Are you an escrow service?

No. We never hold funds ourselves. Stripe processes contributions; when funded, a virtual card is issued to the organizer. This model does not require a payment license.

Can contributors get refunds?

Yes, until the card is issued or the organizer tops up to complete the purchase.

Do contributors need the app?

No, web link works on any device. No app download required.

Contributors pay a simple 5% service fee (minimum $1) shown before checkout. This covers payment processing, virtual card issuance, and platform costs. Organizers pay nothing.

What about affiliate links?

When available, we route via compliant affiliate links at no extra cost to you.

Privacy Policy

Last updated: December 4, 2025

1. Introduction

Welcome to iwishfor ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wishlist platform at iwishfor.io (the "Service").

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password (encrypted)
Wishlist Data: Wishlist titles, descriptions, product links, images, and preferences
Contributor Information: Names and email addresses of people you invite to your wishlists
Secret Santa Data: Participant names, emails, and gift exchange assignments
Communications: Messages, support requests, and feedback you send us

2.2 Automatically Collected Information

Usage Data: Pages visited, features used, time spent on the Service
Device Information: IP address, browser type, operating system, device identifiers
Cookies and Similar Technologies: See our Cookie Policy for details

3. How We Use Your Information

We process your personal data for the following purposes:

Service Delivery: To create, manage, and share your wishlists and Secret Santa events
Communication: To send notifications about wishlist activity, invitations, and service updates
Affiliate Services: To generate affiliate links for products you add to wishlists (with your consent)
Feature Management: To customize your experience using feature flags and A/B testing
Service Improvement: To analyze usage patterns and enhance user experience
Security: To detect, prevent, and address fraud and security issues
Legal Compliance: To comply with applicable laws and regulations

3.1 Legal Basis for Processing (GDPR)

Contract Performance: Processing necessary to provide our Service
Legitimate Interests: Service improvement, fraud prevention, analytics
Consent: Marketing communications (you can opt-out anytime)
Legal Obligation: Compliance with laws and regulations

4. Data Sharing and Disclosure

We may share your information with:

Service Providers: Supabase (hosting/database), Vercel (hosting/analytics), Resend (emails), GrowthBook (feature flags)
Affiliate Networks: When you consent to affiliate links, product URLs may be processed by affiliate networks (Amazon Associates, Awin, Profitshare)
Wishlist Participants: Information you choose to share when creating wishlists or Secret Santa events
Legal Authorities: When required by law or to protect our rights
Business Transfers: In case of merger, acquisition, or asset sale

We do not sell your personal information to third parties.

5. Your Rights (GDPR)

Under GDPR, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Limit how we process your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for processing at any time

To exercise these rights, contact us at privacy@iwishfor.io

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Account data is retained while your account is active. After account deletion, we may retain certain information for legal, security, or business purposes for up to 90 days, after which it is permanently deleted.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption of data in transit (SSL/TLS) and at rest
Secure authentication with Supabase Auth
Regular security audits and monitoring
Access controls and employee training
PCI-DSS compliant payment processing via Stripe

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and Privacy Shield frameworks where applicable.

9. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. For detailed information, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@iwishfor.io

Data Protection Officer: dpo@iwishfor.io

You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

← Back to Home