Privacy Policy
Last updated: July 4, 2026
This Privacy Policy explains how Evan Roscoe (“we,” “us,” or “our”) handles personal information in connection with route.wine (the “Service”).
The short version
route.wine is free and you can use it without an account. We do not sell or share your personal information, we do not run advertising or analytics trackers, and we set one essential cookie only when you sign in. We use a small number of service providers to run the Service, and we send your concierge messages and trip parameters to Anthropic to generate chat replies and itinerary narratives.
What we collect
We collect only what the Service needs to work:
- Account data (only if you create an account): your email address, a bcrypt-hashed password, and an optional display name.
- Saved itineraries and trip parameters: the trips you save, and the dates, party details, and other trip parameters you enter in the quiz.
- Personality-quiz answers that you provide to personalize recommendations.
- Visit ratings and notes you record about wineries you have visited. We store these and show them back to you. We do not build any recommendation or preference model from your ratings.
- Booking-link click events: when you click a booking link, we record which winery or experience it was and the time, for attribution and aggregate analytics with our winery partners.
- IP addresses, processed transiently for rate limiting and recorded in standard server logs.
- Concierge chat messages: the free-text messages you send to the concierge.
We do not require you to sign in, and anonymous use is fully supported. We do not currently send marketing emails or newsletters.
Why we use it
- to generate personalized winery recommendations and build your itineraries;
- to let you save, view, and manage trips, ratings, and notes;
- to run the concierge chat and produce itinerary narratives;
- to protect the Service through rate limiting and standard server logging;
- to measure, in aggregate, which booking links are used, so we can report attribution to winery partners;
- to maintain, secure, and improve the Service.
Legal bases
Where data-protection law requires a legal basis, we rely on: performance of a contract (providing the Service you request), our legitimate interests (securing the Service and reporting aggregate attribution to partners), and your consent where consent is required.
Service providers we use
We use a small set of service providers (processors) to run the Service. We share personal information with them only as needed to operate the Service.
| Provider | Role | What it handles | Location |
|---|---|---|---|
| Vercel | Hosting and delivery | Requests to the Service, including IP addresses in server logs | United States |
| Neon | Postgres database | Account data, saved trips, quiz answers, ratings and notes, click events | United States |
| Anthropic | Chat and narrative generation | Concierge messages and trip parameters sent to the Anthropic API. Under our agreement, Anthropic does not train its models on this data. | United States |
| CARTO / OpenStreetMap | Map tiles | Map tile requests, which expose your IP address like any content delivery network | Third-party |
| OSRM (public routing server) | Route geometry | Routing requests, which expose your IP address like any content delivery network | Third-party |
When you follow a booking link, you leave the Service and go to a winery, restaurant, or activity site or a booking platform such as Commerce7, Tock, CellarPass, OpenTable, or Resy. Their handling of your data is governed by their own privacy policies, not this one.
Booking-link attribution
When you click a booking link, we append attribution parameters to the outbound link and we record the click in our database: which winery or experience it was, and the time. We use this to understand, in aggregate, which experiences lead to bookings and to report that to winery and tourism partners. We may earn a referral or partnership fee for bookings that originate from the Service. We report attribution to partners in aggregate, not as a profile of you.
How long we keep data
- Account data and saved trips: kept until you delete them or request account deletion.
- Ratings and notes: kept with your account until you delete the related trip or your account.
- Booking click events: retained and used in aggregate for attribution and analytics.
- Server logs and transient IP data: kept only as long as needed for security and standard log rotation.
Your choices and rights
Depending on where you live, you may have rights to access, correct, delete, or export your personal information.
- You can delete saved trips in the app at any time.
- For account deletion or a copy of your data (export), email us at hello@route.wine. We do not yet offer self-serve account deletion or export, so we handle these requests by email.
We do not sell your personal information, and we will not discriminate against you for exercising your rights.
California privacy rights
This section applies to California residents under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).
Categories we collect. Identifiers (email address, IP address); internet or network activity (booking-link click events, server logs); and other information you provide (display name, quiz answers, trip parameters, ratings, notes, and concierge messages).
No sale or sharing. We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under CCPA/CPRA. We do not use third-party advertising or analytics trackers.
Your rights. You have the right to know what we collect, to request deletion, to request correction, and to not be discriminated against for exercising these rights. To exercise them, email us at hello@route.wine.
Not for anyone under 21
The Service is for adults 21 and older. It is not directed to children, and we do not knowingly collect personal information from anyone under 21. If you believe someone under 21 has used the Service, contact us and we will delete the information.
How we protect data
We use reasonable measures to protect personal information. Passwords are stored as bcrypt hashes, never in plain text. Session cookies are signed and marked HttpOnly. Traffic to the Service is encrypted in transit with TLS. No method of storage or transmission is completely secure, so we cannot guarantee absolute security.
Where data is processed
Our providers are located in the United States, and map and routing services may be located elsewhere. If you use the Service from outside the United States, your information will be processed in the United States and other countries whose laws may differ from your own.
Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page.
Contact
For privacy questions or requests, email hello@route.wine.