Privacy Policy

Introduction

Welcome to WishVault ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wishlist sharing application.

By using WishVault, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Personal Information

When you create an account, we collect:

• Account Information: Name, email address, password (encrypted)
• Profile Information: Nickname, avatar photo, birthday
• Preferences: Shirt size, shoe size, jacket size, waist measurements, favorite colors, hobbies, and personal notes

Wish Information

When you create wishes, we collect:

• Wish names and descriptions
• Photos of wished items
• Links to products or websites
• Status (still hoping or fulfilled)

Group Information

When you participate in groups, we collect:

• Group names and membership data
• Invite codes and join timestamps
• Group creator and member relationships

Technical Information

We automatically collect:

• IP addresses and device information
• Browser type and version
• Usage data and analytics
• Authentication tokens (securely stored)

How We Use Your Information

We use your information to:

• Provide Services: Enable wishlist creation, group management, and profile features
• Authentication: Verify your identity and manage your account
• Communication: Send verification emails, password resets, and birthday reminders
• Personalization: Display your preferences to group members for better gift-giving
• Security: Protect against fraud, abuse, and unauthorized access
• Improvement: Analyze usage patterns to enhance our services
• Compliance: Meet legal obligations and enforce our Terms of Service

How We Share Your Information

With Group Members

Your profile information and wishes are visible to members of groups you've joined. This is the core functionality of WishVault - enabling family and friends to see what you wish for.

We Do NOT Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We may share information with trusted service providers who assist in operating our service:

• Email service providers (for account verification and notifications)
• Cloud hosting providers (for secure data storage)
• Analytics services (to improve our service)

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

Data Security

We implement robust security measures to protect your information:

• Encryption: All data transmission is encrypted using HTTPS/TLS
• Password Protection: Passwords are hashed using industry-standard algorithms
• XSS Protection: Input sanitization prevents cross-site scripting attacks
• SQL Injection Prevention: Parameterized queries protect against database attacks
• Security Headers: CSP, X-Frame-Options, and other headers protect your browser
• Rate Limiting: Prevents brute-force attacks and abuse
• Email Verification: Confirms account ownership
• Authentication Tokens: Secure session management using Laravel Sanctum

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Privacy Rights

You have the right to:

• Access: View all personal information we hold about you
• Update: Edit your profile, preferences, and wishes at any time
• Delete: Remove your wishes, leave groups, or delete your account
• Export: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from email notifications (except essential account emails)
• Restrict: Limit who sees your information by managing group memberships

To exercise these rights, please contact us.

Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account:

• Your profile, wishes, and group memberships are permanently deleted
• Photos and uploaded files are removed from our servers
• Some data may be retained for legal compliance (e.g., transaction records) for up to 7 years
• Anonymized analytics data may be retained indefinitely

Cookies and Tracking

WishVault uses minimal cookies and tracking:

• Essential Cookies: Required for authentication and security
• Local Storage: Stores your authentication token and user preferences
• Session Management: Maintains your logged-in state

We do NOT use third-party advertising cookies or tracking pixels.

Third-Party Services

WishVault uses the following third-party services:

• Google Fonts: For typography (Limelight font). See Google's Privacy Policy
• Email Provider: For transactional emails (verification, password reset)

These services may collect their own data according to their privacy policies.

Children's Privacy

WishVault is designed for users of all ages, including children. However, we require parental consent for users under 13 years of age.

Parents can create accounts for their children and manage their wishes and group memberships. We encourage families to use WishVault together.

If you believe a child under 13 has provided personal information without parental consent, please contact us immediately.

International Users

WishVault is operated from the United States. If you are accessing our service from outside the U.S., your information may be transferred to, stored, and processed in the United States.

By using WishVault, you consent to the transfer of your information to the United States and processing according to this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification for material changes
• Displaying a notice in the application

Your continued use of WishVault after changes constitute acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please use our contact form: