GiftDiceBack

Privacy Policy

Last updated: February 17, 2026

GiftDice ("we", "us", "our") operates the giftdice.com website. This policy explains what personal data we collect, how we use it, the legal basis for processing, and your rights under the EU General Data Protection Regulation (GDPR) and the UK GDPR.

1. Data Controller

GiftDice is the data controller for the personal data processed through giftdice.com. For any data protection queries, contact us at privacy@giftdice.com or reach out on X @olanetsoft.

2. Data We Collect

Account information: When you sign in with Google or email, we store your name, email address, and profile picture. This is used to identify you within gift exchanges and wishlists.

Exchange and wishlist data: We store the groups you create or join, wishlist items you add, gift reservations, and match results. This data is necessary to provide the service.

Usage data: With your consent, we collect basic analytics (page views, feature usage) via privacy-focused tools to improve the product. We also use Umami Analytics, which is cookie-free and does not collect personal data.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

  • Contract (Art. 6(1)(b)): Processing your account, exchange, and wishlist data is necessary to provide the GiftDice service you signed up for.
  • Consent (Art. 6(1)(a)): Analytics cookies (DataFast) are only loaded after you give explicit consent via our cookie banner.
  • Legitimate interest (Art. 6(1)(f)): We use cookie-free analytics (Umami) to understand general usage patterns and improve the service. This does not track individual users.

4. How We Use Your Data

We use your data to:

  • Create and manage your account
  • Facilitate gift exchanges and match drawing
  • Show your wishlists to people you share them with
  • Display reservation status on wishlists
  • Send email notifications about exchanges you participate in
  • Improve the product through anonymized analytics (with consent)

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Your data may be shared with:

  • Supabase (database & auth provider): Data is stored securely in their EU/US infrastructure with encryption at rest.
  • Umami Analytics: Cookie-free, privacy-first analytics. No personal data is collected.
  • DataFast Analytics (with consent): Basic page analytics. Loaded only after you accept analytics cookies.
  • Other users: Your display name and avatar are visible to members of exchanges you join. Wishlist owners can see who reserved their items.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the UK and EEA, including the United States, where our service providers (Supabase, Netlify) operate. These transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Cookies & Consent

Essential cookies: We use essential cookies for authentication (Supabase session management). These are strictly necessary for the service to function and do not require consent.

Analytics cookies: DataFast analytics scripts are only loaded after you give consent via our cookie banner. You can change your preference at any time in Account Settings.

Cookie-free analytics: Umami Analytics does not use cookies or collect personal data. It is loaded without consent as it is fully GDPR and UK GDPR compliant.

8. Data Visibility in the App

Gift exchanges: Each participant only sees their own match. The group creator can see all members but not other people's matches.

Wishlists: Anyone with the share link can view a wishlist and see which items are taken (but not who reserved them). The wishlist owner can see who reserved each item.

9. Data Retention

Your data is retained as long as your account is active. When you delete your account, all personal data is permanently removed within 30 days. This includes your profile, wishlists, group memberships, and notifications. Anonymized, aggregated data may be retained for analytics purposes.

10. Your Rights (GDPR Articles 15-22)

Under the GDPR and UK GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your account and personal data ("right to be forgotten").
  • Right to data portability (Art. 20): Export your data in a structured, machine-readable format (JSON).
  • Right to restrict processing (Art. 18): Request that we limit how we use your data.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw analytics cookie consent at any time via Account Settings.

You can exercise your rights to data export and account deletion directly from your Account Settings page. For other requests, contact us at privacy@giftdice.com. We will respond within 30 days.

11. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In the EU, contact your local data protection authority.

12. Security

We use industry-standard security measures including encrypted connections (HTTPS), secure authentication (OAuth 2.0), row-level security on our database, and encryption at rest. However, no method of transmission over the internet is 100% secure.

13. Children

GiftDice is not intended for children under 13 (or under 16 in certain EU/UK jurisdictions). We do not knowingly collect data from children under these ages. If you believe a child has provided us with personal data, please contact us.

14. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page with an updated date, and we may notify active users via email or in-app notification.

Contact

Questions about this policy? Contact us at privacy@giftdice.com or reach out on X @olanetsoft.