The short version: We collect only what we need to run the app and website. We don't sell your data. We don't track you across other apps. You can delete your account and all associated data at any time.
1. Who we are
Dramfly is operated by Caskbase LTD, a company registered in Scotland, United Kingdom. We are the data controller for the personal data described in this policy.
For any privacy questions or to exercise your rights, contact us at:
Email: info@dramfly.com
Website: www.dramfly.com
2. What this policy covers
This privacy policy applies to:
The Dramfly website at www.dramfly.com, including the waitlist sign-up and learn section
The Dramfly mobile application for iOS and Android
It explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it.
3. Data we collect
3.1 Website (dramfly.com)
When you visit our website or join the waitlist, we may collect:
Email address — collected when you sign up for the waitlist, so we can notify you when the app launches and send product updates
First name (if provided) — collected during waitlist sign-up, to personalise communications
IP address and browser information — collected automatically on every page visit, for website security, performance, and analytics
Our waitlist forms are powered by Formspark. We use Google Analytics 4 in cookieless mode to understand how visitors use the website. This means Google Analytics does not place cookies on your device, but it does collect anonymised usage data such as page views, referral sources, and general device and browser information. No cross-session tracking or advertising profiling takes place. Email communications may be processed through third-party email services (see section 6).
3.2 Mobile app (iOS and Android)
When you use the Dramfly app, we collect:
Name, email address, and profile photo — collected when you sign in via Google, Apple, or Facebook, to create and identify your account
Tasting data (ratings, flavour tags, nose/palate/finish notes) — collected when you log a tasting, as the core app functionality for your tasting journal
Photos (bottle images) — collected when you take or select a photo during a tasting, to help you remember and identify whiskies
Event participation — collected when you join a festival or tasting event, to link tastings to events and provide festival context
Device location (precise, single-use) - collected when you grant location permission, to show nearby events and festivals. We request your precise GPS coordinates only when needed and do not continuously track your location.
Device information (OS version, device model) — collected automatically, to diagnose technical issues and ensure compatibility
3.3 Data we do not collect
We do not collect payment information, health data, biometric data, or continuous location tracking. We do not build advertising profiles. We do not access your contacts, microphone, or any other device sensors beyond the camera (for bottle photos) and location (for event discovery).
4. Lawful basis for processing
Under the UK GDPR and Data Protection Act 2018, we process your personal data on the following lawful bases:
Consent — applies to waitlist sign-up and marketing communications. You can withdraw consent at any time by unsubscribing or contacting us.
Contract performance — applies to providing the app service: creating your account, storing your tastings, generating your flavour profile, and enabling social sharing.
Legitimate interests — applies to improving the app, fixing bugs, monitoring security, and understanding how the app and website are used in aggregate (including cookieless analytics). We balance these interests against your rights and do not use this basis for marketing.
5. How we use your data
We use your personal data to:
Provide, maintain, and improve the Dramfly app and website
Create and manage your user account
Store your tastings, flavour notes, and photos so you can access them any time
Generate your personal flavour profile (the radar chart visualisation)
Generate branded share cards when you choose to share a tasting to social media
Show you nearby festivals and events based on your approximate location
Send you product updates and launch notifications (waitlist subscribers only, with consent)
Understand how visitors use our website through anonymised, cookieless analytics
Diagnose bugs and monitor app performance
Protect against fraud, abuse, and security threats
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.
6. Who we share data with
We do not sell your personal data. We do not share it with advertisers. We share data only with the following service providers who help us run Dramfly:
Microsoft Azure — cloud hosting, database, and blob storage. All app data is stored encrypted. Servers located in the UK / EU.
Google (OAuth) — sign-in authentication for the mobile app. Authentication tokens are shared. Located in the US.
Apple (OAuth) — sign-in authentication for the mobile app. Authentication tokens are shared. Located in the US.
Meta / Facebook (OAuth) — sign-in authentication for the mobile app. Authentication tokens are shared. Located in the US.
Google Analytics — cookieless website analytics. Anonymised usage data (page views, referral sources, general device information) is collected. No cookies are placed. Located in the US.
Formspark — website form processing for the waitlist. Email address and name are shared. Located in the EU.
Email service provider — sending launch notifications and product updates. Email address and name are shared. Located in the US / EU.
Each provider processes data only on our instructions and under appropriate contractual safeguards. Where data is transferred outside the UK, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or the provider's certification under an approved data protection framework.
7. International data transfers
Some of our service providers are based in the United States. When personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
UK adequacy regulations (where the destination country has been deemed adequate by the UK government)
Standard Contractual Clauses approved by the Information Commissioner's Office (ICO)
The provider's participation in recognised data protection frameworks
8. How long we keep your data
Account and tasting data — kept as long as your account is active. Deleted within 30 days of account deletion.
Photos — kept as long as your account is active. Deleted within 30 days of account deletion.
Waitlist email address — kept until you unsubscribe or we complete the launch notification campaign, whichever comes first.
Server logs (IP address, device info) — kept for up to 90 days for security and debugging purposes.
Anonymised analytics — kept indefinitely (cannot be linked back to you).
9. Your rights
Under the UK GDPR, you have the following rights over your personal data:
Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate or incomplete data
Erasure — ask us to delete your data (see section 10 below)
Restriction — ask us to limit how we process your data
Data portability — request your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests
Withdraw consent — for any processing based on consent (e.g. marketing emails), you can withdraw at any time
To exercise any of these rights, email us at privacy@dramfly.com. We will respond within one month, as required by law.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully:
Website: ico.org.uk
Telephone: 0303 123 1113
10. Account deletion
You can delete your Dramfly account at any time from the Settings screen within the app. When you delete your account:
Your profile information (name, email, avatar) is permanently deleted
All your tastings, notes, and flavour profile data are permanently deleted
All your photos are permanently deleted from our cloud storage
Your authentication tokens are revoked
Deletion is completed within 30 days. Some anonymised, aggregated data (e.g. total tasting counts) may be retained as it can no longer be linked to you. If you are unable to access the app, you can request account deletion by emailing privacy@dramfly.com.
11. Data security
We take the security of your data seriously. Measures we use include:
All data in transit is encrypted using HTTPS/TLS
Passwords and secrets are never stored in application code
Authentication tokens (JWT) have limited lifetimes and are refreshed automatically
Photos and files are stored in private cloud containers accessible only via time-limited signed URLs
API endpoints are protected by rate limiting, input validation, and security headers
Refresh tokens are stored in secure device storage (Keychain on iOS, Keystore on Android)
While no system is completely secure, we continuously review and improve our security practices.
12. Children's privacy
Dramfly is a whisky tasting application intended for users of legal drinking age. We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at info@dramfly.com.
13. Cookies and similar technologies
Website (dramfly.com)
Our website uses Google Analytics 4 configured in cookieless mode. This means no analytics cookies are placed on your device. Google Analytics collects anonymised data about how visitors use the site (such as pages visited and referral sources) without tracking individual users across sessions or building advertising profiles.
Our website may also use essential cookies strictly necessary for the site to function (e.g. form submissions). We do not use advertising cookies or third-party tracking cookies. If we introduce any non-essential cookies in future, we will update this policy and seek your consent before setting them.
Mobile app
The app uses Firebase Analytics, a mobile analytics service provided by Google. Firebase Analytics collects certain data automatically, including a device identifier, app install and update events, session duration, and in-app events such as screens viewed. This data helps us understand how people use the app so we can improve it.
Firebase Analytics does not place cookies on your device. We have disabled advertising ID collection and ad personalisation, so your data is not used to serve you targeted advertising. Data collected through Firebase Analytics is processed by Google and may be stored on servers outside the UK; Google LLC participates in the UK International Data Transfer Agreement framework. You can learn more about how Google processes this data at firebase.google.com/support/privacy.
14. Third-party links
The app or website may contain links to third-party websites or services (e.g. distillery websites, social media platforms). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data.
15. Changes to this policy
We may update this privacy policy from time to time. When we make material changes, we will notify you through the app or by email (if you are a registered user or waitlist subscriber). The "last updated" date at the top of this page reflects the most recent revision.
We encourage you to review this policy periodically.
16. Contact us
If you have any questions about this privacy policy, your personal data, or wish to exercise your rights, contact us at:
Caskbase LTD Email: info@dramfly.com Website: www.dramfly.com