Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you register, create wishlists, or use our Service, we collect:

• Account Information: Name, email address, username, profile picture, and password (via our authentication provider)
• Profile Information: Bio, location, and any other information you choose to add to your profile
• Wishlist Content: Titles, descriptions, items, prices, images, and URLs you include in your wishlists
• Communications: Messages, gift notes, and any communications you send through the Service

1.2 Information Collected Automatically

When you access the Service, we automatically collect:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Log Data: IP address, access times, pages viewed, referring URLs, and actions taken on the Service
• Location Data: Approximate geographic location based on IP address
• Usage Data: How you interact with the Service, including clicks, scrolling, and feature usage
• Cookies and Tracking: Cookies, web beacons, and similar technologies (see Section 5)

1.3 Information from Third Parties

• Authentication Providers: If you sign in via Google or other providers (through Clerk), we receive your name, email, and profile picture
• Analytics Services: We may receive aggregated data from analytics providers

2. How We Use Your Information

2.1 Service Operations

• To create and manage your account
• To display your wishlists and profile to other users
• To facilitate gift coordination (marking items as gifted, confirmations)
• To send notifications about your account and wishlist activity
• To provide customer support

2.2 Service Improvement

• To analyze usage patterns and improve the Service
• To develop new features and functionality
• To conduct research and analytics
• To personalize your experience

2.3 Safety and Security

• To detect, prevent, and address fraud, abuse, and security issues
• To enforce our Terms of Service
• To protect the rights, property, and safety of users and the public
• To comply with legal obligations

2.4 Communications

• To send service-related announcements and updates
• To send promotional communications (with your consent, where required)
• To respond to your inquiries and requests

3. Information Sharing and Disclosure

3.1 With Other Users

When you mark an item as gifted, the wishlist owner may see your name (unless you choose to be anonymous) and any message you include.

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

• Clerk: Authentication and user management
• Railway: Database and hosting infrastructure
• Analytics providers: Usage analytics and monitoring
• Email service providers: Sending notifications and communications

3.3 Legal Requirements

We may disclose your information if required to do so by law or if we believe that such action is necessary to:

• Comply with a legal obligation, subpoena, court order, or legal process
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users or the public
• Protect against legal liability

3.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

3.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose, including research, marketing, analytics, and improving the Service.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and monitoring
• Access controls and authentication requirements
• Employee training on data protection

Note: No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

5. Cookies and Tracking Technologies

5.1 What We Use

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences
• Local Storage: Store data locally on your device for performance

5.2 Your Choices

Most web browsers allow you to control cookies through their settings. However, disabling cookies may affect your ability to use certain features of the Service.

5.3 Do Not Track

We do not currently respond to “Do Not Track” signals from web browsers. We will update this policy if our practices change.

6. Your Rights and Choices

6.1 Access and Update

You can access and update most of your personal information through your account settings. If you need to access or update information that is not available through settings, contact us.

6.2 Account Deletion

You may delete your account through your account settings or by contacting us at privacy@wishgenie.app. Please note:

• Account deletion is processed immediately upon confirmation
• All your wishlists, items, and personal data will be permanently deleted
• Information that has been shared with other users (e.g., gift messages) may persist in their records
• Server logs containing your IP address may be retained for up to 90 days

6.3 Email Communications

You can opt out of promotional emails by clicking the unsubscribe link in any promotional email. You cannot opt out of service-related communications (e.g., transaction confirmations, security alerts).

6.4 Data Portability

You may request a copy of your personal data in a structured, commonly used format by contacting us.

7. Regional Privacy Rights

7.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

7.2 European Users (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have additional rights:

• Legal Basis: We process your data based on consent, contract performance, and legitimate interests
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion under certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain situations
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers.

8. Data Retention

We retain your personal information for the following periods:

• Account information: Retained while your account is active, deleted upon account deletion
• Wishlist content: Retained while your account is active, deleted upon account deletion
• Gift activity records: Records of items marked as gifted and confirmations, retained while account is active
• Server logs: Retained for up to 90 days
• Support communications: Retained for up to 3 years

You can delete your account and all associated data at any time through your account settings or by contacting us at privacy@wishgenie.app.

9. Do Not Sell or Share My Personal Information

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt out of the “sale” or “sharing” of their personal information.

While we do not currently sell or share personal information as defined by California law, if our practices change, we will update this policy and provide an opt-out mechanism.

To exercise any data rights or if you have questions about our data practices, contact us at privacy@wishgenie.app.

10. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe a child under 18 has provided us with personal information, please contact us immediately.

11. Third-Party Links and Services

The Service may contain links to third-party websites, services, or products (including product URLs in wishlists). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you visit.

12. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach (where feasible)
• Provide details about the nature of the breach and types of data involved
• Describe the measures we are taking to address the breach
• Offer guidance on steps you can take to protect yourself
• Notify relevant regulatory authorities as required by law

Notification will be sent via email to the address associated with your account.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the “Last Updated” date at the top
• Sending you an email notification (for significant changes)

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.

For data protection inquiries from European users, you may also contact your local data protection authority.