← Back to Oxto

Privacy Policy

Last Updated: April 2026

Oxto ("we," "our," or "us") is operated by Starr Road Ventures LLC and provides a mobile application and web platform designed to help users discover wineries based on atmosphere, preferences, and personalized recommendations.

This Privacy Policy explains what information we collect, how we use it, how we share it, and your rights regarding your information.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Profile photo (if provided via Apple or Google Sign-In)

Profile Information

You may choose to provide:

  • Profile photo
  • Display name
  • Location (city/region)
  • Taste preferences, atmosphere preferences, wine preferences, and price range

Activity Data

When you use Oxto, we collect information about your in-app activity, including:

  • Wineries you save or bookmark
  • Wineries you mark as visited
  • Collections you create
  • Filters and search terms you use
  • App events and interactions (e.g. screens viewed, buttons tapped)

Device & Technical Data

We automatically collect certain technical information, including:

  • Device type and operating system
  • App version
  • Session identifiers
  • Crash logs and performance data

Location Data

We do not collect or store your precise GPS location. The app uses Mapbox to display map content, which may use your approximate location to center the map if you grant location permission. You can deny location permission and still use the app.

Payment Information

We do not collect or store any payment or financial information.

2. How We Collect Information

  • Directly from you when you create an account or update your profile
  • Automatically when you use the app through cookies, session data, and event tracking
  • From third-party sign-in providers (Apple, Google) when you choose to sign in with those services

3. How We Use Your Information

  • Create and manage your account
  • Personalize winery recommendations based on your preferences
  • Operate and improve the Oxto platform
  • Analyze usage trends and app performance
  • Send transactional emails (e.g. account confirmation, waitlist updates)
  • Respond to support requests
  • Comply with legal obligations

We may use aggregated, anonymized data to understand overall platform engagement. This data cannot be used to identify you individually.

We do not sell your personal information to third parties.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

Service Providers

We work with trusted third-party providers who help us operate the platform:

  • Supabase — database and authentication infrastructure
  • Apple Sign-In — third-party authentication
  • Google Sign-In — third-party authentication
  • Mapbox — map display and location services
  • Resend — transactional email delivery
  • Anthropic — AI-generated winery content (The Oxto Edit)

These providers only have access to the information necessary to perform their services and are contractually obligated to protect your data.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process (e.g. a court order or subpoena).

Business Transfers

If Starr Road Ventures LLC is acquired, merged, or sells assets, your information may be transferred as part of that transaction. We will notify you via email or in-app notice before your information is transferred and becomes subject to a different privacy policy.

5. User Profiles and Public Content

Your display name and profile information may be visible to other users within the app. Collections you choose to share are visible to anyone with the link. Reviews or content you submit may be visible to other users.

Wineries do not have access to individual user identity or activity data. Winery-facing analytics are aggregated and anonymized.

6. Data Storage and Security

Your data is stored securely using Supabase, which is hosted on AWS infrastructure. We implement industry-standard security measures including encrypted connections (HTTPS/TLS) and role-based access controls.

While we take reasonable steps to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as your account is active. If you request account deletion:

  • Your account and associated personal data will be permanently deleted within 30 days
  • Anonymized or aggregated data derived from your activity may be retained for analytics purposes
  • Certain data may be retained longer if required by law

8. Account Deletion

You may request deletion of your account at any time through the Settings page within the app. Upon deletion, your profile, saved wineries, collections, and activity data will be permanently removed within 30 days.

9. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — Request a copy of the personal information we hold about you
  • Correction — Request that we correct inaccurate information
  • Deletion — Request that we delete your personal information
  • Portability — Request that we provide your data in a portable format
  • Opt-out — Opt out of any future sale of personal information (we do not currently sell data)

To exercise any of these rights, contact us at legal@oxtoapp.com.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete your personal information
  • The right to opt out of the sale of your personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your CCPA rights

To submit a CCPA request, contact us at legal@oxtoapp.com. We will respond within 45 days.

11. Children's Privacy

Oxto is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor, we will delete it promptly. If you believe we have inadvertently collected information from a minor, please contact us at legal@oxtoapp.com.

12. Third-Party Links

The app may contain links to third-party websites or services (e.g. winery websites). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will notify you via email or in-app notification. Continued use of the app after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Starr Road Ventures LLC
legal@oxtoapp.com
oxtoapp.com

15. Other State Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, or Texas, you may have similar rights to California residents regarding access, deletion, and opt-out of data sales. To exercise these rights, contact us at legal@oxtoapp.com.