Privacy Policy

Last updated: 27 May 2026

Gift Huddle ("we", "us", or "our") is committed to protecting your personal data and being transparent about how we use it. This policy explains what we collect, why we collect it, and the rights you have over your information.

By using Gift Huddle you agree to the practices described here. If you have questions, please contact us.

1. Who we are

Gift Huddle is operated as a personal project based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller for personal data processed through this service.

2. Data we collect

Account & profile data

• Name and display name
• Email address
• Profile photo (when you connect a social account)
• Date of birth (optional — used to show your birthday on friends' dashboards)
• Interests and gifting preferences (optional — used for personalised recommendations)

Content you create

• Wishlists, gift list items, prices, and product URLs you add
• Events (birthdays, anniversaries) you create or are invited to
• Notes and comments on gift ideas
• Friend connections and invites you send

Usage data

• Pages visited, features used, and actions taken within the app
• Error and crash reports (to diagnose and fix bugs)
• Device type, browser, and approximate location derived from IP address
• Referring URL when you arrive from an external link

Authentication data

When you sign in with Google, Facebook, or another OAuth provider, we receive a limited profile (name, email, and profile picture) from that provider. We do not receive or store your password for those services.

3. Legal basis for processing

We process your personal data on the following legal grounds:

• Contract: to provide the Gift Huddle service you signed up for — maintaining your account, wishlists, and events.
• Legitimate interests: to keep the service secure, diagnose errors, and improve the product — balanced against your rights and privacy expectations.
• Consent: for optional features such as marketing emails or personalised recommendations based on stated interests. You can withdraw consent at any time.
• Legal obligation: where we are required to retain or disclose data by law.

4. How we use your data

• Create and maintain your account
• Display your wishlists and events to you and the friends you choose to share with
• Send reminder notifications for upcoming birthdays and events
• Personalise gift recommendations and deal alerts
• Monitor application health, diagnose errors, and prevent abuse
• Respond to support requests
• Comply with applicable laws and regulations

5. Sharing your data

We do not sell your personal data. We share data only in the following limited circumstances:

• Service providers: third-party companies that help us operate the service (see Section 6). They are contractually bound to process data only on our behalf and in accordance with this policy.
• Other users: information you explicitly make visible — such as your display name, profile picture, and shared wishlists — is visible to your connected friends. Claimed gift items are hidden from wishlist owners by design.
• Affiliate networks: when you click a product link, that link may contain an affiliate identifier. The retailer may receive your IP address and referral information to attribute any purchase. We do not pass your name or email.
• Legal requirements: we may disclose data if required by law, court order, or to protect the rights and safety of Gift Huddle or others.

6. Third-party services

We use the following services to run Gift Huddle:

• Supabase — database and authentication hosting. Data is stored on servers in the European Union. Supabase is compliant with GDPR.
• Vercel — web hosting and serverless functions. Servers are located in the EU/UK region.
• Sentry — error monitoring. Crash reports may include browser info and the page you were on when an error occurred. No sensitive personal data is intentionally sent.
• Google / Facebook / other OAuth providers — optional sign-in. You are subject to their respective privacy policies when using their login services.

7. Cookies & local storage

Gift Huddle uses cookies and browser storage for the following purposes:

• Authentication: a session cookie is set when you log in to keep you signed in. This is strictly necessary for the service to function.
• Preferences: we may store UI preferences (such as theme or notification settings) in local storage.
• Analytics: we may use lightweight, privacy-respecting analytics cookies to understand how features are used.

You can disable cookies in your browser settings, but this will prevent you from logging in.

8. Data retention

We keep your personal data for as long as your account is active. If you delete your account, we will delete your profile, wishlists, and associated content within 30 days. Anonymised or aggregated analytics data may be retained indefinitely. We may retain data for longer if required by law or to resolve disputes.

9. Your rights

Under UK GDPR you have the following rights, which you can exercise by contacting us:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: ask us to delete your data ("right to be forgotten"), subject to legal retention requirements.
• Restriction: ask us to pause processing while a dispute is resolved.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Children

Gift Huddle is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Data security

We use industry-standard security measures including encrypted connections (HTTPS), row-level security on the database, and access controls to protect your data. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but take reasonable steps to protect your information.

12. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page. Continued use of Gift Huddle after changes take effect means you accept the updated policy.

13. Contact

If you have questions about this policy or wish to exercise your rights, please use our Contact page. We aim to respond within 30 days.