Back to Home

Privacy Policy

Last updated: November 30, 2025

This Privacy Policy describes how Send.gift ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website and services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Information You Provide Directly

  • Contact information: Email addresses of gift senders and recipients
  • Shipping information: Name, address, and phone number for gift delivery
  • Payment information: Payment card details are processed securely through Stripe; we do not store full card numbers on our servers
  • Gift messages: Personal messages included with gifts
  • Communications: Information you provide when contacting customer support

Information Collected Automatically

  • Device information: IP address, browser type, operating system, device identifiers
  • Usage data: Pages visited, time spent on pages, click patterns, referring URLs
  • Location data: Approximate location derived from IP address
  • Cookies and tracking technologies: Session cookies, analytics cookies, and similar technologies

Information from Third Parties

We may receive information about you from third-party services we use, including payment processors, analytics providers, and fulfillment partners.

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to fulfill gift purchases and provide our services
  • Legitimate interests: Processing for fraud prevention, security, service improvement, and marketing (where permitted)
  • Legal compliance: Processing required by applicable laws and regulations
  • Consent: Processing based on your explicit consent, which you may withdraw at any time

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Process and fulfill gift purchases and redemptions
  • Send gift notifications and order updates to recipients
  • Communicate with you about your orders and account
  • Provide customer support and respond to inquiries
  • Detect, prevent, and investigate fraud and security incidents
  • Analyze usage patterns to improve our Service
  • Comply with legal obligations and enforce our Terms of Service
  • Send marketing communications (with your consent, where required)

4. How We Share Your Information

We may share your personal information with the following categories of third parties:

  • Payment processors: Stripe processes payment transactions
  • Fulfillment partners: Third-party merchants who fulfill product orders
  • Service providers: Companies that provide hosting, email delivery, analytics, and other services
  • Legal authorities: When required by law, subpoena, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties for their direct marketing purposes.

5. Third-Party Services

We use the following third-party services that process your data according to their own privacy policies:

  • Stripe: Payment processing - Privacy Policy
  • Supabase: Data storage and backend services
  • PostHog: Product analytics and user behavior tracking
  • Resend: Transactional email delivery
  • Rye: Product fulfillment and checkout services

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before providing them with your information.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for the following purposes:

  • Essential cookies: Required for the Service to function properly
  • Analytics cookies: Help us understand how visitors use our Service
  • Functional cookies: Remember your preferences and settings

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. By continuing to use our Service, you consent to our use of cookies as described in this policy.

7. Data Security

We implement reasonable technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, secure data storage, and access controls.

Payment data is processed by Stripe in compliance with PCI DSS (Payment Card Industry Data Security Standard). However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data and are not responsible for unauthorized access resulting from factors outside our reasonable control.

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal, accounting, and reporting obligations
  • Resolve disputes and enforce our agreements
  • Pursue legitimate business interests

When data is no longer needed, we will delete or anonymize it. Specific retention periods vary based on the type of data and legal requirements.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those in your jurisdiction.

For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms. By using our Service, you consent to the transfer of your information to these jurisdictions.

10. Your Privacy Rights

Rights for All Users

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information (subject to legal exceptions)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain types of processing
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw consent: Withdraw previously given consent at any time

California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit: Limit the use of sensitive personal information

To exercise your California privacy rights, please contact us at privacy@send.gift. We will verify your identity before processing your request.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to lodge a complaint with your local supervisory authority
  • Right to object to automated decision-making and profiling

To exercise any of these rights, please contact us at privacy@send.gift. We will respond to your request within 30 days (or as required by applicable law). We may require verification of your identity before processing certain requests.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law. Notification will include a description of the breach, the types of information affected, and steps you can take to protect yourself.

12. Children's Privacy

Our Service is not directed to children under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected information from your child, please contact us immediately at privacy@send.gift. We will promptly delete such information.

13. Do Not Track Signals

Our Service does not currently respond to "Do Not Track" (DNT) browser signals. However, you can manage your privacy preferences through your browser settings and the cookie controls described above.

14. Third-Party Links

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on this page and update the "Last updated" date. For material changes, we may provide additional notice such as email notification.

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

16. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@send.gift

We will respond to your inquiry within 30 days.