Privacy Policy

Last updated: May 26, 2026
This Privacy Policy describes how Grapevine ("Grapevine", "we", "us", or "our") collects, uses, and shares information about you when you use the Grapevine desktop client, mobile client, website at grapevine.li, and related services (collectively, the "Service").

1. Information We Collect

1.1 Information you provide

  • Account information: email address, password (stored as a bcrypt hash, never in plaintext), display name, and optional profile picture.
  • Content you create: messages, voice and video call participation, forum posts, file uploads (images, videos, 3D furniture models), and 3D apartment layouts.
  • Communications with us: support requests, bug reports, and feedback you submit through the forum or by email.
  • Payment information: if you purchase a Grapevine subscription (e.g., "Wine"), payments are processed by a third-party processor (PayPal). We receive a transaction identifier and subscription status, but we do not store your full card or bank details on our servers.

1.2 Information collected automatically

  • Technical data: IP address, user-agent string, approximate timestamps, session tokens, and basic device/OS information needed to operate the Service, enforce rate limits, and protect against abuse.
  • Connection metadata for calls: when you participate in a voice or video call, the server forwards real-time audio and video packets between participants. We do not record, transcribe, or persistently store the contents of your calls.
  • Crash and diagnostic data: if the desktop client crashes, it may write a local crash report to your computer. Crash reports stay on your device unless you explicitly send them to us.
  • Cookies and similar technologies: see our Cookie Policy.

1.3 Information from third parties

  • Developer / bot integrations: if you authorize a third-party application or bot via Grapevine's OAuth or webhook system, we receive whatever your authorization grants (e.g., room membership, permission scopes).
  • Open-source hosting: public release artifacts are distributed through GitHub. Visiting GitHub is subject to GitHub's own privacy policy.

2. How We Use Information

We use information to:

  • Provide, maintain, and improve the Service (delivering messages, routing calls, hosting files, displaying your profile to friends).
  • Authenticate you and keep your account secure (JWT sessions, password hashing, session invalidation).
  • Enforce our Terms of Service and Acceptable Use Policy, including detecting and responding to abuse, fraud, and security incidents.
  • Operate features you opt into, such as the public forum, friend requests, voice/video calls, the 3D apartment system, badges, the in-app coin economy, and bot/webhook integrations.
  • Process payments and manage subscriptions through our payment processor.
  • Communicate with you about your account (password resets, email verification, security alerts, important Service changes).
  • Comply with legal obligations and respond to lawful requests.

3. Legal Bases (EEA/UK Users)

If you are in the European Economic Area or United Kingdom, we process your personal data on the following bases:

  • Performance of a contract — to deliver the Service you signed up for.
  • Legitimate interests — to keep the Service secure, prevent abuse, and improve features.
  • Consent — where required (e.g., optional cookies, certain marketing).
  • Legal obligation — to comply with applicable laws.

4. How We Share Information

We do not sell your personal information. We share information only as described below:

  • With other users: your display name, profile picture, status, badges, messages and uploads in shared rooms, and any other information you choose to share are visible to users you interact with.
  • With service providers: hosting, storage, payment processing, and email-delivery providers that process data on our behalf under contractual obligations to safeguard it.
  • Bots and integrations you authorize: data scoped to the permissions you grant a developer application.
  • Legal and safety: when we believe in good faith that disclosure is necessary to comply with law, enforce our policies, or protect the rights, property, or safety of Grapevine, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

5. Data Retention

  • Account data: retained while your account is active.
  • Messages and uploads: retained until you, an authorized room admin, or we delete them in accordance with our policies.
  • Forum posts: the public forum keeps only the most recent 50 threads; older threads are automatically removed.
  • Call content: not stored on our servers.
  • Logs and security records: retained for a limited period sufficient to operate, debug, and secure the Service.
  • Backups: deleted content may persist temporarily in encrypted backups before being purged.

6. Your Rights and Choices

Depending on where you live, you may have rights to:

  • Access, correct, or delete personal information we hold about you.
  • Object to or restrict certain processing.
  • Port your data to another service.
  • Withdraw consent, where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

You can update your email and password in Account settings, or delete your account by contacting legal@grapevine.li. We will honor verifiable requests within the timeframes required by law.

7. Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact legal@grapevine.li and we will take steps to delete it.

8. International Transfers

Grapevine is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

9. Security

We take reasonable technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, industry-standard handling of credentials, and access controls for our systems. We do not publicly disclose the specific details of our security architecture. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security; you use the Service at your own risk.

10. California Residents (CCPA/CPRA)

California residents may request to know, delete, or correct personal information we collect, and may opt out of "sales" or "sharing" of personal information. We do not sell personal information. To exercise your rights, contact legal@grapevine.li. We will not discriminate against you for exercising your rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the most recent revision. Material changes will be communicated through the Service or by email when reasonable.

12. Contact

Privacy questions: legal@grapevine.li.