Legal

Privacy Policy

This Privacy Notice for Nikita Šatunov (doing business as Giftsmith) ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use the Giftsmith mobile application (the "Services"), including when you download and use Giftsmith or engage with us in related ways.

Reading this notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use the Services. Questions or concerns? Contact us at privacy@giftsmith.app.

Summary of key points

• What we process. Personal information you provide (name, email) and content you create in the app.
• Sensitive data. We do not process sensitive personal information.
• Other sources. We do not collect information about you from third-party sources.
• Why we process it. To provide and improve the Services, communicate with you, and keep the Services secure.
• Sharing. Only with the service providers needed to operate the app — never sold.
• Your rights. Depending on your location, you may have rights to access, correct, delete, or export your data.
• How to exercise rights. Submit a data subject access request or email us.

1. What information do we collect?

Personal information you disclose to us. We collect information you voluntarily provide when you register, use the Services, or contact us. This may include:

• Names
• Email addresses

Sensitive information. We do not process sensitive information.

Social media login data. You may register using your Apple ID or Google account. If you do, we receive certain profile information (typically name, email, and a unique identifier) from that provider. See section 5 below.

Application data. If you use the app, we may also collect:

• Mobile device access. With your permission, we request access to your camera and photo library so you can attach images to people and gift ideas. You can change these permissions in your device settings.
• Mobile device data. We automatically collect device information such as device model, operating system, language, and hardware identifiers, primarily for diagnostics and security.
• Push notifications. If you opt in, we send notifications about upcoming occasions. You can disable them in device settings.
• Content you create. The people, occasions, gift ideas, photos, links, and notes you save.

Google API Services

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2. How do we process your information?

We process your personal information for the following purposes:

• Account creation and authentication. So you can create and access your account.
• Service delivery. To provide the features you request — capturing gift ideas, managing people and occasions, and sending reminders.
• Administrative communications. To send you information about changes to our terms or policies.
• Service protection. To diagnose problems and prevent abuse, including via crash and error reporting.
• Vital interests. Where necessary to protect the safety of any person.

3. What legal bases do we rely on? (EU/UK)

If you are in the EU or UK, the GDPR / UK GDPR requires us to identify a lawful basis for processing your personal information. We rely on:

• Consent — where you have given us permission for a specific purpose (you may withdraw at any time).
• Performance of a contract — to deliver the Services you've signed up for.
• Legitimate interests — such as diagnosing problems and preventing fraudulent activity.
• Legal obligations — to comply with applicable law.
• Vital interests — to protect the safety of any person.

If you are in Canada, we process your information with your express or implied consent, except in limited cases permitted by law.

4. When and with whom do we share your personal information?

We share information only with service providers who help us operate the app, under contracts that require them to safeguard your data. We do not sell your data and we do not share it for advertising.

• Cloud computing services — Convex (database and file storage)
• Functionality and infrastructure — Expo (push notification delivery and over-the-air updates)
• User account registration and authentication — Apple (Sign in with Apple) and Google (Google Sign-In)
• Performance monitoring — Sentry (crash and error reporting)

We may also share your information in connection with a merger, sale of assets, financing, or acquisition of all or part of our business.

5. How do we handle social logins?

You can register or log in using Apple or Google. When you do, we receive profile information (typically name, email, and a unique identifier) from that provider. We use this information only for the purposes described in this notice. We do not control how the provider handles your data — please review their privacy policy to understand their practices.

6. Is your information transferred internationally?

Our servers and our service providers are located in the United States. Your information may be transferred to, stored, and processed in the United States and other countries.

If you are in the EEA, UK, or Switzerland, please note that these countries may not have data protection laws as comprehensive as those in your country. We rely on the European Commission's Standard Contractual Clauses for these transfers between us and our third-party providers. Copies are available on request.

7. How long do we keep your information?

We retain your personal information only for as long as necessary for the purposes set out in this notice, unless a longer period is required or permitted by law. In general, we keep your information for as long as you have an account with us. When you delete your account, we delete or anonymize your information from our active systems; backups age out on a routine schedule.

8. How do we keep your information safe?

We have implemented reasonable technical and organizational security measures designed to protect your personal information, including OAuth-based authentication, encrypted on-device token storage, and TLS for all network traffic. However, no system is 100% secure, and we cannot guarantee absolute security.

9. Do we collect information from minors?

We do not knowingly collect data from or market to children under 18 years of age (or the equivalent age in your jurisdiction). By using the Services, you represent that you are at least 18 or that you are the parent or guardian of a minor user. If you believe we may have collected information from a minor, please contact us at privacy@giftsmith.app.

10. What are your privacy rights?

Depending on your location, you may have rights to:

• Access and obtain a copy of your personal information
• Request correction of inaccurate information
• Request deletion of your information
• Restrict or object to processing
• Data portability
• Withdraw consent at any time, where we rely on consent
• Not be subject to solely automated decisions with legal effect

You can review, change, or delete your account at any time from within the Giftsmith app. To exercise other rights, submit a data subject access request or email privacy@giftsmith.app.

If you are in the EEA or UK and believe we are processing your information unlawfully, you may complain to your Member State data protection authority or the UK ICO. Swiss residents may contact the Federal Data Protection and Information Commissioner.

11. Controls for Do-Not-Track features

Most web browsers include a Do-Not-Track ("DNT") feature. No uniform standard for DNT signals has been finalized, so we do not currently respond to them. If a standard is adopted in the future, we will update this notice.

12. Do United States residents have specific privacy rights?

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have additional rights regarding your personal information, including the right to know, access, correct, delete, obtain a copy, opt out of the sale or sharing of personal data, and not be discriminated against for exercising your rights.

Categories of personal information we have collected in the last 12 months:

• A. Identifiers (name, email, online identifier) — Yes
• B. California Customer Records personal information (name) — Yes
• C. Protected classification characteristics — No
• D. Commercial information (gift ideas you record) — Yes
• E. Biometric information — No
• F. Internet or other network activity — No
• G. Geolocation data — No
• H. Audio, electronic, sensory information — No
• I. Professional or employment-related information — No
• J. Education information — No
• K. Inferences — No
• L. Sensitive personal information — No

We retain these categories for as long as you have an account with us. We have not sold or shared personal information to third parties for a business or commercial purpose in the preceding 12 months. We have disclosed Categories A, B, and D to service providers as described in section 4.

How to exercise your rights. Submit a data subject access request or email privacy@giftsmith.app. We will verify your identity before responding. If we deny your request, you may appeal by emailing the same address with the subject line "Appeal."

California "Shine the Light". California residents may request information about disclosures of personal information to third parties for direct-marketing purposes. We do not share information for third-party direct marketing.

13. Do other regions have specific privacy rights?

Australia and New Zealand. We collect and process your personal information under Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. You have the right to request access to or correction of your personal information by contacting us. If you believe we are processing your information unlawfully, you may complain to the Office of the Australian Information Commissioner or the Office of New Zealand Privacy Commissioner.

14. Do we make updates to this notice?

We may update this Privacy Notice from time to time. The updated version will be indicated by a revised "Last updated" date at the top of this page. Material changes will be communicated to you in-app or by direct notification.

15. How can you contact us about this notice?

If you have questions or comments about this notice, email us at privacy@giftsmith.app.

16. How can you review, update, or delete the data we collect?

You can review and update your information directly in the Giftsmith app. To delete your account and all associated data, use the in-app delete option in Settings, or submit a data subject access request.