Privacy Policy

Last updated: April 11, 2026

1. Information We Collect

Account information

When you create an account, we collect your email address, username, display name, and password (stored in hashed form). You may optionally provide a birthday, mailing address, bio, and profile photo.

Content you create

This includes wishlist items (names, descriptions, links, images), gift pool participation, group memberships, and friend connections.

Usage data

We collect analytics events about how you use GiftPool, such as feature usage and navigation patterns. This data is associated with your account and stored in our database. We do not use third-party analytics or advertising trackers.

Technical data

We automatically collect request IDs and session identifiers for operational purposes.

2. How We Use Your Information

We use your information to:

  • Operate and maintain the GiftPool service
  • Send you transactional emails (account verification, friend requests, gift pool notifications)
  • Display your profile and wishlist to users you have connected with
  • Improve the service based on usage patterns
  • Detect and prevent abuse or security issues

3. Third-Party Services

We share limited data with the following:

  • Resend — our email delivery provider. Your email address is shared when we send transactional emails (e.g., verification codes, friend request notifications).
  • Sentry — our error monitoring service. When errors occur, technical data (request IDs, session IDs, and error details) may be sent to Sentry for debugging. This may incidentally include your user ID.
  • GitHub — if you choose to sign in with GitHub, we receive your email address and profile information from GitHub's OAuth service.

We do not sell your data. We do not share your information with advertisers.

4. Cookies and Sessions

GiftPool uses a single session cookie (en_session) to keep you logged in. This cookie is HTTP-only (not accessible to JavaScript), uses secure transmission in production, and expires after 30 days by default. If you select "remember me" during login, the cookie persists for the full session duration. We do not use advertising or third-party tracking cookies.

5. Data Storage

Your data is stored in a SQLite database hosted on Fly.io infrastructure. Passwords are hashed using bcrypt before storage. We take reasonable measures to protect your data, but no method of electronic storage is 100% secure.

6. Your Choices and Controls

  • Notification preferences — you can control which notifications you receive (in-app and email) from your account settings.
  • Birthday visibility — you can choose who can see your birthday: friends, everyone, or nobody.
  • Profile information — you can update or remove your optional profile details at any time in your settings.
  • Account deletion — you can delete your account through your account settings. This removes your profile, wishlists, and associated data.

7. Data Retention

We retain your account data for as long as your account is active. Expired sessions and stale verification tokens are periodically cleaned up. If you delete your account, your personal data is removed from our active database.

8. Children's Privacy

GiftPool is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us so we can remove it.

9. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you through the service or by email. The "last updated" date at the top indicates when this policy was last revised.

10. Contact

If you have questions about this privacy policy or how your data is handled, please reach out through our support page.