Privacy Policy

This Privacy Policy describes how Hudson Solutions AB ("we," "us," or "our") collects, uses, and protects your personal information when you use Gifterly (the "Service") available at gifterly.se.

We are committed to protecting your privacy and ensuring transparency about how we handle your personal data. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: Hudson Solutions AB is the data controller responsible for your personal data. If you have any questions about this policy, please contact us at privacy@gifterly.se.

We collect the following categories of personal information:

2.1 Identification Data

Information you provide when creating an account or using our Service:

• Name
• Email address
• Profile picture (if you choose to upload one)
• Authentication credentials (managed securely through Supabase Auth)

2.2 Contact Information

Contact details you provide:

• Email address (for account communication and notifications)
• Phone number (if provided for two-factor authentication)

2.3 Usage Data

Information about how you use our Service:

• People you add to your account (names, relationships, interests, preferences, sizes, favorite colors)
• Events you create (birthdays, anniversaries, custom events, dates, recurring settings)
• Wishlists you create (items, notes, links to people or events)
• App usage patterns and interactions
• Feature usage and preferences

2.4 Technical Data

Automatically collected technical information:

• Device information (device type, operating system, browser type)
• IP address
• Device identifiers
• Push notification tokens (for sending you reminders)
• Log data (access times, pages viewed, actions taken)

2.5 Analytics Data

We use PostHog to collect analytics data about how you use our Service. This includes aggregated and anonymized information about:

• Page views and navigation patterns
• Feature usage
• User interactions
• Performance metrics

This data is collected through cookies and similar technologies. For more information, see our Cookie Policy.

We use your personal information for the following purposes:

3.1 To Provide Our Service

• Create and manage your account
• Store and organize information about people, events, and wishlists
• Send you push notifications about upcoming events and reminders
• Generate personalized gift recommendations (when AI features are available)
• Provide customer support

3.2 To Improve Our Service

• Analyze usage patterns to improve functionality and user experience
• Fix bugs and technical issues
• Develop new features
• Conduct research and analytics (using aggregated, anonymized data)

3.3 To Communicate With You

• Send you service-related notifications (event reminders, account updates)
• Respond to your inquiries and provide customer support
• Send you marketing communications (with your consent, which you can withdraw at any time)
• Notify you about changes to our Service or policies

3.4 For Security and Legal Compliance

• Protect against fraud, abuse, and unauthorized access
• Comply with legal obligations and respond to legal requests
• Enforce our Terms of Service
• Protect our rights and the rights of our users

3.5 For Advertising

We may use your information to show you relevant advertisements on TikTok and Meta platforms. This includes:

• Retargeting campaigns to show you ads about Gifterly
• Building lookalike audiences for advertising
• Measuring the effectiveness of our advertising campaigns

You can opt out of personalized advertising by adjusting your cookie preferences or through the privacy settings of TikTok and Meta platforms.

We process your personal data based on the following legal bases:

• Contractual necessity: To provide our Service and fulfill our contract with you
• Consent: For marketing communications and non-essential cookies (you can withdraw consent at any time)
• Legitimate interests: To improve our Service, prevent fraud, and ensure security
• Legal obligations: To comply with applicable laws and regulations

We do not sell your personal information. We may share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who help us operate our Service:

• Supabase: Provides authentication, database, and backend infrastructure services. Your data is stored securely on Supabase's servers.
• PostHog: Provides analytics services to help us understand how users interact with our Service.
• TikTok and Meta: Provide advertising services to help us reach potential users and measure campaign effectiveness.

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, including:

• Court orders or subpoenas
• Government investigations
• To protect our rights, property, or safety, or that of our users

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes described in this policy, unless a longer retention period is required by law.

• Account data: Retained while your account is active and for a reasonable period after account deletion (to comply with legal obligations and prevent fraud)
• Usage data: Retained for analytics purposes, typically in aggregated and anonymized form
• Marketing data: Retained until you withdraw consent or opt out

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (using HTTPS/TLS) and at rest
• Secure authentication through Supabase Auth
• Regular security assessments and updates
• Access controls and authentication requirements
• Secure data storage on Supabase's infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Under the GDPR and other applicable data protection laws, you have the following rights:

8.1 Right of Access

You have the right to request a copy of the personal information we hold about you. You can access most of your data directly through your account settings.

8.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal information. You can update most information directly through your account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal information. You can delete your account at any time through your account settings, which will trigger the deletion of your personal data (subject to legal retention requirements).

8.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider.

8.6 Right to Object

You have the right to object to processing of your personal information for direct marketing purposes or based on legitimate interests.

8.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before you withdrew consent.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

To exercise any of these rights, please contact us at privacy@gifterly.se. We will respond to your request within one month.

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (Supabase, PostHog, TikTok, Meta) operate.

We ensure that such transfers are made in accordance with applicable data protection laws, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by law

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@gifterly.se, and we will delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending you an email notification (if the changes are significant)
• Displaying a notice in our Service

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Hudson Solutions AB
Organization Number: 559505-8842
Kungsgatan 66Y
75341 Uppsala, Sweden
Email: privacy@gifterly.se
Website: gifterly.se

Data Protection Officer: If you have specific concerns about data protection, you can contact our data protection officer at the email address above.