Legal

Privacy Policy

This Privacy Policy explains how Terroir collects, uses, stores, and protects personal data when you use our website and demo experiences.

Last updated: March 11, 2026

This policy is general information and does not constitute legal advice.

1. Data controller

Terroir operates this website from Tbilisi, Georgia. For privacy questions or requests, please contact us through the Contact page.

2. Data we collect

  • Contact form details: name, email, subject, and message content.
  • Demo access details: email address provided through demo lead capture.
  • Technical/request metadata: user-agent, IP-related request headers, referral path, and timestamps for security and operational integrity.
  • Preference cookies: locale and cookie-consent preferences used to improve usability and compliance.

3. Legal bases for processing

  • Consent: for optional cookie categories and consent-managed preferences.
  • Legitimate interests: to secure, operate, and improve the website and prevent abuse.
  • Pre-contractual communications: to respond to partnership, demo, and contact inquiries.
  • Legal obligations: where retention or disclosure is required by applicable law.

4. How we use personal data

  • Respond to inquiries and manage communication follow-ups.
  • Operate demo access workflows and maintain service reliability.
  • Understand aggregate service usage and improve user experience.
  • Maintain security, detect misuse, and support incident investigation.

5. Processors and sharing

We may use trusted service providers for hosting, data storage, analytics-capable infrastructure, and operational communications (for example, website hosting providers and Supabase infrastructure). We do not sell personal data.

6. International transfers

Because our infrastructure and partners may operate internationally, personal data may be processed outside Georgia. We apply contractual and organizational safeguards appropriate to the risk profile of the transfer.

7. Retention

  • Contact request records: up to 24 months from submission, unless longer retention is necessary for dispute or compliance purposes.
  • Demo lead records: up to 24 months from capture, unless operationally justified for longer relationship tracking.
  • Security and technical logs: typically up to 30 days, unless incident-response needs require a longer period.
  • Consent and locale preferences: up to 12 months, then refreshed as needed.

8. Your rights

Depending on applicable law (including GDPR baseline principles), you may request access, correction, deletion, restriction, objection, or portability of your personal data, and you may withdraw consent where consent is the legal basis.

9. Complaints and supervision

If you are not satisfied with our response, you may lodge a complaint with the relevant supervisory or data-protection authority in your jurisdiction.

10. Changes to this policy

We may update this Privacy Policy to reflect legal, operational, or product changes. Material updates will be posted on this page with a revised date.

11. Contact

Use our Contact page for privacy requests and legal notices.

Open ContactView TermsView Cookies Policy