Zapfä
Promise

Privacy

We built Zapfä the way we'd want a small app from people we don't know to behave.

Effective date: June 17, 2026

i. Who we are

Zapfä is made by Redwood Strategy Labs, a trade name of Redwood Strategy Partners LLC, a company registered in California, USA. For privacy purposes, Redwood Strategy Partners LLC is responsible for the personal data described on this page.

When this page says “we,” that’s who it means. There is no parent company, no investor with data access, and no analytics middleman you haven’t read about below.

ii. What we collect

The shortest version: your email address and the cellar data you choose to add.

When you create an account we store your email so you can sign in and so we can send you the occasional service note (a password reset, an account-recovery confirmation). When you add a bottle, we store the wine details, your tasting notes, and the storage location you assign.

We don’t keep your label photos. When you scan a label (and only with your consent — see section iii), the photo travels to our servers and the AI services that read it, then is deleted from our systems once the analysis is done. What we keep is the wine information extracted from it, not the image. The original photo lives only in the app’s local storage on your device.

That’s the whole list. We don’t ask for a phone number, a date of birth, a postal address, or anything else we don’t need.

If you sign in with Apple, Apple sends us a one-time identity token and, on the very first sign-in, your name and email (which may be Apple’s private relay address if you choose to hide your real one). We never see your Apple ID password.

On your device, the app stores your session token in the iOS Keychain so you don’t have to sign in every time. That token lives on your device and is invalidated when you sign out.

iii. Label scanning

Zapfä can read a wine label from a photo and fill in the bottle details for you. Here’s what happens, because features like this shouldn’t be a black box:

  1. Nothing leaves your phone without your consent. The first time you use label scanning, the app asks for your explicit permission. If you decline, the feature stays off and your photos never leave your device.
  2. If you consent, the label photo is sent — through our servers, never directly from your phone to anyone else — to specialized AI services that read the label and recognize wines. These services operate under commercial agreements that prohibit them from using your data to train their models. They may hold API data briefly for abuse monitoring under their own published policies, then delete it.
  3. Once the label is read, the photo is deleted from our systems. We keep the extracted wine details and a numerical signature of the label that lets the app recognize the same wine faster next time. The signature can’t be turned back into your photo.
  4. The credentials for these services live on our servers, never inside the app on your phone.

iv. What we don’t do with your data

We don’t run ads. We don’t sell your data. We don’t share it with advertisers, data brokers, or anyone else for marketing. There is no “partner” reading your cellar over your shoulder. The product makes money from subscriptions — that’s the whole business model.

The service providers described in section ix receive data only so the app can function, only the minimum each one needs, and only under contracts that prohibit them from using it for their own purposes. If any of this ever changes, section xiii explains how you’d hear about it first.

On the website, analytics and storage are off by default. Before you click Accept on the consent banner, zapfae.com sets zero first-party cookies, writes nothing to localStorage or sessionStorage, and loads no analytics code. If you click Accept, product analytics loads via a deferred import — see section vi for what it records — and your decision is remembered in a single __zapfae_consent_v1 cookie on .zapfae.com (12-month expiry). Cloudflare Insights is disabled entirely; the beacon isn’t loaded before consent and isn’t loaded after consent either. If you change your mind, the “Manage cookies” link in the footer of every page re-opens the banner so you can switch your decision; it takes effect immediately on the same page, and the cookie is rewritten with your new choice.

v. Where your data lives

Your account and cellar data are stored in a secure cloud database hosted in the United States. The marketing website is served through a global content delivery network.

Zapfä is currently offered in the United States, and your data is stored and processed there. If we expand to other regions later, we’ll update this page before anything about data location changes.

vi. Analytics and crash reporting

We use two tools to understand how the app behaves, and we’ve deliberately limited what each one can see:

Product analytics records events like “scanned a label” or “added a bottle” so we know which features matter. Events pass through a strict allowlist — only pre-approved, non-sensitive properties are sent, and anything not on the list is dropped before it leaves the app. Session recording is off. Our analytics never receive your tasting notes or the contents of your cellar.

Crash reporting tells us when the app crashes so we can fix it. Before a crash report leaves your device, we scrub it: email addresses, IP addresses, and any scanned label text are redacted, and user identifiers are anonymized. What gets sent is a stack trace and device metadata (model, OS version) — enough to fix the bug, not enough to identify you.

vii. Notifications and email

Push notifications are delivered through Apple’s push notification infrastructure. To make that work we store a push token for your device. Notifications are off until you grant iOS permission, and you can revoke that at any time in Settings.

Account emails (password resets, verification) go through our backend. Transactional emails (waitlist confirmations, policy update notifications, and similar) go through a transactional email provider, which receives your email address for delivery and nothing else.

We don’t send marketing email. If that ever changes, it will be opt-in, with a working unsubscribe link.

viii. Cookies on the website

zapfae.com sets a single consent-decision cookie (__zapfae_consent_v1, 12-month expiry) only after you click Accept or Reject on the consent banner. Before you choose, no cookies and no analytics. If you Accept, we additionally load anonymous product analytics — see section iv. If you Reject (or change your mind via the footer “Manage cookies” link), nothing more is loaded.

The app itself doesn’t use cookies; it uses the Keychain-stored session token described in section ii. What the app measures is described in section vi.

ix. Who we work with

Rather than a wall of corporate names, here’s every category of service provider that touches user data, and what each receives:

What they doWhat they receive
Cloud database & backend hosting (US)Email, password hash, cellar data, preferences
Sign in with Apple (Apple Inc.)Handles sign-in on Apple’s side; sends us a token + name/email once
AI label-reading services (US, with your consent)Label photos during analysis + extracted text; deleted after processing
Product analytics (US)Allowlisted usage events, user ID
Crash reporting (US)Scrubbed crash reports, device metadata
Subscription billing & receipt validation (with consent on purchase)RC user ID = Supabase auth.users.id, subscription status, purchase receipts
Push notification delivery (Apple Inc.)Push token, notification payloads in transit
Transactional email (waitlist only)Your email address
Website hosting & CDNStandard web request data (IP, user agent) in transit

Want the actual company names? They’re all listed on our subprocessor page — we keep them there so this page stays readable and that one stays current.

If we add a category to this table or change what one receives, that counts as a material change under section xiii.

x. Your rights

You have the right to access, export, correct, or delete every piece of data we hold about you, at any time, without giving a reason. We extend these rights to everyone, regardless of where you live — not because a particular law forces us to, but because it’s how this should work.

  • Access + export: Settings → Export Cellar produces a JSON or CSV file you can share via the iOS share sheet — typical export takes seconds, and the server streams the cellar so even a large one exports cleanly. If anything is broken or you’d rather a human handle it, email privacy@zapfae.com and we’ll reply.
  • Delete everything: open the app → Settings → Delete Account → type “DELETE” to confirm. Deletion is immediate and irreversible. (See Delete your account for the full path.)
  • Email us: if any of the above is broken or you’d rather a human handle it, write to privacy@zapfae.com and we’ll reply.

California residents: the CCPA grants California consumers rights to know, delete, and opt out of the sale of personal information. We don’t sell personal information, and the access and deletion tools above already cover the rest. You can also exercise any of these rights by email.

If you’re in the EU/EEA, UK, or Switzerland: Zapfä isn’t yet offered in your region, but if you’re using it anyway, the same rights above apply to you, and you can contact us about any concern at the email below.

xi. How long we keep things

  • Your cellar data: for as long as you have an account. Delete a bottle and its data goes with it; delete your account and everything goes, immediately.
  • Label photos: not stored by us at all — deleted from our systems after analysis. The original stays on your device.
  • AI service copies: held only briefly under those providers’ published abuse-monitoring policies, then deleted. Not used for training.
  • Analytics events: retained under our analytics retention settings and never linked to your cellar contents.
  • Crash reports: retained for 30 days, then deleted automatically.
  • Server logs: routine infrastructure logs rotate out on short cycles.

xii. Age

Zapfä is an app about wine. It is intended for users of legal drinking age in their jurisdiction (21+ in the US) and is rated accordingly in the App Store. It is not directed at children, and we do not knowingly collect personal information from anyone under 13. If you believe a child has created an account, email us and we’ll delete it.

xiii. Changes to this policy

If we materially change what we collect or how we use it — a new category of service provider, a new data type, a new purpose — we’ll update this page, date the change at the top, and send a one-time email to active accounts before the change takes effect. Fixing typos or clarifying wording doesn’t count; changing the table in section ix does.

xiv. Contact

Questions, concerns, or “you have my data and I want it gone”: privacy@zapfae.com. We read every email.