Privacy Policy Last updated: December 2024 1. Data Controller Responsible for data processing: Sebastian Seidel Email: wishlists.saas@gmail.com 2. Data Collected We collect and process the following personal data: Registration data (via Google Sign-In): • Email address • Name • Profile picture (if available in Google account) Usage data: • Created wishlists and wishes • Uploaded images • Friend connections • Reservations Technical data: • Device token for push notifications (FCM Token) • App version and operating system • Crash reports and error messages Optional data: • Contact list (only with activated contact search, not stored) • Language setting 3. Purpose of Data Processing Your data is processed for: • Providing and personalizing App features • Sending push notifications for reservations and friend requests • Sharing wishlists with friends • Improving App stability and user experience • Communication for support requests 4. Legal Basis Processing is based on: • Art. 6(1)(a) GDPR (consent) - for push notifications and contact access • Art. 6(1)(b) GDPR (contract fulfillment) - for core App features • Art. 6(1)(f) GDPR (legitimate interest) - for error analysis and improvements 5. Data Sharing with Third Parties We use the following service providers: • Convex (USA) - Backend database and real-time synchronization • Firebase/Google Cloud (USA) - Push notifications (FCM) • OneSignal (USA) - Push notifications • Sentry (USA) - Error tracking and crash reports • PostHog (USA) - Anonymized usage analytics • RevenueCat (USA) - In-app purchases and subscription management These service providers are contractually obligated to comply with the GDPR. 6. Data Sharing with Other Users The following data is visible to other users (depending on privacy settings): • Name and profile picture (for friends) • Shared wishlists (depending on visibility setting) • Reservation status of wishes (anonymized for wishlist owners) 7. Data Retention • User data is stored as long as your account is active • After account deletion, your data will be deleted within 30 days • Anonymized analytics data may be retained longer 8. Your Rights Under GDPR You have the right to: • Access information about your stored data (Art. 15 GDPR) • Correction of inaccurate data (Art. 16 GDPR) • Deletion of your data (Art. 17 GDPR) • Restriction of processing (Art. 18 GDPR) • Data portability (Art. 20 GDPR) • Object to processing (Art. 21 GDPR) • Withdrawal of given consents (Art. 7(3) GDPR) • Complaint to a supervisory authority (Art. 77 GDPR) 9. Push Notifications We send push notifications for: • Incoming friend requests • Reservations of wishes by friends • Shared wishlists You can disable push notifications at any time in the App settings. 10. Contact Access The optional contact search is solely used to find friends who also use the App. Contact data is: • Only matched locally on your device • Not stored on our servers • Not shared with third parties 11. Data Security We implement technical and organizational measures: • Encrypted data transmission (HTTPS/TLS) • Secure authentication via Google Sign-In • Access controls and permission systems 12. Contact For privacy questions, contact us: Email: wishlists.saas@gmail.com 13. Changes This Privacy Policy will be updated as needed. The current version is always available in the App under Settings > Legal.