Privacy Policy & Terms of Use
Part I — Terms of Use
1. Acceptance
By downloading, installing, or using the Sommie app, you agree to be bound by these Terms of Use and our Privacy Policy. If you do not agree with any part of these terms, we recommend that you do not use the service. Continued use of the app constitutes acceptance of any updates to these terms.
2. About the App
Sommie is a virtual sommelier powered by artificial intelligence, offering personalized wine recommendations, intelligent food pairings, educational content about the wine world, and access to wine tourism experiences.
To provide these features, Sommie uses third-party artificial intelligence services, as described in detail in the Privacy Policy. The app also provides voice input and photo submission features to facilitate user interaction — these are described in full in Sections 3A and 3B of the Privacy Policy.
3. Registration and Access
To use certain features of Sommie, you must create an account by providing accurate information, including your name, email address, date of birth, and consumption preferences. You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account.
4. User Responsibilities
By using Sommie, you agree to use the app ethically and in accordance with all applicable laws and regulations, not to share offensive, false, defamatory, or illegal content, and to keep your login credentials confidential and secure.
When using the voice input and photo submission features, you declare that you hold all necessary rights over the content you submit and that such content does not infringe upon the rights of any third party. You also acknowledge that original audio recordings and images are processed locally and discarded immediately after conversion to text, as described in Sections 3A and 3B.
5. Intellectual Property
All content within Sommie — including but not limited to texts, images, logos, algorithms, AI models, and features — is the exclusive property of iTrois Tecnologia e Inovação. Reproduction, distribution, or modification of any content without prior written authorization is strictly prohibited.
6. Updates to Terms
iTrois reserves the right to update these Terms of Use and the app's features at any time. Material changes will be communicated via in-app notification or email with at least 15 days' advance notice. Continued use of the app after such notice constitutes acceptance of the updated terms.
Part II — Privacy Policy
1. Data Collection
We collect the following categories of data to provide, maintain, and improve Sommie's services. All data collection is based on a lawful basis under the LGPD (Law 13.709/2018) and GDPR, as indicated below.
| Category | Data Collected | Purpose | Legal Basis |
|---|---|---|---|
| Registration Data | Name, email address, date of birth, phone number | Account creation, authentication, communications | Contract performance |
| Sensory Profile | Wine preferences, flavors, aromas, occasions | Personalize recommendations and food pairings | Consent / Contract |
| Usage Data | Interaction history, searches, content accessed | Improve experience and personalize the service | Legitimate interest |
| Location | Approximate location (optional) | Wine tourism suggestions (only with consent) | Consent |
| Messages & Queries | Text entered when interacting with the sommelier | Generate AI sommelier responses | Consent |
| Voice Data NEW | Audio recordings captured by device microphone, with consent | Facilitate voice interaction; converted to text before any AI processing | Consent (Art. 7, I, LGPD) |
| Photos & Images NEW | Images from device camera or gallery, with consent | Reading wine labels and menus via OCR to generate text | Consent (Art. 7, I, LGPD) |
2. Use of Data
We use the collected data for the following purposes:
| Purpose | Description |
|---|---|
| App Functionality | Authenticate users, enable features, ensure security and performance |
| Product Personalization | Customize wine recommendations and food pairings based on the user's sensory profile |
| AI Response Generation | Process queries and generate virtual sommelier responses via third-party AI service |
| Voice-to-Text Conversion NEW | Convert voice recordings to text locally to facilitate user interaction |
| OCR Processing NEW | Extract text from photos locally to facilitate reading of wine labels and menus |
| Analytics | Evaluate user behavior to improve existing features and plan new ones |
| Legal Compliance | Comply with applicable legal and regulatory obligations |
Data is never used for third-party advertising, marketing communications, or any purpose other than those listed above without explicit user consent.
3. Use of Third-Party AI Service
To provide the virtual sommelier features, personalized recommendations, and intelligent food pairings, Sommie uses the Claude Sonnet language model, developed by Anthropic, PBC, accessed through the Amazon Bedrock platform, operated by Amazon Web Services, Inc. (AWS).
Amazon Web Services confirms the following data protection guarantees for Amazon Bedrock:
What data is sent to the AI service
When you interact with the virtual sommelier, the following information may be transmitted to the AI model for processing:
| Data Type | Transmitted to AI? | Notes |
|---|---|---|
| Typed messages & questions | ✓ Yes | Direct text input from user |
| Sensory profile & preferences | ✓ Yes | Flavor, aroma, occasion context |
| Query context | ✓ Yes | Dish type, occasion, price range |
| Transcribed text from voice NEW | ✓ Yes (text only) | After local speech-to-text conversion; original audio is discarded |
| OCR-extracted text from photos NEW | ✓ Yes (text only) | After local OCR processing; original image is discarded |
| Original audio files | ✗ Never | Discarded immediately after transcription |
| Original photos/images | ✗ Never | Discarded immediately after OCR |
| Contact info (name, email, phone) | ✗ Never | Not transmitted to AI |
| Device identifiers | ✗ Never | Not transmitted to AI |
| Payment information | ✗ Never | Not collected or transmitted |
3A. Voice Data Processing
NEWHow it works
When you use the voice input feature, audio is captured by your device's microphone and converted to text using automatic speech-to-text (STT) transcription technology. This conversion is performed locally on your device or on iTrois' own infrastructure, without sending the original audio to any third-party AI service.
captures audio
(local / iTrois)
discarded
(text only)
(AWS Bedrock)
What happens to the original audio
The original audio file is discarded immediately after transcription and is not stored on iTrois' servers, not shared with any third party, and not retained in any form. Only the transcribed text is retained for processing the sommelier's response.
What is shared with the AI
Only the text resulting from transcription — equivalent to what you would type manually — is sent to the third-party AI service (Claude Sonnet via AWS Bedrock) to generate the virtual sommelier's response.
Legal basis (LGPD / GDPR)
Voice data processing is carried out based on your express consent (Art. 7, I, LGPD / Art. 6(1)(a) GDPR), requested when the voice feature is activated for the first time. You may revoke this consent at any time:
3B. Photo & Image Data Processing
NEWHow it works
When you submit a photo, the image is processed by Optical Character Recognition (OCR) technology, which extracts the textual content present in the image (such as wine label information, menu text, or product descriptions). This processing is performed locally on your device or on iTrois' own infrastructure, without sending the original image to any third-party AI service.
captures image
(local / iTrois)
discarded
(text only)
(AWS Bedrock)
What happens to the original image
The original photo is discarded immediately after OCR processing and is not stored on iTrois' servers, not shared with any third party, and not retained in any form. Only the extracted text is retained for processing the sommelier's response.
What is shared with the AI
Only the text extracted by OCR technology — equivalent to what you would type manually when transcribing the image content — is sent to the third-party AI service (Claude Sonnet via AWS Bedrock) to generate the virtual sommelier's response.
Biometric and sensitive data
Legal basis (LGPD / GDPR)
Image processing is carried out based on your express consent (Art. 7, I, LGPD / Art. 6(1)(a) GDPR), requested when the photo submission feature is activated for the first time. You may revoke this consent at any time:
3C. App Store Privacy Labels
NEWIn compliance with Apple App Store guidelines (5.1.1(i) and 5.1.2(i)), the following Privacy Nutrition Labels are declared for Sommie:
| Apple Category | Data Type | Linked to User | Purpose | Tracking |
|---|---|---|---|---|
| Contact Info | Name, Email, Phone | Yes | App Functionality | No |
| Identifiers | User ID | Yes | App Functionality | No |
| User Content | Other User Content (sommelier messages) | Yes | App Functionality | No |
| User Content | Audio Data (voice) NEW | Yes | App Functionality | No |
| User Content | Photos or Videos NEW | Yes | App Functionality | No |
| Search History | Search History | Yes | App Functionality, Personalization | No |
| Usage Data | Product Interaction, Preferences | Yes | App Functionality, Analytics | No |
| Location | Coarse Location | Yes | App Functionality | No |
| Diagnostics | Crash Data, Performance Data | No | App Functionality | No |
4. Data Sharing
iTrois does not sell users' personal data. Data sharing occurs exclusively in the following situations:
| Recipient | Data Shared | NOT Shared | Legal Basis |
|---|---|---|---|
| AI Service (AWS Bedrock / Claude Sonnet) |
Text messages, sensory preferences, query context, transcribed voice text, OCR-extracted photo text | Original audio files, original photos/images | Prior user consent (Section 3) |
| E-commerce & Wine Tourism Partners | Data necessary for the requested integration | Voice data, photos, sensitive data | Express and specific user consent |
| Public Authorities | Data required by law or court order | — | Legal obligation |
5. User Rights
In accordance with the LGPD (Law 13.709/2018) and GDPR, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacidade@itrois.tech.
🔍 Access
Request confirmation and access to your processed data, including transcribed voice text and OCR-extracted text.
✎ Correction
Request correction of incomplete, inaccurate, or outdated data.
🗑 Deletion
Request deletion of data processed based on consent, including text generated from voice and photos.
🚫 Consent Revocation
Revoke consent for AI use, voice input, or photo submission independently at any time.
📤 Portability
Request portability of your data to another service provider in a structured format.
📝 Information
Obtain information about entities with whom we share your data.
Managing Consents
Each consent can be managed independently in the app's privacy settings:
6. Security
We adopt technical and administrative measures to protect your data in compliance with LGPD (Law 13.709/2018) and GDPR. Access to the AI service is performed through the Amazon Bedrock platform, which holds ISO 27001 and SOC 2 Type II security certifications, ensuring data protection during processing.
7. Data Retention
We retain data only as long as necessary for service provision or as required by applicable law.
| Data Type | Retention Period | Notes |
|---|---|---|
| AWS Bedrock input/output | Not stored after processing | Each query processed in real time and discarded by AWS |
| Original audio (voice) NEW | Discarded immediately | Deleted after speech-to-text conversion; no storage at any point |
| Original photos/images NEW | Discarded immediately | Deleted after OCR processing; no storage at any point |
| Transcribed/OCR text NEW | Active session only | Discarded at session end, unless user opts to save query history |
| Profile & preferences | While account is active | Or until deletion request is received |
| Registration data | Minimum legal period | After account closure, as required by applicable law |
8. Cookies
We use cookies and similar technologies to enhance navigation and the app experience, maintain session state, and analyze usage patterns. You can manage cookie preferences in your device settings. We do not use cookies for cross-site tracking or advertising purposes.
9. Minors
Sommie is intended for users 18 years of age or older, consistent with the legal drinking age in Brazil and most jurisdictions. Minors may only use Sommie under the supervision and with the consent of a legal guardian, who must accept these terms on behalf of the minor. We do not knowingly collect personal data from minors without parental consent.
10. Consent for AI Use
Use of Sommie's artificial intelligence features (virtual sommelier, personalized recommendations, and food pairings) requires your explicit consent to send data to the third-party AI service (Claude Sonnet via AWS Bedrock). This consent is requested upon first access to AI features.
Use of the voice input and photo submission features also requires specific and separate consent, requested upon first use of each feature. Each consent can be managed independently in the app's privacy settings.
11. Changes to This Policy
This Privacy Policy may be updated periodically to reflect changes in our practices, legal requirements, or new features. Relevant changes will be communicated via in-app notification or email with at least 15 days' advance notice. Continued use of Sommie after notification of changes implies acceptance of the updated policy.
The current version of this policy is always available at sommie.io/Politica-de-privacidade-US/.
12. Contact & Data Protection Officer
For any questions, requests to exercise your rights, or privacy concerns, please contact us:
iTrois Tecnologia e Inovação
Last updated: April 2026 | Version 2.0 | Ver em Português