Your privacy is at the heart of everything we build
HLT software solutions ("Giftme", "we", "our", or "us") operates the Giftme mobile application — an AI-powered social gifting platform that helps you discover, curate, and send meaningful gifts to the people you care about.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our application, website, and related services (collectively, the "Services"). It applies to all users of the Giftme app, including gift senders, recipients, and visitors to our platforms.
Data Controller / Fiduciary: Giftme Technologies Private Limited, registered under the Companies Act 2013, India.
We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.
Full name, email address, phone number, password, profile photo, date of birth.
Wish lists, gift preferences, occasion dates (birthdays, anniversaries), recipient details.
Billing address, payment method tokens (processed by our payment partners — we do not store raw card data).
Messages, gift notes, personalised greetings, and support tickets you submit.
With your explicit permission, we access your contacts to help you find friends on Giftme. This is optional and can be revoked at any time.
If you sign in via Google or Apple, we receive basic profile information per their respective policies.
Device model, OS version, unique device identifiers (Android ID), app version, language/locale.
Features used, screens viewed, session duration, tap/click interactions, search queries within the app.
Approximate location (city-level) only when you grant permission, used for local gift recommendations.
IP address, connection type (WiFi / mobile data), crash logs, and performance diagnostics.
We use the information we collect only for legitimate, clearly defined purposes. The legal bases under applicable law (including the Digital Personal Data Protection Act, 2023 and GDPR where applicable) are noted alongside each purpose.
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Provide and operate the Giftme Services | Contract / Consent | Account, gifting, payment data |
| AI-powered gift personalisation & recommendations | Consent / Legitimate Interest | Preferences, wish lists, usage patterns |
| Process gift orders and payments | Contract | Payment tokens, billing address |
| Send order, delivery, and account notifications | Contract | Email, phone, device token |
| Safety, fraud prevention, and security | Legitimate Interest / Legal Obligation | Device, network, payment signals |
| Improve app performance and fix bugs | Legitimate Interest | Crash logs, usage analytics |
| Personalised marketing and promotions | Consent (opt-in only) | Preferences, purchase history |
| Comply with legal and regulatory obligations | Legal Obligation | As required by law |
| Resolve disputes and enforce our Terms | Legitimate Interest / Legal Obligation | Account, communication, transaction data |
Giftme is an AI-powered platform. Our AI engine is central to the experience — it analyses patterns in your gifting history, preferences, occasion calendar, and browsing behaviour to surface the most thoughtful, relevant gift suggestions.
Our AI recommendations are assistive, not binding. No fully automated decision that significantly affects you (e.g., account suspension) is made without human review. You may contest any automated outcome by contacting our support team.
We may use aggregated, de-identified behavioural data to improve our AI models. This data cannot be traced back to any individual user. We do not use the content of your private messages or gift notes for model training without your explicit opt-in consent.
We share your information only in the limited circumstances described below. We require all third parties to maintain equivalent levels of data protection.
We engage trusted third-party vendors who process data on our behalf, under strict contractual data processing agreements:
When you purchase a gift, we share necessary order details (name, delivery address, order items) with the relevant merchant to fulfil your order. Merchants are prohibited from using this data for their own marketing purposes.
Your public profile (name, profile picture, public wish list) is visible to other Giftme users you are connected with. You control your privacy settings. Private wish lists and personal notes are never visible to other users unless you explicitly share them.
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Giftme, our users, or the public.
In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred to the successor entity. You will be notified via email and/or a prominent in-app notice before your data becomes subject to a different Privacy Policy.
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account & Profile Data | Duration of account + 30 days post-deletion | Service delivery; grace period |
| Order & Transaction Records | 7 years | Tax, accounting, legal compliance |
| Payment Tokens | Duration of account | Recurring purchases / refunds |
| Usage & Analytics Data | 24 months (then anonymised) | Product improvement |
| Customer Support Tickets | 3 years | Dispute resolution |
| Crash & Diagnostic Logs | 90 days | Bug fixing |
| Marketing Preferences | Until opt-out + 90 days | Suppression list management |
| Backup Data | Up to 90 days after deletion | Disaster recovery |
When you delete your account, we initiate deletion of your personal data within 30 days. Some data may be retained longer where we have a legal obligation or legitimate interest (e.g., fraud prevention records, tax records).
We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction.
All data in transit is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256.
Passwords are hashed using bcrypt. We support two-factor authentication (2FA) for added account security.
Strict role-based access controls. Only authorised personnel can access production data on a need-to-know basis.
Regular third-party security audits, penetration testing, and vulnerability assessments are conducted.
Hosted on ISO 27001-certified cloud infrastructure with automated monitoring and anomaly detection.
We have a documented data breach response plan. Affected users will be notified within 72 hours of discovery.
Depending on your jurisdiction, you have the following rights regarding your personal data. We honour these rights for all users regardless of location.
Right to Access
Right to Rectification
Right to Erasure
Right to Portability
Right to Restrict Processing
Right to Object
Right to Withdraw Consent
Right to Lodge a Complaint
You can opt out of promotional emails at any time by clicking the "unsubscribe" link in any marketing email, or by visiting Settings → Notifications → Marketing. Transactional notifications (order confirmations, delivery updates) cannot be disabled as they are necessary for the service.
You can manage push notification permissions via your device's OS settings (Android: Settings → Apps → Giftme → Notifications).
You can permanently delete your account at any time via Settings → Account → Delete Account. This is irreversible. Your personal data will be deleted within 30 days, subject to the retention obligations described in Section 6.
The Giftme app is not directed to children under the age of 13 (or under 16 in the European Economic Area, or under 18 in jurisdictions with higher age thresholds). We do not knowingly collect personal information from children below these thresholds.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@giftme.app. We will promptly delete such information from our systems.
The Giftme app may contain links to third-party websites or merchant storefronts. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you visit.
We integrate the following SDKs, each subject to their own privacy policies:
| SDK / Service | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Analytics, crash reporting, push notifications | Device ID, usage events, crash logs |
| Razorpay | Payment processing | Payment tokens, billing info |
| Google Sign-In | Social authentication | Basic profile (name, email, photo) |
| Sign in with Apple | Social authentication | Apple ID, name, email (optional) |
| Mixpanel | Product analytics | Anonymised user behaviour events |
| Freshdesk | Customer support | Name, email, support ticket content |
| Branch.io | Deep linking & attribution | Install referrer, device info |
All SDK integrations are reviewed for privacy compliance. We prohibit SDKs from using Giftme user data for their own advertising purposes.
Giftme is headquartered in India. Your data is primarily stored on servers located in India and Singapore. In some cases, data may be processed by our service providers in other countries (e.g., the United States or European Union) where data protection laws may differ from those in your country.
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
For users in the European Economic Area (EEA), the United Kingdom, or Switzerland, such transfers comply with Chapter V of the GDPR and equivalent regulations.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:
Your continued use of the Giftme app after the effective date of any changes constitutes your acceptance of the updated policy. If you disagree with the changes, you may delete your account before the effective date.
We encourage you to review this Privacy Policy periodically. Previous versions of this policy are archived and available upon request.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us. We are committed to resolving all privacy-related queries promptly and transparently.
In accordance with the Digital Personal Data Protection Act, 2023, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the details of our Grievance Officer are: