Privacy Policy

Effective date: April 13, 2026

Harvest Tales is operated by Greg Gentschev as a sole proprietorship. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Harvest Tales iOS app and related services.

If you have questions about this policy, contact us at gentschev@gmail.com.

1. Information We Collect

Information You Provide

When you create an account, we collect:

Name (required)
Phone number (required) — used as your primary identifier and for matching your purchase history at connected wine shops
Email address (optional)
Password — stored only in irreversibly hashed form; we never store or have access to your actual password

Information from Wine Shop Connections

When you connect to a wine shop in the app, we access limited data from that shop's Square point-of-sale system to display your purchase history. Specifically:

Your phone number is sent to the Square API to find your customer record at that shop
If a match is found, we sync your purchase history from that shop: order dates, item names, quantities, and totals
We request read-only access to the shop's Square account — we cannot modify their data, process transactions, or access payment card details

We do not access:

Credit or debit card numbers
Bank account information
Customer addresses
Tips or gratuities
Staff or employee data

Information Stored on Your Device Only

Some data is stored locally on your device and is never sent to our servers:

Saved wine writeups — stored in your device's local database
Personal wine notes — stored locally, never transmitted
Authentication token — stored securely in your device's iOS Keychain

Information We Plan to Collect in the Future

We plan to add analytics and crash reporting to improve the app. When implemented, this may include device type, operating system version, app usage patterns, and crash logs. We will update this policy before enabling any such collection, and this data will never include your personal information or purchase history.

2. How We Use Your Information

We use your information to:

Authenticate you and maintain your account
Match you with your purchase history at wine shops you connect to, via Square's customer lookup
Display your purchase history from connected shops within the app
Respond to inquiries submitted through our contact form

3. How We Share Your Information

We share your information only with the following third-party services, and only as described:

Square — Your phone number (and email, if provided) is sent to Square's API to look up your customer record at shops you choose to connect to. We access purchase data from Square using read-only permissions. Square's use of data is governed by Square's Privacy Policy.
Resend — If you submit our contact form, your name and email are transmitted via Resend's email delivery service solely to deliver your message to us.

We do not sell, rent, or share your personal information with any other third parties. We do not use your data for advertising or marketing purposes.

4. Data Storage and Security

We take reasonable measures to protect your data:

Encryption in transit — All communication between the app and our servers uses HTTPS/TLS encryption
Password hashing — Passwords are hashed using bcrypt and cannot be reversed
Encrypted tokens — Wine shop OAuth access tokens are encrypted at rest in our database using Rails Active Record Encryption
Secure device storage — Authentication tokens are stored in the iOS Keychain, Apple's secure credential storage
Server hosting — Our API and database are hosted on Railway, a cloud platform with infrastructure-level security

5. Data Retention and Deletion

Account data is retained for as long as your account is active.
Purchase data is retained while your connection to a wine shop is active. When you disconnect from a shop, all purchase history from that shop is permanently deleted from our servers.
Account deletion is available as self-service in the app (Profile > Delete Account). Deleting your account permanently removes all of your data from our servers, including your account information, all shop connections, and all purchase history.
Local data (saved wine writeups and personal notes) is stored only on your device and is removed when you delete the app.
You can also request account deletion by emailing gentschev@gmail.com. We will verify your identity using the phone number on your account and process your request promptly.

6. Your Rights Under California Law (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Right to know — You can request details about the personal information we collect about you and how it is used.
Right to delete — You can request that we delete your personal information. You can do this directly in the app or by contacting us.
Right to opt out of sale — We do not sell your personal information to anyone, so there is nothing to opt out of.
Right to non-discrimination — We will not treat you differently for exercising any of these rights.

To exercise these rights, use the in-app Delete Account feature or email gentschev@gmail.com.

7. Age Requirement

Harvest Tales is intended for users who are 21 years of age or older, consistent with the legal drinking age in the United States. We do not knowingly collect personal information from anyone under 21. If we learn that we have collected data from someone under 21, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us at gentschev@gmail.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Your continued use of Harvest Tales after changes are posted constitutes your acceptance of the updated policy.

9. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact:

Greg Gentschev
gentschev@gmail.com