Privacy policy

gift.it is a wishlist service operated from the United Kingdom. We can be reached at hello@giftit.club.

This policy explains what data we collect, why we collect it, how we use it, and what your rights are. We have written it in plain language. If something is unclear, please get in touch.

Account data. When you sign in, we store your email address and any display name you choose. We use email-based magic links for sign-in — we never store a password. Lawful basis: contract (providing the service you have signed up for).

List and item data. We store the lists you create, the items you add to them (including product names, images, URLs, notes, and sizes), and any do-not-buy preferences you set. This is the core data the product needs to function. Lawful basis: contract.

Claim data. When a gifter claims an item, we record who claimed it and when. This is kept hidden from the list owner until they choose to reveal it. Lawful basis: contract.

Follow data. We store follow relationships between accounts, including the name and optional message a gifter provides when requesting access to a private list. Lawful basis: contract.

Affiliate click data. When someone clicks through to a retailer from a gift.it list, we log the click (item, retailer, and timestamp). If you have consented to affiliate tracking, your user ID may also be logged. This data is used to attribute commissions and is not shared with third parties in a form that identifies you. Lawful basis: legitimate interest (operating a commission-based revenue model, which is disclosed to all users).

Usage data. We may log standard server-side data such as IP addresses and browser type to diagnose errors and maintain the service. This data is not retained beyond 30 days. Lawful basis: legitimate interest (keeping the service operational).

We use two types of cookies:

• Strictly necessary. A session cookie is set when you sign in. This is required for the service to work and does not require your consent under UK PECR.
• Affiliate tracking cookies. When a gifter clicks through to a retailer, the retailer or affiliate network (such as AWIN or Amazon Associates) may set a tracking cookie on their domain. This cookie attributes any resulting purchase to gift.it and is the basis on which we earn commission. These cookies are set by the retailer or network — not by gift.it directly — but we are required to disclose their existence and obtain your consent before the click.

You are asked for consent to affiliate tracking cookies when you first sign up (for registered users) or when you first visit a list page (for anonymous visitors). You can change your preference at any time in your account settings, or by using the cookie preference link in the site footer.

Declining affiliate tracking cookies does not affect your ability to use gift.it. Lists work exactly the same — we simply earn no commission on clicks where tracking is declined.

gift.it is free to use. We earn money when someone clicks through from a list to a retailer and makes a purchase — the retailer pays us a small commission. This commission is paid by the retailer and is never added to the price you or the gift recipient pays.

We work with affiliate networks including Amazon Associates and AWIN. A list of the retailers we have affiliate relationships with is available on request.

Our affiliate relationships never influence what appears on anyone's list. The list owner adds items independently. We have no commercial relationship with the items themselves.

This disclosure is required by the UK Advertising Standards Authority (ASA) CAP Code. Every page on gift.it that contains links to retailers includes this notice.

We do not sell your personal data. We do not share it with advertisers. We share data with third parties only as necessary to operate the service:

• Resend — email delivery (magic link sign-in and transactional notifications). Resend processes your email address on our behalf under a data processing agreement.
• Supabase — database hosting. Our data is stored on Supabase's infrastructure in the EU.
• Vercel — hosting and deployment. Vercel processes request data as part of serving the application.
• Upstash — Redis caching for barcode and URL lookups. Cached data contains product information only, not personal data.
• Anthropic — we use the Claude API to generate do-not-buy suggestions. We send anonymised wishlist item names for this purpose. No personally identifying information is included in these requests.

All third-party processors are contractually bound to process data only for the purposes we specify.

We retain your account data and list data for as long as your account is active. If you delete your account, your data is deleted within 30 days.

Affiliate click logs are retained for 24 months for commission reconciliation, after which they are anonymised.

Server logs are retained for 30 days.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data. Your display name and email can be updated in account settings.
• Delete your account and associated data. Contact us at hello@giftit.club to request deletion.
• Object to processing based on legitimate interest. You can object to affiliate click logging by declining affiliate tracking consent in your account settings.
• Withdraw consent for affiliate tracking cookies at any time via account settings.
• Data portability — you can request a copy of your data in a machine-readable format.

To exercise any of these rights, contact us at hello@giftit.club. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

gift.it is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it promptly.

We may update this policy from time to time. When we do, we will update the date at the top of this page. For material changes, we will notify registered users by email.

Questions about this policy or about your data: hello@giftit.club.