Privacy Policy
1. Overview
LastCork, operating as The Last Cork ("TLC," "we," "us," or "our"), is a wine deal aggregation and alert service. We monitor flash wine sale websites and notify you when deals matching your preferences appear. For Premium members, we facilitate purchasing through your existing accounts on partner wine sites.
This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have over your data. We've written it to be readable — not just legally defensible.
Short version: We collect what we need to run the service, we don't sell your data, and you can export or delete your account at any time.
2. Information We Collect
Information You Provide
- Account details: name, email address, and password (stored as a one-way hash — we never see your plain-text password)
- Phone number (optional, for SMS alerts)
- Wine preferences: varietals, regions, wineries, price ranges, and other deal filters you configure
- Taste ratings: thumbs up/down and star ratings you give to wines in the app
- Subscription and billing information: plan type and payment details processed by Authorize.net (we do not store full card numbers — see Section 4)
Information Generated by Your Use
- Purchase history: wines you've bought through TLC-facilitated checkout (the transaction itself happens on the wine site, but we record the details for your history and preference learning)
- Alert and notification history: which alerts you received and whether you acted on them
- Feed interactions: wines you viewed, skipped, liked, or shared
- Session data: timestamps, feature usage, and app navigation (used for debugging and improving the service)
Technical Information
- Device information: device type, operating system, and app version
- Push notification tokens (FCM): required to send you deal alerts
- IP address: used for security and fraud prevention; not used for targeted advertising
- Log data: error logs and performance data
3. How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Match wine deals to your preferences and send you alerts (push, SMS, or email depending on your settings)
- Facilitate one-tap purchasing through partner wine sites for Premium members
- Build and refine your personal taste profile over time
- Process subscription payments through Authorize.net
- Send transactional emails (purchase confirmations, billing receipts, password resets)
- Respond to your support requests
- Improve the accuracy of our deal matching and alert timing
- Detect and prevent fraud, abuse, or security incidents
- Comply with legal obligations
We do not use your information to build advertising profiles, sell leads, or share your data with wine retailers for their own marketing purposes.
4. Third Parties & Data Sharing
We do not sell your personal information. We share data only in these specific situations:
Service Providers
We work with trusted third parties who process data on our behalf:
- Authorize.net: handles subscription billing. They receive your payment card details directly. We store only your subscription status and billing plan.
- Firebase Cloud Messaging (Google): delivers push notifications to your device using your FCM token.
- Cloud infrastructure provider: hosts our servers and databases in secure, encrypted environments.
- Analytics provider: we use anonymized, aggregated usage analytics to understand how features are used. No personally identifiable data is included in these analytics.
All service providers are contractually required to protect your data and may not use it for their own marketing purposes.
Partner Wine Sites
When you purchase a wine through TLC's in-app browser (Premium feature), the transaction occurs directly on the wine retailer's website using your account credentials stored on their platform. TLC does not transmit your payment information to these sites — your payment method is already on file with them. We record the details of completed purchases for your history and preference learning only.
Legal Requirements
We may disclose information when required by law, court order, or government authority, or to protect the rights, safety, or property of TLC, our users, or the public.
Business Transfers
If TLC is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you by email or prominent notice on our site before your data becomes subject to a different privacy policy.
5. Cookies & Tracking
The TLC website (thelastcork.com) uses cookies for session management and authentication. The mobile app does not use browser cookies but uses similar local storage mechanisms to maintain your session.
- Essential cookies: required for login sessions and security. Cannot be disabled without breaking the service.
- Analytics cookies: anonymized data about page views and feature usage. You can opt out in your account settings.
We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site behavioral advertising networks.
6. Data Retention
We retain your data as long as your account is active. Specifically:
- Active account data (preferences, history, ratings) is kept for the life of your account
- After account deletion, we delete your personal information within 30 days, except where required by law
- Billing records are retained for 7 years for tax and legal compliance purposes, but contain only transaction metadata — not full card numbers
- Anonymized analytics data (stripped of all personal identifiers) may be retained indefinitely to improve the service
- Security logs (IP addresses, login events) are retained for up to 90 days
7. Security
We take data security seriously and use industry-standard measures including:
- Passwords stored using bcrypt hashing — never in plaintext
- HTTPS/TLS encryption for all data in transit
- Encrypted storage for sensitive data at rest
- Access controls limiting which team members can access user data
- Regular security reviews
No online service can guarantee 100% security. If you suspect unauthorized access to your account, please contact us immediately at support@thelastcork.com.
8. Your Rights
You have the following rights regarding your personal information:
- Access: request a copy of the personal data we hold about you
- Correction: update or correct inaccurate information in your profile
- Deletion: request deletion of your account and associated personal data
- Export: download a machine-readable copy of your data (purchase history, preferences, ratings) from your account settings
- Opt-out of marketing: unsubscribe from non-transactional emails at any time via the link in any email or in your notification settings
- Notification controls: customize push, SMS, and email alerts in your account settings
To exercise any of these rights, visit your account settings or contact us at support@thelastcork.com. We will respond within 30 days.
9. GDPR (European Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) applies to your personal data.
Legal Basis for Processing
- Contract performance: processing necessary to provide the service you signed up for
- Legitimate interests: security monitoring, fraud prevention, service improvement (where balanced against your rights)
- Legal obligation: billing records and legal compliance
- Consent: optional features such as SMS alerts, where we request your explicit permission
Your GDPR Rights
In addition to the rights in Section 8, GDPR grants you:
- Right to restrict processing in certain circumstances
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time where consent was the legal basis
- Right to lodge a complaint with your local supervisory authority
TLC is the data controller for personal information processed under this policy. Contact our data privacy inquiries at support@thelastcork.com.
10. CCPA (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information.
- Right to Know: request disclosure of the categories and specific pieces of personal information we have collected, used, disclosed, or sold
- Right to Delete: request deletion of your personal information, subject to certain legal exceptions
- Right to Opt-Out of Sale: we do not sell personal information, so no opt-out is needed — but you have this right confirmed
- Right to Non-Discrimination: we will not discriminate against you for exercising any CCPA rights
To submit a CCPA request, contact us at support@thelastcork.com with the subject line "CCPA Request." We will respond within 45 days.
11. Children's Privacy
LastCork is a service for purchasing and monitoring alcoholic beverages. You must be of legal drinking age in your jurisdiction to use TLC. We do not knowingly collect personal information from anyone under 21 years of age (or the applicable minimum drinking age in your location). If we become aware that we have collected data from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice in the app before the changes take effect. The "Effective" date at the top of this page will always reflect the most recent version.
Continued use of LastCork after the effective date of any changes constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out:
We aim to respond to all privacy-related inquiries within 5 business days and to fulfill data requests within 30 days (or 45 days for CCPA requests).