Privacy Policy
Last Updated: June 12, 2026
This policy is a starting template. Before launch, confirm the operating legal entity, registered address, and governing jurisdiction with a qualified advisor and replace the [bracketed] placeholders below.
1. Introduction
Giftspatch ("Giftspatch," "we," "us," or "our") is a business-to-business gifting platform that helps businesses send personalized and branded items to their customers. This Privacy Policy explains how we handle personal information in connection with the website https://giftspatch.io (the "Website") and the Giftspatch web application (together, the "Services").
It applies to visitors to our Website, account holders, members of a business account, and the gift recipients whose addresses are entered by our business users. By using Giftspatch, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
Information you provide directly:
- Account email address and display name (via Google sign-in)
- Company name and the team members you invite
- Designs and logo files you upload to brand your gifts
- Recipient details you enter to send a gift (see Section 4)
- Billing information, if and when paid plans are introduced (processed by our payment processor; we do not store full payment card numbers)
- Communications you send to our support team
Information collected automatically:
- Browser type, version, language, operating system, and device type
- IP address and approximate location (city/region only)
- Pages visited, features used, session duration, and timestamps
- Error logs and diagnostic data
3. How We Use Information
We use personal information to:
- Provide and maintain the Services, including the catalog, gift designer, order placement, and order history
- Authenticate you and the team members you grant access
- Produce and fulfill the gift orders you place, including sharing the necessary recipient and design details with our fulfillment providers
- Send service-related communications (account notifications, order alerts, critical product updates)
- Respond to your support requests
- Detect, prevent, and investigate fraud, abuse, and violations of our Terms of Service
- Improve the Services and develop new features based on usage patterns and feedback
- Comply with legal obligations and enforce our agreements
We do not sell your personal information, and we never sell or share recipient information for marketing purposes.
4. Recipient Information
To send a gift, our business users enter information about the recipient: typically a name and shipping address, and sometimes a short message. We process this recipient information only to fulfill the order it relates to.
- Used only for fulfillment. Recipient details are used to produce and ship the gift, and for related customer service. They are never used to market to recipients.
- Isolated per business account. Recipient and order data belonging to one business account is not mixed with, aggregated with, or exposed to any other account.
- Shared only as needed. Recipient name, address, and the chosen design are shared with the fulfillment provider responsible for producing and shipping that order, and with shipping carriers.
If you are a gift recipient and would like your information removed, contact us at privacy@giftspatch.io and we will work with the sending business to address your request.
5. Sharing Information
We share personal information only in these limited circumstances:
- With service providers who help us operate the Services (see Section 6)
- To comply with legal obligations, such as a subpoena, court order, or other lawful request
- To protect rights and safety, including to enforce our Terms of Service or investigate fraud
- In connection with a business transaction, such as a merger, acquisition, or sale of assets, with notice before your information becomes subject to a different privacy policy
6. Service Providers
Giftspatch relies on a small number of third-party providers, each bound by their own privacy commitments and permitted to use your data only to provide services to us.
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Google Firebase | Authentication (Google sign-in), database, cloud functions, hosting, and file storage | firebase.google.com/support/privacy |
| Google Cloud Platform | Underlying infrastructure for the Services | cloud.google.com |
| Fulfillment provider(s) | Production and shipping of the gifts you order | Provided on request |
| Payment processor | Billing for paid plans (when introduced) | Provided on request |
Giftspatch does not serve third-party advertising and does not share your data with advertising networks.
7. Cookies and Similar Technologies
We use cookies and similar technologies to operate the Services and understand how users interact with our Website. We use them for:
- Authentication: to keep you signed in and protect your session
- Preferences: to remember settings such as display or theme preferences
- Security: to detect and prevent unauthorized access
- Analytics: to understand usage so we can improve the Services
You can configure your browser to refuse cookies or alert you when one is set. Disabling cookies may limit functionality, including the ability to stay signed in.
8. Retention and Deletion
- Active account data: retained while your account is active
- Recipient and order data: retained as long as needed to provide the Services and meet legal and accounting obligations; recipient personal information is removed from active systems within 30 days of a deletion request, subject to any required retention
- Financial and transaction records: retained for up to seven (7) years where required by tax and accounting obligations
- Website analytics: retained for up to 26 months
When you delete your account, we remove your personal information from our active systems within 30 days, subject to legal or regulatory retention requirements.
9. Your Rights and Choices
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete information
- Delete your account and associated personal data
- Export your data in a structured, machine-readable format
- Object to or restrict certain processing
- Withdraw consent where we rely on consent
To exercise any of these rights, email privacy@giftspatch.io. We will respond within 30 days and may ask you to verify your identity first.
10. California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA, including the right to know, access, correct, and delete your personal information, the right to opt out of the sale or sharing of personal information (Giftspatch does not sell or share personal information for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights. To exercise them, email privacy@giftspatch.io.
11. Information Security
We implement technical and organizational measures to protect personal data, including:
- Encryption in transit using TLS 1.2 or higher for all network communications
- Encryption at rest for data stored in our cloud infrastructure
- Access controls enforced at the database level via Firebase Security Rules and verified server-side
- Principle of least privilege for internal access to production data
- Regular dependency updates and security patches
- Logging and monitoring for suspicious activity
No system can be made completely secure. In the event of a data breach affecting your personal information, we will notify you and the relevant authorities within the timeframe required by applicable law.
12. Children’s Privacy
The Services are business tools intended for users who are at least 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have, contact privacy@giftspatch.io and we will take steps to delete it.
13. International Users
Giftspatch is operated from the United States, and your personal data is stored on servers located in the United States. If you access the Services from outside the United States, you acknowledge that your data will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
14. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email and/or by posting a notice within the Services. The "Last Updated" date reflects the most recent revision. Your continued use of the Services after changes take effect constitutes acceptance.
15. Contact Us
Giftspatch
Privacy inquiries: privacy@giftspatch.io
General & support: hello@giftspatch.io
Operating entity & mailing address: [to be confirmed]