Guides
Try GiftyWow

Legal

Privacy Policy

How we collect, use, and protect your information.

Last updated: February 2026

Your Privacy Matters

Last updated: February 2026

At GiftyWow ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the GiftyWow mobile application and website (the "Services").

This policy should be read together with our Terms of Service.

Lawful Basis for Processing

We process your personal data on the following legal bases (applicable under GDPR/UK GDPR and the Australian Privacy Act):

  • Consent: When you create an account, upload photos, or opt-in to photo storage
  • Contract Performance: To provide the AI gift recommendation service you requested
  • Legitimate Interest: To improve our service using anonymised, aggregated usage data

Photo Privacy

By default, we do not store your photos. When you upload images to get gift recommendations:

  • Photos are processed in real-time by our large language model (LLM) to generate recommendations
  • AI-generated avatars are created to represent you and your recipient
  • Original photos are discarded immediately after analysis
  • No facial geometry, biometric templates, or facial recognition data is created or retained

What We Do Retain After Analysis

After processing, we retain only the AI-derived contextual metadata linked to your account:

  • Inferred interests and preferences (e.g., "likes music," "outdoor enthusiast")
  • General demographic context (e.g., age range, gender)
  • Gift recommendations generated for each session

This metadata is used to display your match history and improve future recommendations. It is deleted when you delete your account.

Thumbnail Storage for User Experience

To help you recognise past matches and navigate your gift history, we store a small thumbnail image for each session. By default, this is an AI-generated avatar. You can choose to store your actual photos instead by enabling "Store my photos" in Settings > Preferences.

  • One thumbnail per person (giver and recipient) is stored per session for match history display
  • Thumbnails are stored securely in encrypted cloud storage and used only for your match history
  • You can opt out by disabling "Store my photos" at any time, reverting to AI-generated avatars
  • Thumbnails are never shared with third parties or used for AI model training

Gift Recipient Data

Our service involves processing photos and information about gift recipients who may not be GiftyWow users. We take this responsibility seriously:

  • Recipient photos are processed ephemerally (deleted immediately after analysis). A thumbnail may be stored for match history display, which can be opted out of at any time
  • We retain only contextual metadata (interests, age range, occasion) — not biometric data
  • This data is associated with the uploader's account, not a separate profile for the recipient
  • Recipient data is deleted when the uploader deletes their account

For GDPR users: We rely on the "disproportionate effort" exemption under Art. 14(5)(b) GDPR for notifying recipients, as we do not collect their contact details. If you are the subject of a gift recommendation and wish to exercise your data rights, please contact privacy@giftywow.com.

Personal Information We Collect

We collect minimal personal information necessary to provide our service:

  • Email address — for account authentication via magic link
  • Display name — optional, for personalisation
  • Wishlist items — gifts you choose to save
  • Usage data — occasions selected, budget ranges, recommendation interactions
  • Payment records — subscription status (card details held by Stripe, not us)

Data Retention

  • Uploaded photos: Deleted immediately after analysis (unless photo storage is enabled)
  • Stored thumbnails: Retained until you disable photo storage or delete your account
  • Analysis metadata: Retained until you delete your account
  • Account data: Retained until you request deletion; then permanently removed within 30 days
  • Anonymised analytics: May be retained indefinitely as it cannot be linked back to individuals

AI & Service Improvement

We do not use your photos or personal data to train AI models.

To improve gift recommendations, we may collect anonymised, non-sensitive, aggregated data:

  • Gift categories and preferences (e.g., "tech gifts," "home decor")
  • Occasion types (e.g., birthday, anniversary)
  • Budget ranges selected
  • Which recommendations you liked or saved

This data helps us understand gift-giving trends and improve recommendations for everyone. No personally identifiable information is included in this data.

International Data Transfers

Your data may be processed in countries outside your own, including:

  • AI Processing: Photos are sent to third-party large language model (LLM) providers for AI analysis. Our LLM providers operate data centres globally with appropriate security safeguards.
  • Data Storage: Account data and metadata are stored via Supabase cloud infrastructure.
  • Payments: Payment processing is handled by Stripe in accordance with their privacy policy.

Where data is transferred outside the EEA/UK, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or adequacy decisions).

Third-Party Services

We use the following third-party services to operate GiftyWow:

  • Supabase — Authentication and data storage
  • LLM Providers — AI photo analysis (provider may change; current providers maintain enterprise-grade security and privacy standards)
  • Stripe — Payment processing
  • Vercel — Web hosting and analytics

Each service has its own privacy policy governing data handling. We select partners who maintain appropriate security and privacy standards.

Children's Privacy

GiftyWow is not directed at children under 16 (or 13 in the US). We do not knowingly collect personal information from children under these ages.

Parents and guardians may upload photos of their children for the purpose of generating gift recommendations. In this case:

  • The parent/guardian is responsible for providing consent on behalf of the child
  • Photos of children are subject to the same ephemeral processing (immediate deletion) as all other photos
  • We do not use children's data for any purpose other than generating gift recommendations for the requesting parent

What We Don't Collect

  • Your photos (unless you opt-in via "Store my photos" setting)
  • Biometric data, facial geometry, or facial recognition templates
  • Payment card details (handled securely by Stripe)
  • Location tracking or GPS data
  • Contacts or address book information
  • Browsing history outside of GiftyWow

Your Rights

Depending on your jurisdiction, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Ask us to correct inaccurate data
  • Erasure: Delete your account and all associated data via Profile > Delete Account
  • Portability: Request your data in a portable format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: Opt out of optional data processing at any time

Australian users: You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC). UK/EU users: You may lodge a complaint with the ICO (UK) or your local supervisory authority.

To exercise these rights, contact us at privacy@giftywow.com

Cookies & Analytics

We use essential cookies and local storage for authentication and session management. We use Google Analytics and Vercel Analytics for aggregated usage analytics on our production site only (not during local development). We do not use advertising trackers or sell data to third parties.

Contact

If you have any questions about this Privacy Policy, please contact us at privacy@giftywow.com