CM

Legal

Privacy Policy

Last updated 30 May 2026 · Version 2026-05-30

This Privacy Policy explains what personal data CaskMatch collects, why we collect it, how we use it, who we share it with, and what rights you may have under applicable privacy law.

CaskMatch is a product operated by Katonah Platforms, LLC, a limited liability company formed under the laws of the State of Delaware, USA. Katonah Platforms, LLC is responsible for personal data processed through caskmatch.com.

1. Who we are

CaskMatch operates a subscription-based introduction platform for Scotch whisky casks at caskmatch.com. References to “CaskMatch”, “we”, “us”, and “our” mean Katonah Platforms, LLC. You can contact us at admin@caskmatch.com.

2. What we collect

2.1 Information you give us

  • Account data: name, email address, password (stored hashed by Supabase Auth), role (Buyer, Seller, Trader), job title, company name, city, country, WhatsApp number for post-match introductions, profile photo, and how you heard about CaskMatch.
  • Confirmations made at signup, including acceptance of these policies and confirmation that you are at least 21 years old.
  • Listings, search prompts, bids, messages, and other content you submit while using the platform.
  • Communications you send us, including support requests, feedback, and waitlist enquiries.

2.2 Information we collect automatically

  • Usage data: pages visited, features used, timestamps, search queries, and broad device/browser metadata.
  • Authentication state and session cookies set by Supabase Auth so you can stay signed in securely.
  • Logs and error telemetry that help us keep the platform reliable.

2.3 Information from third parties

If you authenticate using a third-party identity provider (where supported) we receive the basic profile information that provider shares with us. Where billing is enabled we receive limited transaction metadata from Stripe (we do not see full card numbers).

3. Why we use your data

  • To provide the Services— to create and manage your account, run searches, record bids, support anonymity-first negotiation, and effect introductions after agreement.
  • To operate, secure, and improve the platform — to maintain uptime, prevent abuse, fix bugs, and understand how the platform is used.
  • To send transactional emails— bid confirmations, identity-reveal notifications, weekly summaries, and similar service messages.
  • To send marketing emails— product updates and news, only where you have given us permission or as otherwise permitted by law. You can withdraw consent at any time.
  • To comply with legal obligations— including tax, accounting, anti-fraud, and dispute-resolution obligations.

4. Service providers we use

We rely on a small set of trusted service providers to run the platform. They process personal data on our behalf under written agreements that require them to keep your data secure and use it only for the purposes we instruct.

  • Supabase— authentication, primary database, file storage, and realtime updates.
  • Vercel— application hosting, edge networking, and deployment.
  • Stripe— subscription billing (once payments are enabled). Stripe is an independent controller for the limited transaction data it collects.
  • Resend— transactional and marketing email delivery.
  • Google Gemini— natural-language interpretation of buyer search prompts and column mapping for uploaded inventory files. Ranking and pricing logic stay inside CaskMatch.
  • Inngest— durable execution of background workflows such as offer lifecycles, notifications, market briefs, and the industry pulse feed.

Katonah Platforms, LLC is based in the United States. Your personal data is processed and stored in the US and other countries where our service providers operate. Where required by applicable law, we use appropriate safeguards for cross-border transfers.

5. When we share data with other users

The platform is anonymity-first. Until both parties accept a price and confirm the identity reveal step, the counterparty sees only a redacted persona (for example, “A buyer” or “A seller”). Once both parties accept the reveal, your real name, profile photo, company, and WhatsApp number are shared with the counterparty so the introduction can complete.

Outside that flow, we do not sell your personal data, and we do not share it with third parties for their own marketing.

6. How long we keep data

We keep personal data for as long as your account is active and for a reasonable period afterwards so we can meet our legal, accounting, and dispute-resolution obligations. Listing and messaging data is retained while it remains relevant to ongoing negotiations or post-introduction follow-up. Billing records are retained for the period required by applicable tax law.

7. Your rights

Depending on where you live, you may have rights to:

  • confirm what personal data we hold about you and provide a copy;
  • correct inaccurate or incomplete personal data;
  • delete personal data where there is no good reason for us to keep it;
  • restrict or object to processing in certain circumstances, including for direct marketing;
  • port personal data you have provided to us; and
  • withdraw consent where we rely on it.

If you are a resident of certain US states (including California), you may also have rights to know what personal information we collect, request deletion or correction, and opt out of the sale or sharing of personal information. We do not sell your personal information.

To exercise any of these rights, email admin@caskmatch.com. If you are not happy with how we have handled your data, you may also have the right to complain to your state attorney general or your local data-protection authority.

8. Cookies and similar technologies

We use a small set of strictly necessary cookies to authenticate users and remember your session. Where applicable we may also use analytics or telemetry cookies, in which case we will surface a consent control before they are set. You can clear cookies through your browser at any time, but the platform may not work correctly without authentication cookies.

9. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit, hashed authentication credentials, role-based access controls, row-level security on our database, and audit logging. No system is completely secure; please use a strong, unique password and tell us promptly if you suspect unauthorised activity on your account.

10. Children

CaskMatch is not aimed at children. You must be at least 21 years old to create an account. We do not knowingly collect data from anyone under that age.

11. Changes to this policy

We may update this Privacy Policy as the platform develops. The “Last updated” date at the top shows the current version. Where changes are material we will tell you and, if appropriate, ask you to re-accept the policy before continuing to use the Services.

12. Contact

Privacy questions and rights requests can be sent to admin@caskmatch.com.

Other policies