Privacy Policy

Effective: 2026-04-30

What we collect

• Email and password if you sign up with email/password.
• Phone number, verified via SMS — used as your friend identifier.
• Display name and (optional) username you choose during onboarding.
• Profile photo from your auth provider, if available.
• Wishlist items you save — URL, title, price, image, optional size.
• Friends and friend requests you send or receive.
• Hashed contact phone numbers only if you opt in to "Allow contact discovery" in Settings. Numbers are SHA‑256 hashed on-device before being sent for matching.

What we don't do

• We do not track you across apps or websites.
• We do not sell your personal data.
• We do not show ads.
• We do not send marketing emails or SMS.

Who we share with

Your friends see your wishlists. Close-Friends-only items are visible only to friends you've explicitly marked as close friends. We use Google Firebase (authentication, Firestore database) and Cloudflare (URL parsing) as data processors.

How long we keep data

Until you delete your account. When you delete your account, your user document, wishlists, and friend connections are removed. Cached URL parses (title/price for a public product page) may persist for up to 24 hours in our parser cache as anonymous data.

Your rights

You can delete your account from Profile → Settings → Delete account. You can also request a copy of your data by emailing privacy@gyft2go.com.

Children

Gyft2go is not directed to children under 13.

Changes

If we materially change this policy, we'll update the "Effective" date and notify users in-app.

Contact

privacy@gyft2go.com