GiftingMachine

Privacy Policy

Effective date: June 3, 2026

GiftingMachine LLC ("GiftingMachine," "we," "our," or "us") operates the GiftingMachine mobile application and website located at giftingmachine.com (the "Service"). This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights in relation to it.

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information you provide

  • Account information. When you sign up via Google, we receive your name and email address from Google. We store your email address to identify your account.
  • Profile data. During onboarding you provide your age and how you identify (gender). You also select interest categories (e.g. hiking, coffee, gaming). This data is used solely to personalise your gift recommendations.

1.2 Information we collect automatically

  • Swipe data. Each time you swipe on a product card we record the product, direction (like or pass), your age, and your gender identity as they were at the time of the swipe. Age and gender are stored alongside each swipe — not linked back to your name or email — so that aggregate crowd rankings remain accurate even if you later update your profile.
  • Usage data. We collect standard server logs including IP address, browser type, pages visited, and timestamps when you use the website or API.
  • Device push token. If you grant notification permissions on a mobile device, we store the Expo push token for that device to send you relevant notifications. You can revoke this at any time in the app.

1.3 Information from third parties

  • Google OAuth. We use Google Sign-In for authentication. Google provides your name, email address, and profile photo. We do not receive your Google password or payment information.
  • Amazon Associates. When you click a product link and make a purchase on Amazon, Amazon may share aggregate commission data with us. Amazon governs that interaction through its own privacy policy.

2. How We Use Your Information

  • To create and maintain your account.
  • To generate your personalised daily deck of gift cards based on your age, gender identity, and interests.
  • To compute crowd-validated Top Picks rankings using anonymised, aggregated swipe data.
  • To send push notifications you have opted into (daily deck reminders, streak reminders, weekly digest). You can change your preferences or revoke permission at any time in the app.
  • To improve the recommendation algorithm and expand the product catalogue.
  • To monitor Service performance and diagnose technical issues.
  • To comply with applicable law and enforce our Terms of Service.

We do not use your personal information to serve third-party advertising, sell your data to data brokers, or make automated decisions that produce legal or similarly significant effects about you.

3. Legal Bases for Processing (if you are in the EEA or UK)

Where GDPR or UK GDPR applies, we process your personal data on the following legal bases:

  • Contract — processing necessary to provide the Service to you.
  • Legitimate interests — improving recommendations, preventing fraud, and maintaining security, where those interests are not overridden by your rights.
  • Consent — sending push notifications, which you may withdraw at any time.

4. Sharing Your Information

We do not sell your personal information. We share limited information only with the following service providers who help us operate the Service:

  • Clerk — authentication and session management. Clerk processes your email address and issues session tokens on our behalf. See clerk.com/privacy.
  • Neon / Supabase — our hosted PostgreSQL database, which stores account data, swipe records, and product information on servers in the United States.
  • Expo — we use Expo's push notification relay service to deliver notifications to iOS and Android devices.
  • Sentry — error monitoring. Sentry may receive limited technical context (such as device OS and error stack traces) when the app encounters an error.
  • PostHog — product analytics. We use PostHog to understand feature usage in aggregate. PostHog is configured to anonymise data where possible.
  • Amazon Associates Program — affiliate tracking when users click through to Amazon. Amazon's privacy policy governs their collection of data.

We may disclose your information if required by law, regulation, court order, or to protect the rights and safety of GiftingMachine, our users, or the public.

5. Data Retention

  • Active accounts: We retain your personal data for as long as your account is active.
  • Deleted accounts: When you delete your account, your profile, email, interests, and identifiable swipe records are soft-deleted immediately and permanently purged within 30 days.
  • Aggregate data: We may retain anonymised, non-identifiable swipe aggregate data (with no link to your account) indefinitely to maintain ranking quality.
  • Push tokens: Removed automatically when the device reports the app as uninstalled, and removed within 30 days of account deletion.

6. Cookies and Tracking

The GiftingMachine website uses cookies strictly necessary for authentication (set by Clerk). We do not use third-party advertising cookies. Analytics cookies (PostHog) are first-party and anonymised. You can disable non-essential cookies in your browser settings without affecting core functionality.

7. International Transfers

GiftingMachine is based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

8. Children's Privacy

The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that a user under 18 has provided personal information, we will delete that information promptly. If you believe a minor has used our Service, please contact us at privacy@giftingmachine.com.

9. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — delete your account from the Profile screen in the app, or email us to request full deletion.
  • Portability — request your data in a structured, machine-readable format.
  • Objection / restriction — object to or restrict certain processing activities.
  • Withdraw consent — turn off push notifications at any time in the app settings.

To exercise any of these rights, email us at privacy@giftingmachine.com. We will respond within 30 days.

10. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, and access controls. However, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password for your Google account and to report suspected security issues to privacy@giftingmachine.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date and, where appropriate, by email or in-app notice. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy, please contact:

GiftingMachine LLC
Email: privacy@giftingmachine.com