Privacy Policy

Welcome to WishMate, an AI-powered gift recommendation platform that helps you discover, organize, and purchase the perfect gifts for any occasion.

We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

By using WishMate, you agree to this Privacy Policy and our Terms of Service. If you have any questions, please contact us at [email protected].

We collect information to provide, personalize, and improve your experience on WishMate.

a. Information You Provide

• •Account Details: Email address and password for account creation
• •Gift Preferences: Gift occasions, preferences, and wishlists you create
• •Saved Items: Items you save or purchase through our platform
• •Communications: Support requests, messages, and feedback you send us

b. Automatically Collected Data

• •IP Address: Your IP address and approximate location
• •Device Information: Device type, browser, and operating system
• •Usage Activity: Pages visited, features used, and interaction patterns
• •Session Identifiers: Unique session IDs (UUID v7) for tracking user journeys
• •Cookies & Analytics: Cookies and analytics identifiers (see our Cookie Policy)

c. Information from Third Parties

We may receive limited data from trusted partners, such as:

• •Payment Processors: Limited data from payment providers like Stripe (when applicable)
• •Analytics Tools: Usage data from Amplitude Analytics (EU server zone)
• •Authentication: Account data from Firebase Authentication (if configured)
• •Integration Partners: Data from marketing or integration partners with your consent

We use your data to:

• •Gift Recommendations: Provide AI-powered gift suggestions and improve personalization
• •Platform Operations: Operate, maintain, and enhance our platform features
• •Communications: Send service notifications and updates (with your consent)
• •Customer Support: Respond to inquiries and provide assistance
• •Security & Fraud Prevention: Prevent fraud, abuse, and security risks
• •Analytics & Improvement: Analyze usage patterns to improve our services
• •Legal Compliance: Comply with legal obligations and enforce our Terms

We do not sell your personal data.

Under the GDPR, we rely on the following legal bases:

• •Consent: For marketing, cookies, and optional personalization features
• •Contract: To provide our platform and fulfill your service requests
• •Legal Obligation: For compliance with tax, accounting, and legal duties
• •Legitimate Interest: For fraud detection, analytics, and service improvement

We share information only when necessary for our operations, including:

• •Service Providers: Cloud storage (Vercel), analytics (Amplitude), customer support tools
• •Payment Processors: Secure transaction processing through Stripe (when applicable)
• •AI Services: External APIs for generating gift recommendations
• •Legal Authorities: When required by law or to protect rights and safety
• •Business Transfers: In connection with mergers, acquisitions, or asset sales

All partners are vetted and bound by strict data protection agreements. We do not sell your personal data to third parties.

Your personal information may be processed in countries outside your residence (e.g., the United States or EU). When doing so, we apply safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection under GDPR.

For analytics, we use Amplitude with EU server zones to minimize international data transfers.

We retain your data only as long as necessary for our legitimate business purposes:

• •Account Data: Up to 3 years after account deletion or last activity
• •Usage & Analytics: Up to 12 months from collection
• •Payment Records: As required by law (usually 7 years for tax purposes)
• •Support Communications: Up to 2 years after resolution

You may request deletion at any time by contacting [email protected]. We will respond within 30 days.

Depending on your region, you may have rights to:

• •Access: Request a copy of your personal data
• •Correction: Correct inaccurate or incomplete information
• •Deletion: Request deletion of your data (right to be forgotten)
• •Restriction: Restrict or object to certain processing activities
• •Withdraw Consent: Withdraw consent for data processing at any time
• •Data Portability: Request your data in a portable format (JSON)
• •Opt-Out of Marketing: Unsubscribe from marketing communications
• •File Complaint: File a complaint with a Data Protection Authority

To exercise these rights, contact us at [email protected]. We will respond within 30 days (or as required by local law).

Data portability requests will be provided in JSON format for easy transfer to other services.

We use industry-standard measures to protect your data, including:

• •HTTPS Encryption: All data transmitted over secure HTTPS connections
• •Secure Storage: Data stored with encryption and restricted access controls
• •Input Validation: Zod schema validation to prevent malicious data
• •Bearer Token Authentication: Secure API authentication mechanisms
• •Security Audits: Regular security audits and monitoring for threats
• •Access Controls: Role-based access controls for internal systems

While we take all reasonable precautions, no system is completely secure. If you believe your data has been compromised, please notify us immediately at [email protected].

WishMate uses AI algorithms to generate personalized gift recommendations based on your preferences, browsing history, and quiz responses. These recommendations are suggestions only and do not have legal or similarly significant effects on you.

You have the right to request human review of any automated decision or to opt-out of personalized recommendations by contacting us.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities within 72 hours as required by GDPR. Notifications will include:

• The nature of the breach
• The categories and approximate number of affected individuals
• The likely consequences of the breach
• Measures taken or proposed to address the breach

WishMate is not directed to children under 16 years of age (or other age as required by local law), and we do not knowingly collect data from minors. If we learn that we have unintentionally done so, we will promptly delete such information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• •Right to Know: What personal information we collect, use, and share
• •Right to Delete: Request deletion of your personal information
• •Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• •Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request.

Categories of Personal Information Collected: Identifiers (email, IP address), usage data, device information, and inferences (gift preferences).

Business Purposes: Service provision, personalization, analytics, security, and legal compliance.

We may update this Privacy Policy periodically to reflect legal or operational changes. We'll notify you of significant updates via email or prominent notice on our platform and revise the "Last Updated" date at the top of this page.

Continued use of WishMate after changes constitutes acceptance of the updated policy.

If you have any questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: [email protected]

For GDPR-related inquiries, you may also contact your local Data Protection Authority.