Back to Giftie

Last Updated: May 28, 2026

Privacy Policy

How Giftie collects, uses, shares, retains, and protects personal information.

Thank you for choosing to be part of our community at GBYTE TECHNOLOGY INC ("Company," "we," "us," or "our"). We operate the AI-driven conversational gifting recommendation application known as Giftie (the "Services"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at [email protected].

This Services are hosted and intended for users globally. This privacy notice is designed to comply with global data protection frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Children's Online Privacy Protection Act (COPPA).

Please read this privacy notice carefully. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.

1. WHAT INFORMATION DO WE COLLECT & LEGAL BASES FOR PROCESSING

We process your data under distinct legal bases depending on the context of your interaction.

A. Data You Voluntarily Provide to Us

  • Account Data: Email addresses, usernames, and authentication tokens.

    • Legal Basis: Performance of a Contract (to create and secure your profile).

  • AI Chat, Prompts & Conversational Data: We collect the text, parameters, and parameters you input into our chat interface. This typically includes gift recipient descriptions (e.g., relationship, age range, interests), gifting scenarios, and your specified budget.

    • Legal Basis: Performance of a Contract / Explicit Consent. Processing this interaction data is strictly necessary to perform the AI recommendation service you requested.

User Guidance on Third-Party Data: To protect the privacy of others, please do not input any personally identifiable information (PII) of third parties (such as real names, exact addresses, or sensitive health conditions of your gift recipients). Our AI only requires generic traits (e.g., "my 30-year-old friend who likes reading") to generate accurate gift options. While we implement automated security filters to detect and sanitize accidental inputs of PII, we appreciate your cooperation in keeping your prompts generic.

B. Information Automatically Collected

  • Log, Device, and Usage Data: IP addresses, browser types, device configurations, unique device IDs, operating systems, and platform usage metrics.

    • Legal Basis: Legitimate Business Interests (to monitor security, fix bugs, and prevent platform abuse).

  • Cookies and Affiliate Tracking: Technical identifiers utilized to facilitate seamless navigation and attribute e-commerce sales.

    • Legal Basis: Consent. Non-essential tracking cookies are only deployed after you opt-in via our Cookie Consent Banner.

2. HOW WE SHARE YOUR DATA & TRANSPARENCY

To support our free AI service without relying on intrusive banner advertisements, we utilize an e-commerce affiliate commission model (CPS). We only share data with third parties under strict processing frameworks:

  • E-commerce Affiliate Networks (The CPS Model): Our Services display direct interactive product cards. When you click a product card, you will be redirected to an external third-party e-commerce website (such as Amazon). To track whether a purchase occurs (enabling us to earn a small referral commission), an anonymous tracking cookie or token is processed by our affiliate networks.

    • Current Product Data Partner: We utilize Datafeedr to source product metadata, pricing, and affiliate marketing links.

    • Cookie Lifespan & Function: These tracking cookies do not contain your name or email. They typically hold an industry-standard expiration period ranging from 24 hours to 90 days depending on the merchant.

    • How to Opt-Out: You can refuse or withdraw consent for affiliate cookies at any time via our built-in Cookie Preference Manager, or by adjusting your web browser settings to block third-party cookies.

  • Third-Party AI Infrastructure Providers: To generate conversational responses in real-time, your prompt texts are transmitted via encrypted APIs to our upstream Large Language Model (LLM) providers (such as OpenAI). We maintain enterprise-grade data processing agreements ensuring that your prompt data is processed strictly to generate responses, is kept confidential, and is explicitly prohibited from being used to train or improve public or internal base models.

3. AUTOMATED DECISION-MAKING AND USER RIGHTS (GDPR/CCPA compliant)

Our service utilizes automated algorithms and AI software to process your prompts and profile criteria in order to generate customized gift suggestions.

Under the GDPR (Article 22) and similar privacy frameworks, you possess specific protections regarding automated decision-making and profiling:

  • Right to Explanation & Review: You have the right to request information about the logic behind our AI's recommendation metrics.

  • Right to Opt-Out of Profiling: You can opt-out of behavioral profiling and personalized recommendations at any time through your Account Settings. If you opt-out, the AI will still respond to your direct prompt, but it will not utilize your past conversation history to build a personalized user profile or bias future gift results.

  • Human Intervention: If you believe an automated outcome has unfairly impacted your account status or access, you have the right to request a manual human review by emailing [email protected].

4. CHILDREN’S PRIVACY Protection (COPPA & GDPR Age Gates)

Our Services are strictly not directed to, or intended for, children under the age of 13 (in the United States) or 16 (in the European Economic Area).

We do not knowingly collect or solicit personal information from children under these age thresholds. If we discover or are notified that a child under the mandated legal age has registered an account or provided us with personal information, we will immediately take technical measures to delete all such data from our active and backup databases as swiftly as possible. If you are a parent or legal guardian and believe your child has accessed our Services without your consent, please contact us immediately at [email protected].

5. INTERNATIONAL DATA TRANSFERS

Our primary data storage and cloud hosting infrastructure are located in the United States.

For users accessing the platform from the European Economic Area (EEA), United Kingdom (UK), or other jurisdictions with strict data localization laws: your personal data will be transferred across international borders. To guarantee a level of data protection equivalent to your home country, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (DPF) where applicable, ensuring all international data recipients maintain rigorous organizational and technical security measures.

6. HOW LONG WE RETAIN YOUR DATA

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

We store your personal identifiers and chat histories only for as long as your user account remains active.

If you request to close or terminate your account, we initiate an automated data purging cycle. Your data will be completely deleted or permanently anonymized (rendered completely unidentifiable for statistical research) within 180 days from our active production systems, unless extended retention is required by law for financial auditing or tax purposes.

7. THIRD-PARTY TRANSACTION AND MERCHANDISE DISCLAIMER

Giftie is strictly an algorithmic AI recommendation engine and does not operate as an online merchant, distributor, or seller of physical goods.

All product data, pricing, and image cards displayed within the chat interface are pulled from third-party vendor APIs. Once you click a product card and leave our platform, your browsing behavior, transaction, and payments are entirely governed by the external platform’s terms of sale and privacy policy. We assume no responsibility or legal liability for product quality, delivery issues, transactional security, or merchant disputes occurring on external web domains.

8. HOW TO EXERCISE YOUR PRIVACY RIGHTS

To review, update, or permanently delete the personal data we hold about you, or to withdraw a previously given consent, you can use our automated privacy dashboard or contact us directly:

  • Privacy Management Dashboard: https://www.giftie.ai/privacy

  • Direct Compliance Email: [email protected]

Copyright 2026 US GBYTE TECHNOLOGY INC.., all rights reserved.