1. Data controller
The data controller for personal data is Mon Chez Toit SRL (trade name: Trinqo), VAT number BE0885913767.
Contact: info@trinqo.app
2. Data collected
We collect the following data:
- Account data: email address, display name (optional)
- Tasting data: name, producer, notes, photos, ratings
- Payment data: processed exclusively by Stripe (we do not store any card numbers)
- Technical data: IP address, browser type, pages visited
3. Purposes of processing
Your data is used to:
- Create and manage your user account
- Record and display your tastings
- Manage your subscription and payments
- Send you transactional emails (payment confirmation, notifications)
- Improve the service
4. Legal basis
The processing of your data is based on the performance of the contract (use of the service) and your consent (account creation). For payment data, processing is necessary for the performance of the subscription contract.
5. Sub-processors
Your data is processed by the following sub-processors:
- Supabase (Singapore) — Database hosting and authentication
- Vercel (United States) — Application hosting
- Stripe (Ireland) — Payment processing
- Brevo (France) — Transactional email delivery
- Mistral AI (France) — OCR/label recognition via the Pixtral Vision API
- Sentry (United States) — Application monitoring and error tracking
- Upstash (United States) — Rate limiting and abuse protection
- Plausible (European Union) — Privacy-friendly web analytics
6. Transfers outside the EU
Some sub-processors process your data outside the European Union. The following safeguards govern these transfers:
- Supabase (Singapore) — database hosting, Standard Contractual Clauses (SCC)
- Vercel (United States) — application hosting, Standard Contractual Clauses (SCC)
- Stripe (United States) — payment, certified Data Privacy Framework
- Brevo (France/EU) — transactional emails, no transfer outside the EU
- Mistral AI (France/EU) — OCR, no transfer outside the EU
- Sentry (United States) — monitoring, Standard Contractual Clauses (SCC)
- Upstash (United States) — rate limiting, Standard Contractual Clauses (SCC)
- Plausible (European Union) — analytics, no transfer outside the EU
7. Data retention period
- Profile and tasting data: duration of account, deleted immediately upon account deletion
- Support tickets: duration of account, deleted immediately upon account deletion
- Label photos: duration of account, deleted immediately upon account deletion
- Payment data: retained by Stripe according to their policy (see stripe.com/privacy)
- Technical logs: 90 days
8. Your rights
Under the GDPR, you have the following rights:
- Access: obtain a copy of your personal data
- Rectification: correct inaccurate data
- Erasure: request the deletion of your data
- Portability: receive your data in a structured format
- Objection: object to the processing of your data
- Restriction: request the restriction of processing
To exercise your rights, contact us at info@trinqo.app. We will respond within 30 days.
9. Cookies
Trinqo uses only strictly necessary cookies for the service to function (authentication session). No advertising or tracking cookies are used. No consent is required for these essential cookies in accordance with the ePrivacy Directive.
10. Security
We implement appropriate technical and organizational measures to protect your data: HTTPS encryption, secure authentication, restricted data access, and database-level security policies.
11. Complaints
If you believe that the processing of your data does not comply with the GDPR, you may file a complaint with the Belgian Data Protection Authority: www.autoriteprotectiondonnees.be