Skip to main content
WishkeeperBack to home

Privacy Policy

Last Updated: December 23, 2025

1. Introduction

Welcome to Wish Keeper ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience while using our gift management and wishlist services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our application (collectively, the "Service").

Wish Keeper is designed to help you organize wishlists, coordinate gifting, and make gift-giving magical during the holidays and special occasions. By accessing or using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you register for the Service, create a profile, or use our features.

  • Account Information: When you register, we collect your email address and password. We also collect your name and an optional profile photo.
  • User Settings: We store your preferences for notifications (email and in-app), themes (light/dark mode), and display settings (e.g., hiding/showing age or photos on public cards).
  • Person Profiles: To provide our core service, you may create profiles for people you buy gifts for. We collect:
    • Identifiable Details: Name, nickname, relation to you, birthdate, and age.
    • Contact Info: Email address and phone number (optional, for sending invites).
    • Sizes: Shirt size, pants size (waist/length), shoe size, ring size, dress size, and fit preferences.
    • Preferences: Favorite colors, brands, scents, and restaurants.
    • Personal Details: Interests, "things they love," "things to avoid," and allergies.
    • Budget: Spending limits or budget tracking for gifts.
  • Gift Data: Information about gifts you track, including titles, descriptions, product URLs, images, prices, store names, brand names, and purchase status (to-do, purchase, wrapped, etc.). You may also upload receipts (images/files) for warranty or return purposes.
  • List & Group Data: Names of wishlists, groups, due dates, and descriptions.
  • Billing Information: If you subscribe to a paid plan, our payment processor (Stripe) collects your payment method details. We do not store full credit card numbers on our servers; we only retain transaction IDs and subscription status.

2.2 Information Collected Automatically

When you interact with our Service, we automatically collect certain information about your device and usage.

  • Device Information: IP address, browser type, operating system, and device identifiers.
  • Usage Data: Pages visited, features used, and time spent on the Service. We track clicks on affiliate links for analytics usage.
  • Logging Data: We maintain logs of login attempts (successful and failed), including IP address and timestamp, for security purposes.
  • Cookies: We use cookies to maintain your login session and store anonymous consent preferences.

2.3 Information from Third Parties

  • Stripe: We receive update events about your subscription status (e.g., successful payment, cancellation) from Stripe.
  • Affiliate Networks: If you click on product links generated by our AI suggestions, we may receive confirmation of conversion events from affiliate partners (e.g., Amazon Associates).

3. How We Use Your Information

We use the collected information for the specific purposes described below:

  • To Provide and Maintain the Service: Creating accounts, managing wishlists, organizing groups, and ensuring core functionality works.
  • To Personalize Your Experience: Using size and preference data to help you select appropriate gifts.
  • To Suggest Gifts (AI): We process profile interests and keywords through our AI system (powered by Large Language Models) to generate personalized gift suggestions.
  • To Process Payments: Facilitating subscriptions via Stripe.
  • To Communicate with You: Sending transactional emails (password resets, welcome messages) via Resend, and notifications about list updates or shares.
  • To Ensure Security: Monitoring for suspicious login activity, enforcing rate limits (via Upstash), and maintaining audit logs.
  • To Analyze and Improve: Understanding how features are used to prioritize future development.

4. How We Share Your Information

4.1 With Your Consent (Sharing Features)

Wish Keeper is designed for collaboration. You have full control over what you share:

  • Public Share Tokens: You can generate a unique, public link for a person's wishlist. Anyone with this link can view the list. You can control visibility of sensitive fields (e.g., hiding sizes or ages) via your Field Visibility Settings and Public Card Settings before sharing.
  • Collaborators: You can invite specific email addresses to view or edit a list ("List Shares"). These users will see the content of the shared list.

4.2 Service Providers

We share data with trusted third-party vendors who assist us in operating the Service:

  • Supabase: For database hosting, authentication, and secure file storage (photos and receipts).
  • Stripe: For payment processing and subscription management.
  • Resend: For delivering transactional emails.
  • Inngest: For processing background jobs (e.g., generating AI suggestions asynchronously).
  • Sentry: For error tracking and performance monitoring.
  • Upstash: For rate limiting and temporary data caching (Redis).

4.3 Legal Obligations

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

4.4 Business Transfers

If the Service is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data becomes subject to a different Privacy Policy.

5. Cookies and Tracking Technologies

We use "cookies" and similar tracking technologies to track activity on our Service and hold certain information.

  • Essential Cookies: Required for authentication (keeping you logged in) and security (CSRF protection).
  • Preference Cookies: Storing your UI theme (light/dark) and cookie consent choices.
  • Analytics: We may track anonymous usage data to improve performance. Our consent banner allows you to opt-in or opt-out of non-essential analytics cookies.

6. Data Retention

We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

  • Account Data: Retained as long as your account is active.
  • Deleted Accounts: If you delete your account, your data (including all people, gifts, and lists) is permanently removed from our active database immediately or within 30 days. Backup archives may retain data for a limited period for disaster recovery purposes.
  • Logs: Security and audit logs are retained for a limited period (typically 30-90 days) to investigate incidents.

7. Data Security

The security of your data is important to us.

  • Encryption: All data is transmitted over HTTPS (TLS/SSL). Sensitive data like passwords are hashed using industry-standard algorithms (bcrypt/argon2) by Supabase Auth.
  • Access Control: We use Row Level Security (RLS) in our database to ensure that users can only access data they are authorized to see (their own data or data shared explicitly with them).
  • Secure Storage: Receipts and private documents are stored in private storage buckets with restricted access policies.

8. Your Privacy Rights

8.1 General Rights

You have the right to:

  • Access: View all data we hold about you by logging into your account.
  • Rectify: Correct any inaccurate or incomplete information in your profile or settings.
  • Delete: Request deletion of your account and all associated data via the "Settings" page.
  • Data Portability (GDPR): You have the right to receive a copy of your personal data in a structured, machine-readable format. You can download all your data, including your profile, people, gifts, lists, settings, consent preferences, and consent history, by using the "Download My Data" button in your Settings page. The export includes all data we hold about you in JSON format.
  • Export: You can also export specific data (people, gifts) in CSV format via the "Export" feature in the application.

8.2 Communication Preferences

You can opt-out of email notifications in your User Settings. You cannot opt-out of critical transactional emails (e.g., password resets).

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your personal information, including the specific pieces of information we have collected about you. We do not sell your personal information. To exercise your rights to know, delete, or correct, please contact us or use the in-app tools.

8.4 European Residents (GDPR)

If you are a resident of the EEA/UK, our legal basis for collecting and using your personal information depends on the Personal Data concerned and the specific context in which we collect it.

  • Contract: We process your data to provide the Service you signed up for.
  • Consent: For specific uses like optional marketing or cookies.
  • Legitimate Interest: For improving security and preventing fraud.

You have the right to lodge a complaint with a Data Protection Authority if you believe we have violated your rights.

9. International Data Transfers

Your information, including Personal Data, is processed at our operating offices and in any other places where the parties involved in the processing are located. This means that this information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Our primary servers (Supabase) are located in the United States (AWS us-east-1).

10. Children's Privacy

Our Service allows parents or guardians to create profiles for children ("Child Profiles"). We collect specific information (e.g., sizes, interests) for these profiles to facilitate gift management.

  • Direct Collection: We do not knowingly collect personal information directly from anyone under the age of 13. The Service is intended for use by adults (18+).
  • Parental Control: Data in Child Profiles is entered and managed solely by the adult account holder. You have full control to edit, delete, or hide this information.
  • Sharing Safeguards: Our "Field Visibility Settings" allow you to specifically hide sensitive fields (like clothing sizes) for children when sharing lists publicly.

If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

11. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us: