips), set quiet hours, and unsubscribe at any time through your notification preferences. We enforce a daily cap of 3 notifications per user and respect quiet hours (default 10pm–8am AEST).

8. Payments and Subscriptions

Premium subscriptions are processed by Stripe. When you subscribe:

  • Your payment details are entered directly into Stripe’s secure payment form — we never see or store your full card number
  • We store your Stripe customer ID and subscription status to manage your account tier
  • Stripe may collect additional data as described in their privacy policy
  • You can cancel your subscription at any time through your profile settings

9. Your Rights

Under Australian Privacy Principles and GDPR, you have the right to:

  • Access: Request a copy of your personal data (use “Export My Data” in your profile)
  • Correction: Update or correct your information in your profile settings
  • Deletion: Request deletion of your account and all associated data
  • Withdraw Consent: Opt out of analytics at any time without affecting service access
  • Portability: Export your data in a machine-readable format (JSON)
  • Lodge a Complaint: Contact the Office of the Australian Information Commissioner (OAIC)

10. Data Security

We implement industry-standard security measures to protect your data:

  • Encrypted connections (HTTPS/SSL)
  • Secure authentication via Google OAuth
  • Database encryption and access controls
  • Regular security audits

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

11. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

  • Account data: Retained until you delete your account
  • Recommendations and saved wines: Retained until you delete your account
  • Photos (meal/menu): Processed in real time and immediately discarded — never stored
  • Push notification tokens: Removed when you unsubscribe or delete your account
  • Notification logs: Retained for 30 days for deduplication, then automatically deleted

You may delete your account at any time through your profile settings, which will permanently remove all your data from our systems.

12. Device Permissions (Mobile App)

The Cork Android app may request the following device permissions:

  • Camera: Used to take photos of meals or wine menus for AI-powered pairing recommendations (Premium feature). Photos are processed and immediately discarded.
  • Photo library: Used to select existing photos for meal or menu analysis. Photos are not stored.
  • Notifications: Used to send push notifications about recommendations, wine tips, and account updates. You can disable notifications at any time in your device settings or notification preferences.
  • Internet: Required for all app functionality.

All permissions are optional (except internet) and the app will function without them, though some features will be unavailable.

13. Age Restrictions

Our service is only available to users aged 18 and over (or the legal drinking age in your jurisdiction). We verify age during account creation and do not knowingly collect data from minors.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Last updated” date and, where appropriate, sending you an email notification.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Privacy enquiries: hello@getcork.app

Technical support: support@getcork.app

16. Australian Privacy Principles Compliance

This policy is designed to comply with the 13 Australian Privacy Principles (APPs). For more information about your privacy rights in Australia, visit the Office of the Australian Information Commissioner (OAIC) website at www.oaic.gov.au.

← Back to Profile