Privacy policy

Last Updated: August 4 2025

1. Scope

This Privacy Policy explains how The Bottlist Inc. dba Flask Fine Wine (“Flask,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards Personal Information when you visit [flaskfinewines.com] (the “Site”), contact us, make a purchase, or use any service that links to this Policy (collectively, the “Services”). It applies worldwide, unless a jurisdiction-specific section below says otherwise.

2. California Privacy Status

CPRA Status – Flask’s annual revenue and data-sharing volume are currently below the thresholds that make the California Privacy Rights Act (CPRA) mandatory. We nevertheless offer California residents the ability to request access, deletion, and to opt-out of advertising cookies as described below. If our status changes, we will update this Policy and our compliance program accordingly.

3. Information We Collect

A. Provided by You: account details, purchase info, age-verification data, support tickets, contest entries, SMS consent.
B. Collected Automatically: cookies, device identifiers, log files, heat-map session replay (Microsoft Clarity), ad/analytics IDs (Google, DoubleClick), and similar.
C. From Third Parties: Shopify platform data, payment processors, fraud-screen services, and social-media logins (if you choose to link).

We do not knowingly collect data from individuals under 21. If we lear1n we have, we delete it.

4. How We Use Personal Information

• Fulfil and deliver orders, including age verification and customs paperwork.

• Provide customer support and warranty service.

• Send transactional messages (order updates, receipts, shipping notices).

• Send marketing emails/SMS where you have opted in (you may opt out anytime).

• Display interest-based ads and measure campaign performance.

• Detect, investigate, and prevent fraud or illegal activity.

• Comply with tax, accounting, import/export, and other legal obligations.

Legal bases (GDPR/UK GDPR): performance of a contract, legitimate interests (business operations, marketing), consent (where required), legal obligation.

5. Disclosure of Personal Information

We disclose PI only:

• Service providers: Shopify (hosting, payments), carriers, age-verification vendors, email/SMS platforms.

• Advertising & analytics partners: Google Ads/Analytics, Microsoft Clarity—subject to opt-out choices (§ 11).

• Business transfers: part of a merger, acquisition, or asset sale.

• Legal & safety: to comply with law or protect rights, property, or safety.
  We do not give PI to unaffiliated third parties for their own direct marketing.

6. Cookies & Similar Technologies

We use:

• Essential cookies – site, cart, checkout.

• Analytics cookies – Google Analytics, MS Clarity (disabled until EU/UK consent).

• Advertising cookies – Google Ads, DoubleClick.

EU/UK visitors see a cookie banner that blocks non-essential cookies until consent. You can also block cookies via browser settings; doing so may limit site functionality.

6.1 Analytics, Session Replay & Advertising Partners

Microsoft Clarity & Microsoft Advertising
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heat-maps, and session-replay. Website-usage data is captured via first- and third-party cookies and other tracking technologies to gauge product popularity, optimize the site, fight fraud, and serve advertising. For details on Microsoft’s data practices, see the Microsoft Privacy Statement.

Google Services
Google’s advertising requirements are summarized in the Google Advertising Principles.
• We use Google AdSense. Google, as a third-party vendor, uses cookies (including the DART cookie) to serve ads based on past visits to our Site and elsewhere. You may opt out of DART via the Google Ads & Content Network policy.
• We have implemented:
– Remarketing with Google AdSense
– Google Display Network Impression Reporting
– Demographics and Interests Reporting
– DoubleClick Platform Integration
• Google and other vendors use first-party cookies (e.g., Google Analytics) and third-party cookies (e.g., DoubleClick) together to collect data about ad impressions and site interactions.
• Opt-out tools: Google Ad Settings, the Network Advertising Initiative opt-out, and the Google Analytics Browser Add-on.

Shopify Hosting
The Services are hosted by Shopify, which processes Personal Information to operate and improve the storefront. Data you submit is transmitted to Shopify and may be processed in countries other than where you reside.
Shopify Enhanced Features. We enable Shopify features that combine data from your interactions with our store, other merchants, and Shopify itself. For those features, Shopify—not Flask—is the “controller” responsible for responding to your privacy-rights requests. See the Shopify Consumer Privacy Policy and exercise rights via the Shopify Privacy Portal.

7. SMS / Mobile Message Service

Our SMS terms are here: https://flaskfinewines.com/policies/terms-of-service. Reply STOP to cancel, HELP for help. Message and data rates may apply.

8. Data Security

We use industry-standard safeguards—TLS encryption, tokenised payments, least-privilege access, regular vulnerability scanning, and Shopify’s audited infrastructure. No website can guarantee 100 % security, but we take reasonable steps to protect your data.

9. Data Retention

We retain PI only as long as necessary for the purposes stated above:

• Orders & financial records: 10 years or more

• Marketing lists: until you opt out or 3 years after last interaction.

• Analytics logs: 48 months.

• Session replays: 1 year.

When PI is no longer needed, we delete or anonymise it.

10. International Transfers

We are based in the United States. When we transfer PI from the UK/EU to the US, we rely on Standard Contractual Clauses and supplementary safeguards.

11. Your Rights

A. California / CPRA: Access, deletion, correction, portability, opt out of sale/share, limit sensitive PI.
B. Opt-out links:

• Voluntary Advertising Cookie Opt-Out (California) – Click Here for CCPA Opt Out- https://flaskfinewines.com/pages/ccpa-opt-out We will verify your identity and respond within 30-45 days.

C. GDPR/UK: Access, erasure, rectification, restriction, portability, objection, withdraw consent.
D. U.S. State Privacy (VA, CO, CT, UT): similar rights; appeal within 60 days if we decline a request.

12. Do Not Track & Global Privacy Control

We honour browser GPC signals.. Standard “Do Not Track” signals are not recognised due to lack of consensus.

13. Third-Party Links

Our Site includes links to third-party sites. We are not responsible for their privacy practices.

14. Children

We do not market to or knowingly collect data from persons under 21. If we learn we have, we will delete it.

15. Data Breach Notification

If we experience a data breach involving your PI, we will notify you via email within 7 business days, consistent with state law and GDPR Article 34.

16. Changes to This Policy

We may update this Policy. Material changes are posted here with a new “Last Updated” date and, where required, emailed to you. Continued use after the effective date constitutes acceptance.

California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.
You will be notified of any Privacy Policy changes:
• On our Privacy Policy Page
Can change your personal information:
• By emailing us
• By calling us
• By logging in to your account
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?
It's also important to note that we allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old.
We do not specifically market tobacco products or alcoholic beverages to minors under the age of 21 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
• Within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.



Flask Fine Wine & Whisky Mobile Message Service Terms and Conditions
Last updated: 11/1/2021
The Flaskfinewines.com mobile message service (the "Service") is operated by The Bottlist Incorporated doing business as Flask Fine Wine (“Flask” , “we”, or “us”). Your use of the Service constitutes your agreement to these terms and conditions (“Mobile Terms”). We may modify or cancel the Service or any of its features without notice. To the extent permitted by applicable law, we may also modify these Mobile Terms at any time and your continued use of the Service following the effective date of any such changes shall constitute your acceptance of such changes.
By consenting to Flask’s SMS/text messaging service, you agree to receive recurring SMS/text messages with service-related and promotional messages, including updates, alerts, and information (e.g., order updates, account alerts, etc.) and promotions, specials, and other marketing offers (e.g., cart reminders) from and on behalf of Flask via text messages through your wireless provider to the mobile number you provided, even if your mobile number is registered on any state or federal Do Not Call list. Text messages may be sent using an automatic telephone dialing system or other technology.
You understand that you do not have to sign up for this program in order to make any purchases, and your consent is not a condition of any purchase with Flask. Your participation in this program is completely voluntary.
We do not charge for the Service, but you are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message frequency varies. Standard message and data rates may apply from your wireless provider. Check your mobile plan and contact your wireless provider for details. You are solely responsible for all charges related to SMS/text messages, including charges from your wireless provider.
You may opt-out of the Service at any time.
Text the single keyword command STOP to 818.761.5373.
Click the unsubscribe link in any text message to cancel.
You'll receive a one-time opt-out confirmation text message. No further messages will be sent to your mobile device, unless initiated by you. If you have subscribed to other Flask mobile message programs and wish to cancel, except where applicable law requires otherwise, you will need to opt out separately from those programs by following the instructions provided in their respective mobile terms. For Service support or assistance, email hello@flaskfinewines.com.

We may change any short code or telephone number we use to operate the Service at any time and will notify you of these changes. You acknowledge that any messages, including any STOP or HELP requests, you send to a short code or telephone number we have changed may not be received and we will not be responsible for honoring requests made in such messages.
The wireless carriers supported by the Service are not liable for delayed or undelivered messages. You agree to provide us with a valid mobile number. If you get a new mobile number, you will need to sign up for the program with your new number.
To the extent permitted by applicable law, you agree that we will not be liable for failed, delayed, or misdirected delivery of any information sent through the Service, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.
We respect your right to privacy.