Privacy Policy
Overview
Our Commitment to Your Privacy
At GiftPot LLC ("GiftPot", "we", "us", or "our"), a Delaware limited liability company, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our group gifting platform at www.giftpot.app (the "Service").
The bottom line: We only collect what we need to provide our Service, we never sell your personal data, and you always have control over your information.
🔑 Key Points:
- ✅ We never sell your personal information
- ✅ We use bank-level 256-bit SSL encryption for all data
- ✅ You can request deletion of your data anytime
- ✅ We only share data with essential service providers
- ✅ We comply with CCPA, GDPR, and other privacy laws
- ✅ Payment data is handled by Stripe, never stored by us
1. Information We Collect
1.1 Information You Provide to Us
When Creating a Gift Pot:
- Organizer Information: Name, email address
- Pot Details: Pot name, description, target amount, deadline
- Recipient Information: Name, email (optional)
- Optional Information: Photo, gift links, personal messages
When Contributing to a Pot:
- Contributor Information: Name (or anonymous), email
- Payment Information: Processed securely by Stripe - we never see or store your card details
- Optional Message: Personal message to recipient
- Contribution Amount: How much you're contributing
When Withdrawing Funds:
- Banking Information: Bank account details for ACH transfers (handled by Stripe Connect)
- Identity Verification: As required by financial regulations (KYC/AML)
- Tax Information: For amounts over $600 (IRS Form 1099-K requirements)
1.2 Information Collected Automatically
| Type of Data | What We Collect | Why We Collect It |
|---|---|---|
| Device Information | Browser type, operating system, device type | To optimize your experience |
| Usage Data | Pages visited, features used, interaction patterns | To improve our Service |
| IP Address | Your IP address and approximate location | For security and fraud prevention |
| Cookies | Session cookies, preference cookies | To maintain your session and preferences |
2. How We Use Your Information
2.1 Primary Uses
- Provide the Service: Create and manage gift pots, process contributions, facilitate withdrawals
- Communications: Send transactional emails (receipts, notifications, magic links)
- Security: Prevent fraud, unauthorized access, and abuse
- Legal Compliance: Comply with laws, regulations, and legal processes
- Improvement: Analyze usage patterns to improve features and user experience
2.2 We DO NOT:
- ❌ Sell your personal information to third parties
- ❌ Use your data for advertising networks
- ❌ Share your email for marketing purposes
- ❌ Store your payment card information
- ❌ Access your bank account directly
4. Data Security
🔒 How We Protect Your Data
- Encryption: 256-bit SSL/TLS encryption for all data transmission
- Infrastructure: SOC 2 Type II certified data centers
- Access Control: Role-based access with multi-factor authentication
- Regular Audits: Annual security audits and penetration testing
- PCI Compliance: Level 1 PCI DSS compliant payment processing
- Data Minimization: We only collect what we need
Important: While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Your Rights & Choices
5.1 Your Privacy Rights
You have the following rights regarding your personal information:
- ✅ Access: Request a copy of your personal data
- ✅ Correction: Update or correct inaccurate data
- ✅ Deletion: Request deletion of your personal data
- ✅ Portability: Receive your data in a portable format
- ✅ Opt-Out: Unsubscribe from marketing communications
- ✅ Restriction: Limit how we process your data
5.2 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@giftpot.app
- Include "Privacy Request" in the subject line
- We will respond within 30 days
5.3 Account Closure
You can close your account at any time through your account settings. Upon closure:
- Active pots must be completed or cancelled
- Funds must be withdrawn within 180 days
- We retain certain data for legal compliance
7. Children's Privacy
⚠️ Age Requirement
GiftPot is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@giftpot.app. We will delete such information promptly.
8. California Privacy Rights (CCPA)
🌟 For California Residents
Under the California Consumer Privacy Act (CCPA), California residents have additional rights:
8.1 Your California Rights
- Right to Know: Request disclosure of personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information (Note: We don't sell personal data)
- Right to Non-Discrimination: Equal service regardless of exercising privacy rights
8.2 Categories of Information Collected
| Category | Examples |
|---|---|
| Identifiers | Name, email address, IP address |
| Financial Information | Payment card details (via Stripe), bank account |
| Internet Activity | Browsing history on our site, interaction with features |
| Geolocation Data | Approximate location from IP address |
8.3 How to Exercise Your California Rights
California residents can make requests by:
- Email: privacy@giftpot.app
- Include "California Privacy Request" in subject
- We will verify your identity before processing
- Response within 45 days
8.4 Shine the Light Law
California Civil Code Section 1798.83 permits users to request information about disclosure of personal information to third parties for marketing. We do not share personal information for third-party marketing.
9. International Users
9.1 GDPR Compliance (European Users)
While GiftPot currently operates in the United States only, we are GDPR-ready for future expansion:
- Legal Basis: Consent or legitimate interests
- Data Controller: GiftPot LLC
- Data Protection Officer: Contact privacy@giftpot.app
- EU Rights: Access, rectification, erasure, portability, objection
9.2 Data Transfers
All data is processed and stored in the United States. By using our Service, you consent to the transfer and processing of your information in the U.S.
10. Data Retention
10.1 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Until account deletion + 90 days | Recovery period |
| Transaction Records | 7 years | Legal & tax requirements |
| Pot Data | 1 year after completion | Dispute resolution |
| Email Communications | 2 years | Legal compliance |
| Security Logs | 1 year | Security analysis |
10.2 Deletion Requests
When you request deletion, we will:
- Delete or anonymize your personal data within 30 days
- Retain only what's legally required
- Confirm completion of deletion
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Effective Date" at the top
- We will notify you via email or prominent notice on the Service
- You may need to accept the new policy to continue using the Service
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Questions About Privacy?
Our privacy team is here to help with any questions or concerns about how we handle your data.
GiftPot LLC
8 The Green, Suite B
Dover, DE 19901
United States