← Back to Home

Privacy Policy

Last updated: June 30, 2026

This Privacy Policy explains how GiftPlanner(“GiftPlanner”, “we”, “us”) collects, uses, shares, and protects personal information when you use our mobile app (“the App”) and our website at giftplanner.app (“the Site”, together the “Service”). GiftPlanner helps you remember the people you care about and plan personalized gifts, cake ideas, messages, and digital postcards for their birthdays and other occasions.

GiftPlanner is operated by Aidin Bazarchi, an individual based in Türkiye, who is the controller responsible for personal data processed through the Service. You can reach us at privacy@giftplanner.app.

Please read it together with our Terms of Service.

1. The short version

  • We collect what you give us (your account, and the people and details you add) plus basic usage and device data.
  • We use it to run the Service — reminders and AI-generated gift ideas, cakes, messages, and postcards personalized to each person's interests.
  • We use trusted processors (Google/Firebase, AI providers, and others listed below). We do not sell your personal information.
  • You can access, export, or delete your data at any time — the App has a one-tap Delete Account that erases your data across our systems.
  • We never send a person's name to image-generation services, and we never permanently store raw social-media content — only the interest signals derived from it.

2. Information we collect

Account & profile

Your email address, display name, and optional profile photo. You can sign in with email and password, Google, or Apple; if you use Apple's “Hide My Email”, we receive a private relay address instead of your real one.

People you add (“Friends”)

To plan gifts, you add information about the people you're celebrating: their name, birthday, approximate age/birth year, gender, your relationship to them, interests, notes, wishlist items, recurring occasions (e.g. anniversaries) and the holidays you celebrate with them, an optional photo you upload, optional public social handles, and the gift and spend history you record. You provide this about other people — see “Information about other people”.

Contacts you import (optional)

You can import selected people from your device's contacts. Contact access happens on your device, with your permission, and we never upload or copy your address book — only the individual people you explicitly select are saved to your account (their name, birthday if present, and optional photo). Revoking the contacts permission in your device settings stops any further access.

Interest signals from public profiles

If you choose to add a friend's public social handle, we use third-party providers to read publicly availableprofile content and extract general interest keywords (e.g. “hiking”, “coffee”). We do not permanently store the raw social-media content — only the derived interest signals, which stay attached to that friend and are removed when you remove them. This feature is optional and used only when you provide a handle.

Content we generate for you

The gift suggestions, cake designs, postcard artwork, and messages created for you are stored in your account. Generated images are kept with private, unguessable links and are not publicly listed.

Usage, device & diagnostics

Analytics about how the Service is used (features used, screens viewed, language), device and app information (operating system, app version), and crash diagnostics that help us fix problems.

Approximate location (optional)

If you grant location permission, we use your approximate area to find nearby shops or bakeries for a gift or cake. We do not track precise or background location.

Notifications

A push-notification token so we can deliver your reminders.

Website & waitlist

If you join the waitlist on the Site, we collect your email address and preferred language to send you a welcome email and contact you about the launch. Signup is single opt-in (no confirmation step); the waitlist is stored with Supabase in the EU (Stockholm region) and the emails are sent through Twilio SendGrid. You can leave the waitlist at any time by emailing us. The Site also uses cookies and similar technologies — see Cookies.

Wishes you share via a claim link

If someone planning a gift sends you a personal “claim” link and you choose to add gift ideas, we collect only what you type — your gift ideas and any optional notes (e.g. sizes, things to avoid). No account, name, email, or phone number is required or collected on that page. We process this on the basis of your consent, which you give by ticking the box before submitting, and use it solely to pass your ideas to the person planning your gift. You must be 16 or older to submit. We keep these submissions for up to 18 months of inactivity and then delete them; you can ask us to delete them sooner at any time by emailing the contact below. We do not sell this data or use it for advertising, and special-category details (such as health or allergy information) are filtered out and not stored.

3. How we use information

We use personal information to provide and personalize the Service; to create gift, cake, message, and postcard suggestions tailored to each person's interests; to send the reminders and notifications you set up; to analyze a friend's public interests when you ask us to; to find local results when you enable location; to keep the Service secure and prevent abuse; to improve the Service; to communicate with you (including waitlist and product updates); and to comply with legal obligations.

Legal bases (EEA/UK). Where the GDPR or UK GDPR applies, we rely on: performance of our contract with you (to run the Service); your consent (social-interest analysis, location, marketing, and non-essential cookies/pixels — you can withdraw it at any time); our legitimate interests (security, abuse prevention, and improving the Service); and compliance with legal obligations.

4. AI processing

Personalized text (gift ideas, messages) is generated through our secure backend using trusted third-party AI services. Images (cake and postcard art) are generated with trusted third-party AI image services. To protect privacy and integrity:

  • We send only the details needed to produce a result, and we treat the text you provide as data (not instructions) to reduce prompt-injection.
  • We never send a person's name to image-generation services — only theme and interest-derived motifs.
  • We do not use your or your friends' data to train our own AI models.
  • AI providers process the inputs we send in order to return a result, under their own terms; we don't grant them rights to your data beyond providing the service.

5. How we share information

We share personal information only with service providers that process it on our behalf to run the Service, and as required by law. We do not sell your personal information. Our providers include:

  • Google Firebase — authentication, database, file storage, cloud functions, push notifications, analytics, and crash reporting
  • Third-party AI providers — AI text and image generation (no names sent for image generation)
  • Google Places and OpenStreetMap — nearby-shop and bakery results (when you use location)
  • Social-data providers (e.g. RapidAPI and Meta platforms) — reading public profile content to extract interest signals, only when you add a handle
  • Vercel — hosting for the Site and admin tools
  • Supabase (EU region) and Twilio SendGrid — the website waitlist and its welcome email
  • Advertising & analytics networks (Google, Meta, TikTok) — on the Site only, and only after you consent to non-essential cookies

We may also disclose information to comply with the law or a valid legal request, to protect our rights and the safety of users, or in connection with a merger, acquisition, or sale of assets (in which case we'll require the recipient to honor this Policy).

6. Information about other people

GiftPlanner is built around details you add about the people you're celebrating. You are responsible for ensuring you have an appropriate basis to add another person's information, and we ask that you add only what you need and avoid sensitive details. We use that information solely to provide the Service to you — we do not contact the people you add, and we do not build advertising profiles of them.

If you are someone a GiftPlanner user has added and you wish to access or delete information about you, contact us at privacy@giftplanner.app and we will act on verified requests as required by law.

7. International transfers

We and our providers may process information in the United States and other countries that may have different data-protection laws than yours. Our processors are primarily US-based companies — Google (Firebase, Places), Vercel, Supabase, RapidAPI, and our third-party AI providers— some of which also offer EU-region infrastructure. Where the GDPR or UK GDPR requires, we rely on appropriate safeguards for these transfers, such as the European Commission's Standard Contractual Clauses (with the UK Addendum where applicable). Where Türkiye's KVKK applies, cross-border transfers rely on the mechanisms in Article 9 of the KVKK, including your explicit consent where no other safeguard is available.

8. Data retention

We keep your account and the data you add for as long as your account is active. Interest signals are tied to the friend they belong to and are removed when you remove that friend. Cached AI responses expire automatically. When you delete your account (in the App under Settings, or by emailing us), we erase your data across our database, file storage, and authentication systems; residual copies in routine backups age out on our normal backup cycle. Waitlist emails are kept until you ask to be removed, and at the latest are deleted within 6 months after the app launches. We may retain limited information where the law requires.

9. Your rights & choices

Depending on where you live, you may have the right to:

  • access the personal information we hold about you;
  • correct inaccurate information;
  • delete your account and associated data;
  • export your data in a portable format;
  • object to or restrict certain processing;
  • withdraw consent (e.g. for social analysis, location, marketing, or pixels) at any time; and
  • opt out of marketing communications.

You can delete everything yourself with Delete Account in the App, or email privacy@giftplanner.app. We respond to verified privacy requests within one month (GDPR) or 30 days (KVKK); we may ask for enough information to verify your identity before acting on a request. If you are in the EEA or UK, you may also lodge a complaint with your local data- protection authority.

Türkiye (KVKK).Because the operator is based in Türkiye, processing is subject to the Personal Data Protection Law No. 6698 (“KVKK”). If you are in Türkiye, you have the rights in Article 11 of the KVKK — including to learn whether your data is processed, request information, correction, or deletion, and object to outcomes produced solely by automated analysis. Contact us using the email below; if unsatisfied, you may complain to the Turkish Personal Data Protection Authority.

California.We do not sell personal information and do not knowingly “share” it for cross-context behavioral advertising in the App. On the Site, advertising cookies load only with your consent, and you can signal your choice using your browser's privacy controls (including Global Privacy Control). California residents may exercise the rights to know, delete, and correct, and we will not discriminate against you for doing so.

10. Children's privacy

GiftPlanner is not directed to children under 13 (or under 16 where applicable), and we do not knowingly collect personal information from children to create an account. Because a person you add as a “friend” could be a minor, please do not add sensitive information about children. If you believe a child's information has been provided to us, contact us and we will remove it.

11. Security

We protect information with encryption in transit and at rest, access controls, private (unguessable) links for generated images, and rate limiting and abuse protections on our backend. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security, but we work to protect your information and to respond promptly to any incident.

12. Cookies

The Site's only essential storage is local: your language preference and the record of your cookie choice itself (stored in your browser as gp-cookie-consent). Non-essential trackers are split into two categories you consent to separately: Analytics (Google Analytics) and Marketing(Google Ads, Meta, and TikTok pixels). Neither loads until you allow it in the cookie banner, and you can change your choice at any time by clearing the Site's data in your browser (the banner will ask again). The App itself does not use advertising cookies.

13. Changes to this Policy

We may update this Policy from time to time. We'll post the new version here, update the “Last updated” date, and, for material changes, provide a more prominent notice (such as an email or in-app message).

14. Contact us

privacy@giftplanner.app is our single contact channel for all privacy and data-protection matters — GDPR, UK GDPR, KVKK, and California requests, questions about this Policy, and requests from people whose information a user has added. Other addresses you may see on the Site (press, careers) are not monitored for privacy requests. The Service is operated by Aidin Bazarchi, an individual based in Türkiye, who is the data controller. If the Service is directed to users in the EEA or UK, an Article 27 representative may be required and will be identified here once designated.