Privacy Policy for GiftCircles

Last Updated: November 12, 2025 | Effective Date: November 12, 2025

Introduction

GiftCircles (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (“App”). If you do not agree with the terms, please do not use the App.

Information We Collect

Personal Information You Provide

Account Information: Email address and display name when you create an account.
Event Data: Event names, dates, descriptions, and settings you create.
Gift Lists: List names, item descriptions, links, prices, and notes.
Claims: Information about items you claim to purchase for others.
Profile Settings: Notification preferences and app settings.

Automatically Collected Information

Device Information: Device model, OS, and App version.
Usage Data: Features used, interaction patterns, and error/crash logs.
Push Notification Tokens: If you enable notifications, we store a device token to deliver them.
Identifiers: Anonymous app instance or device identifiers used for subscription and diagnostics.

Information From Third Parties

Supabase: Authentication and database/hosting.
RevenueCat: Subscription management and purchase validation.
Google Play Billing: Handles payment transactions; we do not receive full payment card data.
Expo: Push notification delivery infrastructure.

How We Use Your Information

Provide Core Functionality: Create events, manage gift lists, make/track claims.
Authentication & Security: Verify identity, secure accounts, prevent abuse.
Notifications: Event updates, invitations, and reminders (only if enabled).
Improve the App: Analyze usage and fix bugs.
Support & Communication: Respond to inquiries and send important service notices.

How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information only:

Within Events: Your display name and claims are visible to members of events you join.
With Service Providers: Supabase, RevenueCat, Google Play Billing, and Expo—to host, authenticate, process subscriptions, and deliver notifications.
For Legal Reasons: To comply with law or protect rights, safety, and security.
Business Transfers: In a merger, acquisition, or asset sale, with notice where required.

Data Storage and Security

Storage: Data is stored on secure Supabase infrastructure.
Security: Transport encryption (TLS), secure authentication, role/row-level access controls, and least-privilege practices.
Retention: We retain data while your account is active and as needed for service, security, and legal obligations.

Your Privacy Rights

Access & Update: View and edit your information in the App.
Delete: Delete your account and associated data via Profile → Delete account or follow the steps at this page.
Opt-Out of Notifications: Disable in device or App settings.
Portability: Request a copy of your data via email.

Account Deletion

When you submit a deletion request:

Your personal data (account, profile, lists, events you own, and claims) is scheduled for permanent deletion within 30 days.
Events you created may be transferred to another admin or marked as archived to preserve other members’ data.
Purchase records required for compliance and accounting may be retained for up to 5 years.
This action cannot be undone.

Children’s Privacy

GiftCircles is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that such data has been collected, we will delete it.

Push Notifications

If enabled, we process a device push token to deliver invitations, claim updates, and reminders. You can disable notifications at any time in your device or App settings.

Third-Party Policies

Supabase: supabase.com/privacy
RevenueCat: revenuecat.com/privacy
Expo: expo.dev/privacy
Google Play: policies.google.com/privacy

International Data Transfers

Your information may be processed in countries other than your own. We apply appropriate safeguards consistent with this policy and applicable law.

California Privacy Rights (CCPA)

California residents may request access, deletion, and information about disclosures. We do not “sell” personal information. To exercise rights, contact us using the details below.

European Privacy Rights (GDPR)

EEA users have rights to access, rectification, erasure, restriction, portability, and objection. Our legal bases include: consent (account creation and optional features), contract (to provide the App), and legitimate interests (improving services, preventing fraud).

Changes to This Policy

We may update this policy. We will update the “Last Updated” date and, for material changes, notify you in-app or via a posted notice.

Contact Us

Email: support@giftcircles.app
GitHub: github.com/chrisaxt/GiftCircles

Data Protection Officer

Not appointed. We will update this section if a DPO is required by law.

Consent

By using GiftCircles, you consent to this Privacy Policy and agree to its terms.

Plain-Language Summary

We collect your email, display name, and the events/lists/items you create.
Why: to coordinate gift giving and run the App.
Who sees it: people in your events can see your display name and claims.
Delete: Profile → Delete account (or use the link above).
We don’t sell your data.
Questions? Email support@giftcircles.app.