Simple Wisher
Sign in

Privacy Policy & Agreement

Effective date: 2026-03-17

This Privacy Agreement reflects common practice for online services and references GDPR and US state privacy concepts where helpful. It is not legal advice. Set your operating entity (and optional privacy inbox) in environment variables and have counsel review for your jurisdiction.

Cookies

Data controller

This Privacy Policy and User Agreement (“Privacy Agreement”) explains how the operator of Simple Wisher (“we”, “us”, “our”) collects, uses, stores, shares, and retains personal data when you use Simple Wisher (the “Service”).

It forms part of your contract with us alongside our Terms of Use and Cookie information.

By accessing or using the Service, you acknowledge that you have read this Privacy Agreement, understand the processing described here, and accept it where such acceptance is required or recognized under applicable law. If you do not agree, you must not use the Service.

Scope & roles

  • This Privacy Agreement applies to visitors, registered users, and Guests who interact with shared lists.
  • We act as a controller for personal data described here. Some providers (e.g. hosting, database, email delivery) process data on our behalf as processors, under our instructions and appropriate agreements (including data processing terms where required).

Sources of personal data

  • You: account details, wishlist content, messages to support, and anything else you submit.
  • Guests: information they provide when reserving an item (such as an optional name, or an anonymous reservation where enabled), linked to the relevant item and list.
  • Automatic collection: technical data (e.g. IP address, device/browser type, logs) and data from cookies or similar technologies, as described in our Cookie information. If you accept optional analytics in the cookie banner, Vercel Web Analytics may also collect privacy-oriented usage data as described below.

Categories of personal data

  • Account & authentication: email address, authentication identifiers, session/security tokens.
  • Content you provide: wishlist titles, descriptions, item details, links, images, prices, visibility settings.
  • Reservation data: optional name (or anonymous reservation where allowed), reservation timestamps, associated item/list identifiers.
  • Technical & usage: IP address, device/browser type, approximate location derived from IP, timestamps, diagnostic logs, and security signals.
  • Cookies and similar technologies: as described in our Cookie information. If you click Accept on the cookie banner, we load Google Analytics 4 (Google LLC) and Vercel Web Analytics (Vercel, Inc.) for aggregate usage statistics (e.g. page views). If you click Decline, those analytics scripts are not loaded.

Special or sensitive categories

We do not intentionally collect “special category” or sensitive personal data (such as health information, biometric data used to identify you, or data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetics, sex life, or sexual orientation). Do not include such information in list titles, descriptions, images, or links. Anything you post on a public list may be visible to anyone with the link.

Purposes & legal bases (EEA/UK reference)

  • Providing the Service, accounts, and support — performance of a contract and legitimate interests in operating a reliable service.
  • Security, abuse prevention, and integrity — legitimate interests and, where required, legal obligation.
  • Service emails (e.g. magic-link sign-in) — performance of a contract / legitimate interests.
  • Google Analytics 4 and Vercel Web Analytics (optional): when you accept analytics in the cookie banner, Google LLC and Vercel, Inc. process usage metrics on our behalf — typically on the basis of consent under EEA/UK law, or legitimate interests where permitted. You can stop this by choosing Decline (before accepting) or clearing site storage / contacting us for guidance.
  • Compliance with law — legal obligation.

How we use personal data

  • Create and manage accounts; authenticate users; display Content according to your settings.
  • Enable sharing, public links, and reservation features.
  • Maintain security, detect fraud, enforce our Terms, and protect users.
  • Communicate about the Service and respond to requests.
  • Where you have accepted optional analytics, Google Analytics 4 and Vercel Web Analytics help us measure aggregate traffic and performance; we do not use them for cross-site advertising or individual profiling.

Marketing and service communications

We send transactional or service-related messages needed to operate the Service (for example magic-link sign-in). We do not send promotional marketing emails unless we provide a separate opt-in and you choose to subscribe.

Disclosure & processors

  • We do not sell your personal information for monetary or other valuable consideration.
  • We share data with infrastructure and communications providers strictly as needed to operate the Service (for example cloud hosting, database, transactional email).
  • If you accept optional analytics in the cookie banner, usage-related data is processed by Vercel, Inc. as a service provider / processor for Vercel Web Analytics, in accordance with Vercel’s terms and privacy documentation.
  • We may disclose information if required by law, legal process, or to protect rights, safety, and security.
  • A public list is visible to anyone with the link; do not include sensitive personal data you do not want exposed.

Typical categories of subprocessors

  • Hosting, application runtime, and content delivery networks (often Vercel, Inc. if the app is deployed there).
  • Database, authentication, storage, and related backend infrastructure.
  • Transactional email delivery providers.
  • Google Analytics 4 (Google LLC) and Vercel Web Analytics (Vercel, Inc.): usage analytics — only loaded after you accept optional analytics in the cookie banner. See policies.google.com/privacy and vercel.com/docs/analytics for provider details.

International transfers

If personal data is processed in countries outside your own, we implement appropriate safeguards where required by law (such as standard contractual clauses or equivalent mechanisms). You may contact us at support@simplewisher.com for more information.

Retention

  • We retain personal data while your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and comply with law.
  • You may delete lists within the Service. To request deletion of your account and associated personal data, email us; we will respond within a reasonable timeframe subject to legal retention needs.

Security

We implement technical and organizational measures appropriate to the risk. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Security incidents

If we become aware of a personal data breach that risks your rights and freedoms, we will take remedial steps and notify supervisory authorities and/or affected individuals where required by applicable law. Contact: support@simplewisher.com.

Your rights

  • Depending on your location, you may have rights to access, rectify, erase, restrict processing, object, data portability, and withdraw consent where processing is consent-based.
  • You may lodge a complaint with a supervisory authority in your country.
  • To exercise rights, contact us at support@simplewisher.com. We may need to verify your identity and may ask for reasonable information to process your request.

California and certain US state privacy rights

  • Residents of California and some other US states may have additional rights under local law (such as rights to know, delete, or correct personal information, and to opt out of certain “sales” or “sharing” for cross-context behavioral advertising).
  • We do not sell personal information for money. We do not knowingly “share” personal information for cross-context behavioral advertising as defined under the CCPA/CPRA in the way those laws use those terms for our current Service.
  • If you opt in to optional analytics, limited usage or technical data may be processed by Vercel, Inc. as our analytics provider; you can avoid this by choosing Decline on the cookie banner or clearing stored consent.
  • To submit a request, email support@simplewisher.com with sufficient detail. You may designate an authorized agent where permitted. We will not discriminate against you for exercising privacy rights.

Automated decision-making

We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

Children

The Service is not directed to children under the age where parental consent is required in their jurisdiction. We do not knowingly collect personal information from such children. If you believe we have, contact us and we will take appropriate steps.

Changes to this Privacy Agreement

We may update this Privacy Agreement from time to time. We will post the revised version and update the effective date. Where changes are material and required by law, we will provide additional notice (for example by email or an in-Service notice). Continued use after the effective date may constitute acceptance where permitted by law.

Relationship to the Terms of Use

This Privacy Agreement supplements our Terms of Use. Together they govern your use of the Service. If there is an inconsistency, the provision that more specifically addresses privacy and personal data will control for that subject matter, to the extent permitted by law.

Contact & privacy requests

support@simplewisher.com