Privacy Policy
Last Updated: January 15, 2025
1. Introduction
At BuyMyWishes, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our platform. We are committed to transparency and giving you control over your data.
Our Promise: We will never sell your personal data to third parties for marketing purposes. Your information is used solely to provide and improve our wish granting services.
2. Information We Collect
Information You Provide Directly
| Data Type | Purpose | Required/Optional |
|---|---|---|
| Name & Email | Account creation, communication | Required |
| Delivery Address | Wish fulfillment | Required for wishes |
| Payment Information | Transaction processing | Required for granters |
| Profile Picture | User identification | Optional |
| Wish Stories | Authenticity verification | Required for wishes |
| Country/Location | Service availability | Required |
Information Collected Automatically
- Device Information: IP address, browser type, device identifiers
- Usage Data: Pages visited, time spent, click patterns
- Technical Data: Log files, error reports, performance metrics
- Location Data: General geographic location (country/region level)
- Cookies: Session data, preferences, security tokens
Information from Third Parties
- Payment Processors: Transaction status, fraud detection data
- Shipping Companies: Delivery confirmations, tracking information
- Social Media: Public profile information (if you choose to connect accounts)
- Verification Services: Identity verification data for granters
3. How We Use Your Information
Primary Uses
- Service Delivery: Facilitating wish submissions and fulfillment
- Account Management: Creating and maintaining user accounts
- Communication: Sending notifications, updates, and support responses
- Payment Processing: Handling transactions securely
- Safety & Security: Fraud prevention, content moderation
- Platform Improvement: Analytics, bug fixes, feature development
Legal Bases for Processing (GDPR)
- Contractual Necessity: To provide our services as agreed
- Legitimate Interest: Platform security, fraud prevention, improvement
- Consent: Marketing communications, optional features
- Legal Obligation: Compliance with applicable laws
4. Data Sharing & Disclosure
When We Share Information
Important: We do not sell personal data. We only share information when necessary for service delivery, legal compliance, or with your explicit consent.
| Recipient | Information Shared | Purpose |
|---|---|---|
| Payment Processors | Payment details, transaction data | Secure payment processing |
| Shipping Companies | Delivery addresses, contact info | Item delivery |
| Retailers (Amazon, etc.) | Delivery addresses, order details | Wish fulfillment |
| Other Users | Public profile info, wish details | Platform functionality |
| Law Enforcement | As legally required | Legal compliance |
Public Information
The following information may be visible to other users:
- Your chosen display name/nickname
- Profile picture (if provided)
- General location (country/region)
- Wish stories and descriptions
- Granter tier and statistics
- Public acknowledgments and thank you messages
5. Data Security
🔒 Our Security Measures
We implement multiple layers of security to protect your personal information from unauthorized access, use, or disclosure.
Technical Safeguards
- Encryption: All sensitive data encrypted in transit and at rest
- Secure Servers: Industry-standard server security and monitoring
- Access Controls: Strict employee access limitations and authentication
- Regular Audits: Security assessments and vulnerability testing
- Secure Coding: Security-first development practices
- Backup & Recovery: Secure data backup with encryption
Organizational Safeguards
- Employee Training: Regular privacy and security training
- Background Checks: Verification of employees with data access
- Incident Response: Dedicated team for security incidents
- Third-Party Vetting: Security assessment of all service providers
Payment Security
- PCI DSS Compliance: Payment Card Industry standards
- Tokenization: Payment details never stored directly
- Fraud Monitoring: Real-time transaction analysis
- Secure Processing: Encrypted payment channels
6. Your Privacy Rights
Access Rights
Request a copy of all personal data we hold about you, including how it's being used.
Correction Rights
Update or correct inaccurate personal information in your account at any time.
Deletion Rights
Request deletion of your personal data, subject to legal and contractual obligations.
Portability Rights
Receive your personal data in a structured, machine-readable format.
Objection Rights
Object to processing of your personal data for marketing or other purposes.
Restriction Rights
Request limitation of processing in certain circumstances.
How to Exercise Your Rights
- Account Settings: Many rights can be exercised directly in your account
- Email Request: Send requests to privacy@buymywishes.com
- Support Contact: Contact our support team for assistance
- Response Time: We respond to requests within 30 days
7. Data Retention
Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Active account + 2 years | Service provision, legal compliance |
| Transaction Records | 7 years | Legal requirements, dispute resolution |
| Communication Records | 3 years | Customer support, compliance |
| Usage Analytics | 2 years (anonymized) | Platform improvement |
| Security Logs | 1 year | Security monitoring |
Deletion Process
- Data is securely deleted after retention periods expire
- Multiple deletion passes to ensure data cannot be recovered
- Certified destruction of physical storage media
- Regular audits to verify proper deletion
8. Cookies & Tracking
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Basic platform functionality | Session |
| Security Cookies | Authentication, fraud prevention | Session + 30 days |
| Preference Cookies | Remember your settings | 1 year |
| Analytics Cookies | Platform usage analysis | 2 years |
Managing Cookies
- Adjust cookie preferences in your browser settings
- Use our cookie preference center (when available)
- Note: Disabling essential cookies may affect platform functionality
- Analytics cookies can be disabled without affecting core features
9. International Transfers
Cross-Border Data Processing
Your personal data may be transferred to and processed in countries other than your own. We ensure appropriate protections through:
- Adequacy Decisions: Transfers to countries with adequate data protection
- Standard Contractual Clauses: EU-approved data transfer agreements
- Certification Programs: Privacy Shield successors and equivalents
- Binding Corporate Rules: Internal data protection standards
10. Children's Privacy
Age Restrictions: Our platform is not intended for children under 13. Granters must be 18 or older. Users 13-17 may submit wishes with parental consent.
Protections for Minors
- No collection of personal data from children under 13
- Parental consent verification for users 13-17
- Enhanced privacy protections for minor users
- Immediate deletion if we discover data from children under 13
11. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes:
- We'll notify you via email or platform notification
- Changes will be highlighted in the updated policy
- You'll have the opportunity to review changes before they take effect
- Continued use after changes constitutes acceptance
12. Contact Us
For privacy-related questions or requests:
Privacy Officer: privacy@buymywishes.com
General Support: support@buymywishes.com
Data Protection Officer: dpo@buymywishes.com
Response Time: 30 days maximum
Transparency Report: We publish annual transparency reports detailing government requests, data breaches, and privacy metrics. These reports demonstrate our commitment to protecting your privacy.