Privacy Policy

We collect information that you provide directly to us, including:

• Account Information: Email address, display name, and authentication credentials
• Profile Data: Cigar preferences, taste profiles, and personalized settings
• Collection Data: Information about cigars in your humidor, wishlist, and journal entries
• User Content: Photos, tasting notes, ratings, and comments you submit
• Communication Data: Messages sent through our chat features and support requests

We also automatically collect certain information when you use our services:

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, and error logs

We use the information we collect to:

• Provide, maintain, and improve our services
• Create and manage your account
• Personalize your experience with cigar recommendations and insights
• Process and store your collection data, journal entries, and preferences
• Generate AI-powered analysis and recommendations based on your taste profile
• Send service-related communications and updates
• Respond to your requests and provide customer support
• Monitor and analyze usage patterns to improve functionality
• Ensure security and prevent fraud or abuse
• Comply with legal obligations

Your data is stored securely using Google Cloud Platform and Firebase services, which operate globally:

• Authentication: Firebase Authentication manages your account security
• Database: Cloud Firestore stores your collection data, preferences, and user content
• File Storage: Firebase Storage securely stores your uploaded photos
• Infrastructure: All data is hosted on Google Cloud Platform servers with enterprise-grade security across multiple regions worldwide

Geographic Storage:
• Data may be stored and processed in the United States and other countries where Google Cloud Platform operates data centers
• Storage locations are managed by Google Cloud Platform's infrastructure for optimal performance and redundancy
• All storage locations maintain the same high security standards regardless of geographic location

We implement appropriate technical and organizational security measures to protect your information, including encryption in transit (HTTPS/TLS) and at rest, access controls, regular security assessments, and compliance with international security standards. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: We use Google Cloud Platform/Firebase for hosting and infrastructure, and may use other trusted third-party services for analytics, AI processing, or payment processing. These providers are contractually obligated to protect your data.
• AI Processing: When you use AI features, your queries and relevant context may be processed by AI services (such as OpenAI or Google's Vertex AI) to provide personalized recommendations. We minimize data shared and use anonymization where possible.
• Legal Requirements: We may disclose information if required by law, legal process, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
• With Your Consent: We may share information with your explicit permission.

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze usage patterns and improve our services
• Provide security features and prevent fraud

You can control cookies through your browser settings, but disabling cookies may affect your ability to use certain features of our service.

We retain your information for as long as your account is active or as needed to provide services. When you delete your account:

• Your personal information and user-generated content are permanently deleted
• Some data may be retained for legal, regulatory, or legitimate business purposes (e.g., transaction records, logs for security purposes)
• Backups may retain data for up to 90 days before permanent deletion

You can request deletion of your account and data at any time through the app settings.

We respect your privacy rights regardless of where you are located. Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal data (right to be forgotten)
• Data Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing communications (we don't send marketing emails without consent)
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing of your personal information for certain purposes
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

International Users: While these rights are guaranteed by laws like GDPR (Europe) and CCPA (California), we extend similar rights to all users worldwide as a matter of principle. However, the specific legal enforceability and scope of these rights may vary based on your location.

To exercise these rights, please contact us through the app settings or email us at support@donvitola.com. We will respond to your request within 30 days (or as required by local law, which may be shorter in some jurisdictions).

Don Vitola is intended for adults of legal smoking age in their jurisdiction. The minimum age varies by country and region (typically 18-21 years old). You are responsible for ensuring you meet the legal age requirements in your location.

We do not knowingly collect information from individuals under the legal smoking age in their jurisdiction. If we learn that we have collected information from someone underage, we will delete it promptly. Parents or guardians who believe we may have collected information from a minor should contact us immediately.

Don Vitola is a global service accessible worldwide. Our services are hosted on Google Cloud Platform, which may process and store data in the United States and other countries where Google maintains data centers.

Data Transfer Considerations:
• Your information may be transferred to, processed, and stored in countries outside your country of residence
• These countries may have data protection laws that differ from those in your jurisdiction
• We ensure appropriate safeguards are in place for international data transfers, including:
- Using service providers that comply with international data protection frameworks
- Implementing Standard Contractual Clauses (SCCs) where required
- Following applicable data protection regulations (GDPR, CCPA, etc.)
- Maintaining security measures regardless of where data is processed

By using our services, you acknowledge and consent to the international transfer and processing of your information as described in this Privacy Policy. If you are in the European Economic Area (EEA), UK, or Switzerland, we rely on approved transfer mechanisms for your data.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, disclose, and share
• Right to Access: Request a copy of the specific personal information we have collected about you
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information: We do not collect or use sensitive personal information as defined by CPRA
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at support@donvitola.com. We will respond to verifiable requests within 45 days as required by California law.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have enhanced rights under the General Data Protection Regulation (GDPR) and equivalent laws:

• Legal Basis for Processing: We process your data based on:
- Contract Performance: To provide our services to you
- Legitimate Interests: To improve our services, ensure security, and provide support
- Consent: For optional features like AI recommendations and analytics
- Legal Obligations: To comply with applicable laws
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Restriction: Limit how we process your data in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: We use AI for recommendations, but you can request human review
• Data Protection Contact: For privacy concerns, contact support@donvitola.com
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority (e.g., ICO in UK, CNIL in France, etc.)
• Data Retention: We retain data only as long as necessary for the purposes stated in this policy

We comply with GDPR requirements for data processing, storage, protection, and international transfers, including the use of Standard Contractual Clauses where required.

We recognize that privacy laws exist in many jurisdictions around the world. While specific rights may vary by location, we strive to provide consistent privacy protections to all users:

• Canada (PIPEDA): Canadian users have rights similar to those described in Section 7, including access, correction, and consent requirements
• Brazil (LGPD): Brazilian users have rights to access, correction, deletion, and data portability
• Australia (Privacy Act): Australian users have rights to access and correct their personal information
• Japan (APPI): Japanese users have rights regarding use and disclosure of personal data
• Other Countries: Users in other jurisdictions may have rights under local privacy and data protection laws

We respect local privacy laws and will honor data protection requests in accordance with applicable regulations. If you have questions about privacy rights specific to your jurisdiction, please contact us at support@donvitola.com, and we will work with you to address your concerns in compliance with local laws.

We may update this Privacy Policy from time to time. When we make material changes:

• We will notify you via email or through the app
• The "Last Updated" date will be revised
• You may be required to review and accept the updated policy to continue using our services

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Embark Companies LLC
Operating as: Don Vitola
Email: support@donvitola.com
Support: Available through the app settings

We handle all privacy-related requests including:
• GDPR inquiries (European users)
• CCPA/CPRA requests (California residents)
• Privacy rights requests from any jurisdiction
• General questions about our data practices

We respond to privacy inquiries from all jurisdictions and will work with you to address your concerns in compliance with applicable local laws. When contacting us, please specify your location and the nature of your request to help us provide the most appropriate response.