Privacy Policy

Effective Date: January 1, 2025 Version 2.0
🔒 Bank-level encryption ✅ CCPA compliant 🛡️ GDPR ready 🏦 PCI DSS certified

Overview

Our Commitment to Your Privacy

At GiftPot, Inc. ("GiftPot", "we", "us", or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our group gifting platform at www.giftpot.app (the "Service").

The bottom line: We only collect what we need to provide our Service, we never sell your personal data, and you always have control over your information.

Key Points:

  • ✅ We never sell your personal information
  • ✅ We use bank-level encryption for all data
  • ✅ You can request deletion of your data anytime
  • ✅ We only share data with essential service providers
  • ✅ We comply with CCPA, GDPR, and other privacy laws

1. Information We Collect

1.1 Information You Provide to Us

When Creating a Gift Pot:

  • Account Information: Email address, name (optional)
  • Pot Details: Pot name, description, target amount, deadline
  • Optional Information: Photo, gift links, personal messages

When Contributing to a Pot:

  • Contributor Information: Name (or anonymous), email (optional)
  • Payment Information: Processed securely by Stripe - we never see or store your card details
  • Optional Message: Personal message to recipient

When Withdrawing Funds:

  • Banking Information: Bank account details for ACH transfers (processed by Stripe)
  • Identity Verification: As required by financial regulations
  • Tax Information: For amounts over $600/year (IRS requirement)

1.2 Information Automatically Collected

Device & Usage Information:

  • Log Data: IP address, browser type, operating system
  • Usage Data: Pages visited, time spent, click patterns
  • Device Information: Device ID, screen resolution, time zone
  • Location Data: General location (city/state level) from IP address

Cookies & Similar Technologies:

  • Essential Cookies: Required for Service functionality
  • Analytics Cookies: Help us improve our Service
  • Preference Cookies: Remember your settings

You can control cookies through your browser settings. Note that disabling cookies may limit Service functionality.

2. How We Use Your Information

To Provide Our Service

  • Process pot creation and management
  • Facilitate contributions and payments
  • Enable fund withdrawals
  • Send transactional emails and notifications

To Improve Our Service

  • Analyze usage patterns and trends
  • Develop new features
  • Optimize user experience
  • Conduct A/B testing

To Ensure Safety & Security

  • Prevent fraud and abuse
  • Verify identity for withdrawals
  • Comply with legal obligations
  • Enforce our Terms of Service

To Communicate With You

  • Send pot updates and notifications
  • Respond to support requests
  • Send service announcements
  • Marketing (with your consent)

Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To provide the Service you requested
  • Legitimate Interests: To improve our Service and prevent fraud
  • Legal Obligation: To comply with financial regulations
  • Consent: For marketing communications

3. How We Share Your Information

We NEVER sell, rent, or trade your personal information.

We Only Share Information:

With Service Providers

  • Stripe: Payment processing and fund transfers
  • AWS: Secure cloud hosting
  • SendGrid: Transactional email delivery
  • Cloudflare: Security and performance

All service providers are contractually obligated to protect your data and use it only as we direct.

When Required by Law

  • To comply with legal obligations
  • To respond to lawful requests by public authorities
  • To protect our rights, privacy, safety, or property
  • To enforce our Terms of Service

With Your Consent

  • When you explicitly agree to share
  • To pot organizers (your contribution details)
  • To other contributors (if you choose to be public)

In Business Transfers

If GiftPot is acquired or merged, your information may be transferred. We'll notify you before your information becomes subject to a different privacy policy.

4. Data Security

We Protect Your Data With:

🔐

Encryption

256-bit SSL encryption for all data transmission

🏦

PCI Compliance

Level 1 PCI DSS certified payment processing

🔒

Access Controls

Multi-factor authentication and role-based access

🛡️

Regular Audits

Third-party security assessments and penetration testing

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any data breaches as required by law.

5. Data Retention

Data Type Retention Period Reason
Active Pot Data Duration of pot + 30 days Service delivery
Transaction Records 7 years Legal/tax requirements
Account Information Until deletion requested Account management
Marketing Data Until consent withdrawn With your permission
Security Logs 1 year Fraud prevention

You can request deletion of your personal data at any time, subject to legal retention requirements.

6. Your Privacy Rights

🌴 California Residents (CCPA)

You have the right to:

  • Know: What personal information we collect, use, and share
  • Delete: Request deletion of your personal information
  • Opt-Out: Of the "sale" of personal information (we don't sell your data)
  • Non-Discrimination: Equal service regardless of exercising your rights

Shine the Light: California residents can request information about disclosures to third parties for marketing (we don't share for marketing).

🇪🇺 EU Residents (GDPR)

You have the right to:

  • Access: Obtain a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Object: To certain processing activities
  • Restrict: Processing in certain circumstances
  • Withdraw Consent: At any time for consent-based processing

🇺🇸 All US Residents

You have the right to:

  • Access: Your personal information we hold
  • Correct: Inaccurate information
  • Delete: Your account and associated data
  • Opt-Out: Of marketing communications
  • Data Export: Download your data

How to Exercise Your Rights

To exercise any of these rights, please:

  1. Email us at privacy@giftpot.app
  2. Include "Privacy Rights Request" in the subject line
  3. Provide information to verify your identity
  4. Specify which rights you wish to exercise

We'll respond within 30 days (45 days for complex requests).

7. Children's Privacy (COPPA)

GiftPot is not intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If you are under 13, please do not use our Service or provide any information.

If we learn we've collected information from a child under 13, we will promptly delete it. If you believe we have information from a child under 13, please contact us immediately.

8. International Data Transfers

GiftPot operates in the United States. If you access our Service from outside the US, please be aware that your information will be transferred to, stored, and processed in the United States where our servers are located.

We Ensure Safe Transfers Through:

  • Standard Contractual Clauses approved by the EU Commission
  • Appropriate safeguards as required by GDPR
  • Encryption during transmission
  • Secure storage practices

9. Third-Party Links & Services

Our Service may contain links to third-party websites or services (e.g., retailer sites for gifts). We're not responsible for the privacy practices of these third parties.

Common Third-Party Integrations:

  • Payment Processors: Stripe, PayPal (user choice)
  • Gift Card Providers: Various retailers
  • Social Media: Optional sharing features
  • Analytics: Google Analytics (anonymized)

Always review the privacy policies of any third-party services you interact with.

10. Marketing & Communications

Types of Communications:

Transactional Emails (Required)

Pot updates, contribution confirmations, withdrawal notices

You cannot opt-out of these essential service communications.

Marketing Emails (Optional)

Feature announcements, tips, special offers

Only sent with your consent. Unsubscribe anytime via the link in any marketing email.

SMS/Text Messages (Optional)

Pot notifications, reminders (if you opt-in)

Standard message and data rates may apply. Text STOP to opt-out.

11. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. Because there's no industry standard for DNT compliance, we currently don't respond to DNT signals. However, you can control tracking through:

  • Cookie settings in your browser
  • Opting out of analytics cookies
  • Using privacy-focused browser extensions

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal requirements.

When We Update:

  • The "Effective Date" at the top will change
  • For material changes, we'll notify you via email or Service notice
  • Your continued use after changes means acceptance
  • You can always view previous versions upon request

Version History:

  • v2.0 (Jan 1, 2025): Enhanced CCPA compliance, updated third-party services
  • v1.5 (Oct 1, 2024): Added gift card provider information
  • v1.0 (Jan 1, 2024): Initial privacy policy

13. Contact Us

Questions About This Privacy Policy?

We're here to help! Contact our Privacy Team:

📧 Email

privacy@giftpot.app

Response within 24-48 hours

✉️ Mail

GiftPot, Inc.
Attn: Privacy Team
123 Startup Lane, Suite 100
San Francisco, CA 94105
United States

🌐 Data Protection Officer

dpo@giftpot.app

For GDPR-related inquiries

EU Residents - Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we've violated GDPR.

Quick Privacy Actions

Privacy Policy Summary

📊

What We Collect

Only what's needed to run the service

🔒

How We Protect It

Bank-level encryption & security

🚫

What We Don't Do

Never sell your data

Your Control

Access, correct, or delete anytime