Back to Home

Privacy Policy

Effective Date: February 13, 2026

What Data We Collect

GiftConductor collects information you provide directly:

  • Account information: Email address, name, and profile details
  • Contacts: Names, relationships, birthdays, interests, and addresses of people you track
  • Notes: Observations and gift ideas you capture throughout the year
  • Gift history: Records of gifts you have given
  • Profile responses: Hobbies, preferences, and other information you provide about yourself and your contacts

Third-Party Data Processors

We use the following third-party service providers to operate GiftConductor:

  • OpenAI (AI-powered gift suggestions)
  • Vercel (hosting and edge functions)
  • Neon Postgres (database)

Data sent to OpenAI: When generating gift recommendations, we send the following data to OpenAI's API:

  • Contact names, relationships, and interests
  • Gift history and saved ideas
  • Profile responses (hobbies, preferences)

OpenAI data retention: OpenAI retains API request data for 30 days for abuse monitoring, then permanently deletes it. We have executed a Data Processing Agreement with OpenAI covering GDPR compliance. View OpenAI Data Processing Agreement

How We Use Your Data

Your data is used exclusively to provide the GiftConductor service:

  • Storing and displaying your contacts and gift history
  • Generating personalized gift recommendations using AI (based on interests and notes you have captured)
  • Sending upcoming occasion reminders
  • Enabling household sharing features

We do not sell your data. Your information is never shared with third parties for marketing purposes.

Age Requirements

This service is for users 18 years of age or older. We collect data FROM adults ABOUT children (such as children's birthdays and interests for gift planning). Children do not directly use this service or provide data themselves.

Data Security

We implement security measures to protect your information:

  • Encryption at rest: Street addresses, birthdays, notes content, and profile responses are encrypted at rest using AES-256-GCM encryption. City, state, and zip code are NOT encrypted as they are required for AI location context.
  • Encryption in transit: All data transmitted over HTTPS with TLS encryption
  • Audit logging: Significant account actions are tracked for security monitoring
  • IP hashing: IP addresses are hashed for privacy when stored in logs

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you within 30 days of discovery per California Civil Code section 1798.82. Notifications will describe the nature of the breach, types of data affected, and steps we are taking to address it.

International Data Transfers

Our infrastructure providers are US-based:

  • Vercel (hosting and edge functions)
  • Neon Postgres (database)
  • OpenAI (AI processing)

Data may be processed in the United States. By using this service, you consent to this transfer.

Your Rights

You have control over your personal data:

  • Export your data: Download a complete copy of all your information in JSON format
  • Delete your account: Permanently remove your account and all associated data
  • Update your information: Edit or correct your data at any time

To export or delete your data, visit the Settings page and navigate to the Data & Privacy section.

Data Retention

When you delete data or your account, we retain it in a soft-deleted state for 30 days before permanent removal. This allows for recovery in case of accidental deletion. After 30 days, data is permanently and irreversibly deleted.

Contact

For privacy-related questions or concerns, please contact the development team through the application.

Back to Home