Privacy Policy

1. Who We Are

GiftPlan.io is a gift registry service operated in the United Kingdom. We enable people to create gift registries for weddings, baby showers, birthdays, housewarmings, and other celebrations, and receive contributions from their guests.

For any privacy-related questions, please contact us at: privacy@giftplan.io

2. Data We Collect

We collect the following types of data:

Account Data

• Email address
• Password (stored securely hashed)
• Names (for registry display)
• Event date

Registry Data

• Gift items and descriptions
• Target amounts and funding progress
• Personal messages
• Cover photos

Contribution Data

• Guest names and email addresses
• Contribution amounts
• Personal messages

Website analytics (Umami)

We use Umami Cloud to collect aggregate statistics about how the site is used (for example, page views and traffic sources). Umami is configured to avoid collecting personally identifiable information. This processing supports our legitimate interest in understanding and improving our website. See Umami's privacy information.

Product analytics (PostHog, with consent)

With your consent, we collect additional anonymised usage data via PostHog, including feature interactions and session data. This helps us improve the product. PostHog analytics run only if you accept analytics cookies in the cookie banner.

Payment Data

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details directly. We store Stripe account IDs and transaction references.

3. Legal Basis for Processing

We process your data based on:

• Contract: To provide the registry service you signed up for
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For PostHog analytics cookies and optional marketing communications
• Legal Obligation: To comply with UK tax and financial regulations

4. Data Retention

We retain your data as follows:

• Active registries: Until archived (30 days after event date)
• Archived registries: 60 days after archival, then deleted
• Account data: Until you delete your account
• Financial records: 7 years (UK legal requirement)

5. Data Sharing and Storage Location

We share data with:

• Stripe: For payment processing
• Amazon: For product data (ASINs only, no personal data)
• Resend: For sending emails
• AWS: For application hosting (eu-central-1 region)
• Neon: For database hosting (eu-central-1 region)
• Umami Cloud: For aggregate website analytics (see Umami's documentation for processing locations)
• PostHog: For product analytics (data processed in the US, only with your consent)

Our application and database infrastructure are hosted exclusively in the EU (eu-central-1). We do not sell your personal data to third parties.

6. Your Rights (GDPR)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise these rights, use the account settings in your dashboard or contact us at privacy@giftplan.io.

7. Cookies

We use essential cookies to maintain your session and preferences. We use Umami for aggregate site statistics; it is designed not to rely on cookies for basic tracking. With your consent, we also use analytics cookies (PostHog) for deeper product analytics. PostHog cookies are only set after you accept them via the cookie banner. For full details, see our Cookie Policy.

8. Security

We implement industry-standard security measures including HTTPS encryption, secure password hashing, and regular security audits. All payment processing is handled by PCI-compliant Stripe.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email.

10. Contact Us

For privacy inquiries, contact us at: privacy@giftplan.io

You can also review our Terms of Service, read the Cookie Policy, or contact us through the contact page.