Privacy Policy

Last Updated: April 4, 2026

This Privacy Policy describes how YesssGifts ("we," "us," or "our") collects, uses, and shares your personal information when you use our gift suggestion application. YesssGifts is operated by the site owner. If you have questions or concerns, you can contact us via the app.

1. Data We Collect

Account Data

• Email address
• Password (stored as a bcrypt hash — we never store your password in plain text)

Profile Data

• Name
• Date of birth
• Gender
• Location
• Cultural and religious celebration themes

Recipient Data

Information you provide about the people you are shopping for:

• Name
• Relationship to you
• Birthdate and age
• Gender
• Location
• Interests and hobbies
• Photo
• Gift budget preferences
• Event dates and labels
• Past gift history
• Gifted status

Session Data

• One session cookie (connect.sid) with a 7-day duration, used for authentication

Usage Data

• Server request logs, including IP addresses, timestamps, and endpoints accessed

2. How We Use Your Data

• AI Gift Suggestions: We use your profile and recipient data to generate personalized gift suggestions through AI.
• Gifting Occasion Tracking: We use event dates, gift history, and gifted status to help you track gifting occasions and what you have given in the past.
• Email Verification: We use your email address to send account verification emails.

3. Third-Party Data Sharing

We share your data with the following third-party services in order to provide core application functionality:

Anthropic (Claude AI)

To generate gift suggestions, the following data is sent to Anthropic's Claude API: recipient names, ages, genders, relationships, interests, locations, cultural themes, photos (transmitted as base64 images), past gift history, and gift-giver profile information. Anthropic processes this data under their commercial API terms.

Google (Gmail SMTP)

User email addresses are transmitted through Gmail's SMTP servers for account verification emails.

Microsoft (Bing)

Gift product search terms are sent to Bing Image Search to retrieve product images for gift suggestions.

4. Cookie Policy

We use one essential session cookie (connect.sid) for authentication purposes. This cookie is required for the application to function.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

5. Data Retention

• Account and recipient data: Retained until you request deletion.
• Server logs: Application logs are retained for 90 days. Security audit logs are retained for 1 year.
• Sessions: Session cookies expire after 7 days.

6. Data Encryption

Sensitive personal data fields — including names, birthdates, locations, and interests — are encrypted at rest using AES-256-GCM.

7. Security Measures

We implement the following measures to protect your data:

• Passwords hashed with bcrypt
• Session cookies configured with httpOnly and sameSite flags
• Input validation and sanitization
• Rate limiting
• CSRF protection
• Field-level encryption at rest for sensitive data
• Audit logging
• Content Security Policy headers

8. International Data Transfers

Your data may be processed by the following third-party services located in the United States:

• Anthropic (USA)
• Google (USA)
• Microsoft (USA)

9. Your Rights Under the GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Right of access — request a copy of your personal data
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data
• Right to restriction of processing — request that we limit how we use your data
• Right to data portability — request your data in a portable format
• Right to object — object to the processing of your personal data
• Right to withdraw consent — withdraw your consent at any time

You can export your data and delete your account from the Settings page within the application.

10. Your Rights Under the CCPA

If you are a California resident, you have the following rights:

• Right to know — request disclosure of what personal information we collect, use, and share
• Right to delete — request deletion of your personal information
• Right to opt-out of sale — We do not sell your personal information
• Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

11. Children's Privacy

YesssGifts is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13.

Recipient data about minors may be entered by adult users who are responsible for having appropriate authorization to provide such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us via the application.