Still • Distillery Management Software for Craft Producers

At Still, we respect your privacy and are committed to protecting your personal data.

1. Data Controller

Rienzi Technologies, United Kingdom (Data Controller). Contact: legal@rienzitech.com. We do not have a dedicated Data Protection Officer but handle queries via the above.

2. Information We Collect

We collect information you provide directly to us, such as when you:

Create an account or request a demo
Fill out contact or demo request forms
Communicate with our support team
Use our software (distillery name, production data, user logs)

3. Legal Bases for Processing

We process data under: Contract (Art. 6(1)(b)) for demo bookings/service delivery; Legitimate Interests (Art. 6(1)(f)) for support/responses (balanced against your rights); Consent (Art. 6(1)(a)) for marketing. You can withdraw consent anytime.

4. How We Use Your Information

Purposes are limited (Art. 5(1)(b)). We minimize data collection to essentials.

Provide, maintain, and improve Still software
Send you technical notices, updates, and support messages
Respond to your comments and questions
Generate anonymized analytics to improve our service
Comply with legal obligations (e.g., TTB record-keeping rules)

5. Data Security & Storage

Your distillery data is encrypted at rest and in transit (AES-256 + TLS 1.3).
We are SOC 2 Type II compliant and undergo annual third-party security audits.
Backups are encrypted and retained for 90 days.

Data is retained for: Inquiries (2 years post-response); Accounts (subscription term + 2 years). Deletion follows requests (Art. 17).

6. International Transfers

Data is stored in the US (AWS). For EU users, we use Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework for adequacy (Art. 46/45).

7. Sharing of Data

We do not sell your data. We only share information with:

Service providers (AWS, Stripe, analytics tools) under strict confidentiality
Legal authorities when required by law

8. Your GDPR Rights (Art. 15-22)

You have rights to: Access, rectification, erasure ("right to be forgotten"), restriction, portability, objection, and human review of automated decisions. Exercise via privacy@still.software (response within 1 month). No fee unless excessive.

For EU residents: Complain to your supervisory authority (e.g., via EDPB).

9. Children's Privacy

We do not knowingly collect data from under 16s (Art. 8). If discovered, we delete it.

10. Changes to This Policy

We'll notify you via email/site notice for material changes (Art. 13(1)(d)). Last updated: November 28, 2025.

Privacy Policy