Privacy Policy

Last Updated: August 13, 2025

Overview

Gifting Gifts ("we," "our," or "us") is committed to protecting your privacy while providing exceptional AI-powered gift recommendations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our intelligent gift discovery platform. We believe privacy is fundamental to trust, and we've designed our service with privacy-first principles.

Information We Collect

Information You Provide Directly
  • Gift Recipient Details: Age range, gender (optional), relationship type, occasion, interests, hobbies, and budget preferences
  • AI Prompts: Text descriptions you provide to generate personalized gift recommendations
  • Contact Information: Name, email address, subject, and message content when you use our contact form
  • User Preferences (Optional): Saved preferences or favorites if you choose to store them
  • Feedback: Ratings, reviews, and suggestions you provide about our service
Information Automatically Collected
  • Session Information: Unique session identifier, search count, total results viewed, categories explored, and session duration
  • Technical Data: IP address, browser type, device type (mobile/desktop/tablet), user agent, and referrer information
  • Usage Analytics: Pages visited, time spent, product click patterns, interaction timing, and feature utilization
  • API Usage Tracking: SERP API requests, response times, success/failure rates, estimated costs, and cache hit ratios
  • AI Service Monitoring: OpenAI token consumption, model usage, prompt/response preview data (first 200 characters), operation types, and request durations
  • Product Interactions: Clicked products, time spent viewing items, AI relevance scores, product positions, and retailer information
  • Search Complexity Analysis: Query length/complexity scoring, budget ranges explored, and search pattern analysis
  • Error Logs: System errors, API failures, and performance metrics for service improvement
Enhanced Tracking Notice

We collect detailed usage analytics to optimize our AI recommendations, manage API costs, and improve service performance. All data is anonymized and used solely for service improvement. You can view your session summary by contacting us with your session ID.

Third-Party Data
  • Product Information: Real-time public product data from retailers for gift ideas

How We Use Your Information

  • AI Gift Recommendations: Process your input to generate personalized, intelligent gift suggestions
  • Service Enhancement: Improve our AI algorithms and user experience based on usage patterns
  • Session Management: Maintain an anonymous session to enable rate limiting and continuity
  • Customer Support: Respond to inquiries, troubleshoot issues, and provide assistance
  • Security & Fraud Prevention: Protect against abuse, unauthorized access, and fraudulent activity
  • Rate Limiting: Ensure fair usage and prevent service abuse through intelligent monitoring
  • Analytics & Research: Understand user behavior to improve our service (anonymized data only)
  • Communication: Respond to inquiries and provide important service notifications (we do not send marketing emails)
  • Legal Compliance: Meet regulatory requirements and protect our legal rights

Information Sharing & Disclosure

We respect your privacy and do not sell or rent your personal information. We may share information only in these limited circumstances:

Service Providers
  • OpenAI (or similar AI providers): Prompt processing for gift recommendations (minimal prompt data only)
  • Cloud Infrastructure: Hosting and database services with strict data protection agreements
  • Search APIs: Product search services for real-time gift availability
Legal Requirements
  • When required by law, court order, or legal process
  • To protect our rights, property, or safety, or that of our users
  • To investigate or prevent fraudulent or illegal activities
  • In response to valid law enforcement requests
Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred with appropriate privacy protections.

Data Retention & Storage

We retain your information only as long as necessary for legitimate business purposes:

  • Session Data: Short-lived (e.g., expires after inactivity or up to 30 days maximum)
  • User Preferences / Favorites: Retained until you remove them or request deletion
  • Contact Messages: Up to 2 years or until resolved (for support quality tracking)
  • Analytics Data: 13 months in anonymized form (for service improvement)
  • Security Logs: 90 days (for fraud prevention and security monitoring)
  • AI Prompts: Not permanently stored; processed temporarily and discarded

All data is stored securely with encryption at rest and in transit.

Data Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards
  • Encryption: TLS 1.3 encryption for all data transmission
  • Database Security: Encrypted storage with access controls and audit logging
  • IP Protection: Hash-based IP storage to prevent tracking while enabling security
  • Session Security: Secure session management with automatic expiration
  • API Security: Rate limiting, authentication, and input validation
Operational Safeguards
  • Access Controls: Role-based access with minimum necessary permissions
  • Regular Audits: Security assessments and vulnerability testing
  • Monitoring: 24/7 security monitoring and incident response
  • Backup Security: Encrypted backups with secure key management
  • Staff Training: Regular privacy and security training for all team members

Your Privacy Rights

Under applicable privacy laws (GDPR, CCPA, and others), you have comprehensive rights regarding your personal data:

Access & Transparency
  • Right to Know: Request information about what personal data we collect and how it's used
  • Data Access: Obtain a copy of your personal information in a readable format
  • Processing Details: Learn about the purposes, sources, and recipients of your data
Control & Correction
  • Rectification: Correct any inaccurate or incomplete personal information
  • Data Portability: Export your data in a machine-readable format
  • Preference Management: Update your communication and service preferences
Deletion & Restriction
  • Right to Deletion: Request removal of your personal data (subject to legal requirements)
  • Processing Restriction: Limit how we use your information in certain circumstances
  • Opt-Out: Withdraw consent for data processing where consent is the legal basis
Exercise Your Rights: Contact us at [email protected] or use our contact form. We'll respond within 30 days.

Cookies & Tracking Technology

We use minimal, essential technologies to provide our service:

Essential Cookies
  • Session Management: Maintain your session and preferences during your visit
  • Security: Protect against cross-site request forgery and other security threats
  • Rate Limiting: Ensure fair usage of our AI recommendation service
What We Don't Use
  • Third-party tracking cookies
  • Advertising or behavioral tracking
  • Social media tracking pixels
  • Cross-site data collection

International Data Transfers

Your information may be processed and stored in countries outside your residence, including the United States. When we transfer personal data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses: European Commission-approved transfer mechanisms
  • Adequacy Decisions: Transfers to countries with adequate privacy protections
  • Security Safeguards: Technical and organizational measures to protect your data
  • Legal Compliance: Adherence to applicable international privacy frameworks

Children's Privacy

Our service is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on our website with a new "Last Updated" date
  • Notify you via email if you have provided us with your email address
  • Display a prominent notice on our service for a reasonable period
  • Provide additional notice as required by applicable law

Your continued use of our service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

Contact Us

For privacy-related questions, concerns, or requests, please contact us:

General Privacy Questions
Data Protection Officer
Privacy-First Design: We collect only what is necessary to deliver useful gift recommendations. No payment processing, subscriptions, or advertising tracking data is collected. Minimal, ephemeral data; maximum utility.