Back to Home

Privacy Policy

Last updated: March 20, 2026

Introduction

Welcome to Gifter (“we,” “our,” or “us”). Gifter is an AI-powered gift recommendation platform that helps you find personalized gift ideas for the people you care about. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share your personal data when you visit our website, use our AI recommendation engine, and interact with our services.

By using Gifter, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use our services.

Information We Collect

We may collect, use, store and transfer different kinds of personal data about you:

  • Identity Data: Name, username, or similar identifier
  • Contact Data: Email address
  • Technical Data: IP address, browser type, device information
  • Usage Data: Information about how you use our website and services
  • Profile Data: Your preferences, gift lists, and wish items
  • Payment Data: Generation credits balance, bundle and seasonal pass purchase history, Ultra tier usage, and subscription status

Payment Information

When you make purchases on Gifter, we process payments through Stripe, our third-party payment processor. Here is what we store and what we do not:

What We Store

  • Your Stripe customer ID (a unique identifier, not your payment details)
  • Purchase history (product type, amount, date, and status)
  • Subscription status and plan type
  • Generation credits balance
  • Seasonal pass validity periods

What We Do NOT Store

  • Credit or debit card numbers
  • Bank account details
  • Full payment method information
  • CVV/CVC security codes

All sensitive payment information is handled exclusively by our payment processors (Stripe and PayPal) and never touches our servers.

Third-Party Payment Processors

We use Stripe and PayPalto process payments. Both are PCI DSS Level 1 certified — the highest level of certification in the payments industry. This means your payment information is protected by the same security standards used by the world's largest financial institutions.

When you enter your payment details, they are transmitted directly to Stripe or PayPal via their secure, encrypted connections. Gifter never has access to your full card number, bank details, or PayPal account credentials.

For more information about how these providers handle your data, please review Stripe's Privacy Policy and PayPal's Privacy Policy.

Billing Data Retention

We retain billing-related data for the following purposes and durations:

Data TypeRetention PeriodPurpose
Subscription metadataDuration of account + 90 daysService access management
Purchase historyDuration of account + 7 yearsTax and legal compliance
Credit balanceDuration of accountService delivery
Stripe customer IDUntil account deletionPayment processing link

Upon account deletion, your credit balance and subscription data are removed immediately. Purchase history may be retained in anonymized form for legal compliance purposes.

How We Use Your Information

We use your personal data for the following purposes:

  • To provide and maintain our service, including AI-powered gift recommendations
  • To process your inputs through our AI recommendation engine and generate personalized gift suggestions
  • To notify you about changes to our service
  • To provide customer support
  • To gather analysis or valuable information to improve our service and recommendation quality
  • To monitor the usage of our service
  • To detect, prevent and address technical issues
  • To manage your account, subscriptions, and generation credits
  • To send you transactional emails related to your account activity and purchases

Use of AI Technologies

Gifter uses artificial intelligence to generate personalized gift recommendations. When you use our gift recommendation wizard, the information you provide about your gift recipient — such as their relationship to you, interests, occasion, and your budget — is processed by AI models through our integration with OpenRouter.

Here is how we handle your data in connection with AI:

  • No model training: Your personal inputs are NOT used to train or fine-tune any AI models. Your data is used solely to generate recommendations for you.
  • Processing only: Recipient details and preferences you enter are sent to AI models exclusively for the purpose of generating gift suggestions in real-time.
  • Informational output: AI-generated gift recommendations are provided for informational purposes only. We do not guarantee availability, pricing accuracy, or suitability of any recommended products.
  • Service improvement: We may use anonymized and aggregated usage patterns (such as popular gift categories, occasion trends, and recommendation quality metrics) to improve the overall quality of our recommendations. This aggregated data cannot be used to identify any individual user.
  • Product link search: After generating recommendations, we may automatically search for product links and images from third-party retailers. These searches are performed on your behalf and the results are presented as convenience links only.

Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Performance of a Contract: Processing is necessary to provide you with the Gifter service, including generating gift recommendations, managing your account, processing payments, and delivering purchased credits or subscriptions.
  • Legitimate Interests: We process data where it is necessary for our legitimate interests, including maintaining the security and integrity of our service, fraud prevention, improving our recommendation algorithms using aggregated data, and ensuring the reliable operation of our platform.
  • Consent: Where required by law, we rely on your consent for certain processing activities, such as sending marketing communications, placing non-essential analytics cookies, and enabling session replay features. You may withdraw your consent at any time.
  • Legal Obligations: We process certain data to comply with applicable legal requirements, including tax regulations, financial reporting obligations, and responding to lawful requests from public authorities.

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our service and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

We use cookies for the following purposes:

  • Essential cookies: To keep you signed in and manage your authentication session
  • Preference cookies: To remember your preferences and settings
  • Analytics cookies: To analyze how our service is used and measure performance
  • Functionality cookies: To improve our service and user experience

Session Recording and Analytics

We use the following analytics tools to understand how our service is used and to improve the user experience:

  • Mixpanel: We use Mixpanel for product analytics and Session Replay. Session Replay records user interactions (clicks, scrolls, page navigation) to help us identify usability issues and improve the product experience. All sensitive input fields (such as passwords, email addresses, and payment information) are automatically masked in session recordings and are never captured.
  • Google Tag Manager: We use Google Tag Manager to coordinate and manage analytics tags on our website. GTM itself does not collect personal data but facilitates the deployment of other analytics tools.

You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may affect the functionality of our service.

Data Security

The security of your data is important to us. We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit using TLS/SSL and encryption of sensitive data at rest
  • Row Level Security (RLS) policies on all database tables to ensure users can only access their own data
  • Input validation and sanitization on all API endpoints using Zod schemas
  • Regular security reviews and dependency updates to address known vulnerabilities
  • Automatic redaction of sensitive data (tokens, API keys, personal information) in application logs
  • Secure authentication with HTTP-only cookies and session token management
  • Access controls and principle of least privilege for internal systems and third-party service integrations

Data Breach Response

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we are committed to notifying affected users within 72 hours of becoming aware of the breach. Notification will be provided via the email address associated with your account. We will also notify the relevant supervisory authorities as required by applicable law.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Right to Restrict Processing: Request that we limit the processing of your personal data in certain circumstances
  • Right to Data Portability: Request transfer of your personal data in a structured, commonly used format
  • Right to Object: Object to processing of your personal data for certain purposes, including direct marketing
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing
  • Export your payment data and purchase history
  • Cancel your subscription at any time through your Billing Portal
  • Request deletion of your payment data (subject to legal retention requirements)

To exercise any of these rights, please contact us at support@gifter.now. We will respond to your request within 30 days, or sooner where required by applicable law.

California Residents (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.

  • Right to Know: You have the right to request that we disclose what personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions required by law.
  • Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Opt Out of Sale: Gifter does NOT sell your personal information to third parties. We do not engage in the sale or sharing of personal information as defined under the CCPA/CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

To exercise your rights under the CCPA, please contact us at support@gifter.now. We will verify your identity before processing your request and respond within 45 days as required by law.

International Users

Gifter's services are operated from the United States. If you are accessing our services from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

Where we transfer personal data internationally, we implement appropriate safeguards to ensure your data is protected in accordance with this privacy policy. These safeguards may include standard contractual clauses approved by the European Commission or other legally recognized transfer mechanisms.

If you are a resident of the European Union, the United Kingdom, or the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the rights described in the “Your Rights” section above. You also have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

Children's Privacy

Gifter is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us at support@gifter.now.

If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers promptly.

Account Deletion

You may request the deletion of your Gifter account and associated personal data at any time by contacting us at support@gifter.now.

Upon receiving a verified account deletion request:

  • Your account data (profile information, gift lists, preferences, and generation history) will be permanently removed within 30 days.
  • Data stored in backup systems will be removed within 90 days.
  • Your Stripe customer ID and active subscriptions will be canceled and disassociated from your account.
  • Purchase history and transaction records may be retained in anonymized form for up to 7 years to comply with tax and legal obligations.

Please note that account deletion is irreversible. Once your data has been deleted, it cannot be recovered.

Third-Party Services

We may employ third-party companies and individuals to facilitate our service, provide the service on our behalf, or assist us in analyzing how our service is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Our key third-party service providers include:

  • Stripe — Payment processing and subscription management
  • PayPal — Alternative payment processing and subscription management
  • Supabase — Database and authentication services
  • OpenRouter — AI model access for gift recommendation generation
  • Resend — Transactional email delivery
  • Mixpanel — Product analytics, usage insights, and session replay
  • Google Tag Manager — Analytics tag coordination and management
  • Serper — Product and shopping search for gift link discovery

Each of these providers maintains their own privacy policies governing how they handle data. We encourage you to review their respective privacy policies.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes that materially affect your rights, we will make reasonable efforts to notify you via email or through a prominent notice on our service.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the service after changes are posted constitutes your acceptance of the updated policy.

Dispute Resolution

Any disputes arising from or relating to this Privacy Policy or our data processing practices shall be governed by applicable law. We encourage you to contact us first to resolve any concerns through good-faith negotiation.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at support@gifter.now. We are committed to working with you to achieve a fair resolution. If we are unable to resolve your concern, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us at support@gifter.now.