Privacy Policy

Effective date: February 2, 2026

Last updated: February 2, 2026

This Privacy Policy describes how WishlistMe ("Service", "we", "us") collects, uses, and protects personal data when you use our website or mobile applications.

The data controller is a sole proprietor (Einzelunternehmer) established in the Federal Republic of Germany.

Contact email: [email protected]

1. Information We Collect

We collect only information necessary to operate and improve the Service.

1.1 Information You Provide

  • Email address
  • Name or nickname
  • Profile avatar
  • Wishlist content and other user-generated content

1.2 Information Collected Automatically

  • IP address
  • Device and browser information
  • Log and usage data
  • Cookies (technical and analytical)

1.3 Payment-Related Information

Payments and gift collections are facilitated through third-party services such as Stripe, PayPal, and Revolut.

Users may voluntarily provide a payment link or identifier (e.g. PayPal or Revolut link) for group gift collections.

Such payment links are:

  • stored in encrypted form,
  • never publicly visible,
  • accessible only to participants of the specific gift collection.

We do not store full payment card details or banking credentials. All payment transactions are processed directly by third-party payment providers under their own privacy policies.

2. How We Use Information

We use personal data to:

  • Create and manage user accounts
  • Authenticate users (email/password, Google OAuth)
  • Enable creation and sharing of wishlists
  • Enable group gift collections
  • Facilitate payments through third-party providers
  • Ensure security and prevent fraud or abuse
  • Analyze usage and improve the Service

3. Legal Bases for Processing (GDPR)

Where applicable, we process personal data based on:

  • Performance of a contract
  • User consent
  • Legal obligations
  • Legitimate interests, including security and service improvement

4. Cookies and Tracking Technologies

We use strictly necessary cookies for website functionality and analytical cookies to understand how the Service is used.

Analytical cookies are used only with user consent.

  • Strictly necessary cookies for authentication and core functionality
  • Analytical cookies (Google Analytics, Umami)

5. Analytics

We use the following analytics providers:

  • Google Analytics
  • Umami

Analytics data is processed in aggregated or pseudonymized form where possible.

6. Data Sharing and Disclosure

We may share personal data only with:

  • Payment service providers (Stripe, PayPal, Revolut)
  • Hosting and infrastructure providers (EU-based)
  • Analytics providers

We do not sell or rent personal data.

7. International Data Transfers

Personal data may be processed outside your country of residence.

Where required, we apply appropriate safeguards such as standard contractual clauses or equivalent legal mechanisms.

8. Data Retention

We retain personal data only as long as necessary to:

  • Provide the Service
  • Comply with legal and accounting obligations

Users may request deletion of their account and associated data.

9. Account and Data Deletion

Users can request deletion of their account and personal data by contacting:

[email protected]

Requests are processed within a reasonable timeframe and in accordance with applicable law.

10. Children's Privacy

The Service is available to children.

We do not knowingly collect personal data beyond what is necessary to operate user accounts.

If a parent or legal guardian believes that a child has provided personal data without appropriate consent, they may contact us to request deletion.

11. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time

California residents may also have rights under CCPA/CPRA, including the right to know, delete, and opt out of data sharing.

Requests can be sent to: [email protected]

12. Data Security

We use appropriate technical and organizational measures, including encryption and access controls, to protect personal data against unauthorized access, loss, or misuse.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Changes will be published on this page with an updated effective date.

14. Contact Information

For privacy-related questions or requests:

Email: [email protected]