Privacy Policy - Present For Me

1. Data controller

The data controller for personal data is Bussolari Alessio, based at Via del Prete 123, 47841 Cattolica (RN), Italy.

For any request related to the protection of personal data, you can contact us at info@presentfor.me.

2. Personal data collected

We collect different categories of personal data necessary for the operation of the platform:

👤 Account data

· First and last name
· Email address
· Date of birth (optional)
· Username
· Avatar/profile picture
· Preferred language and timezone

🔐 Authentication data

· Password hash (bcrypt)
· Session tokens
· API tokens (mobile app)
· IP address
· Browser user agent

📍 Shipping addresses

· Recipient name, address, city, province, postal code, country
· Phone number (optional)

⚙️ Preferences and settings

· Email and push notification preferences for each action type
· Digest settings (periodic summaries)

📱 Device data (iOS)

· APNs token for push notifications
· Platform, app version, device name

👥 Social data

· Friendships and friend requests
· Invitations (referrals)
· Group and event participation

🎁 Gift and wishlist data

· Gift names, descriptions, prices, URLs, and categories
· Reservations and contributions
· Private notes for gift givers

📅 Event data

· Event names, descriptions, dates
· Participant list and roles
· Secret Santa drawings

🎫 Support data

· Support tickets and messages

🏆 Gamification data

· Points, scores, badges earned
· Participation in draws and lotteries

3. Automatically collected tracking data

In addition to data you provide directly, we automatically collect:

Session data: access logs, session duration, pages visited
Shared link analytics: clicks on wishlist sharing links
Viral data: tracking of social shares, quizzes, challenges, and countdowns
Commercial clicks: clicks on links to partner sites (Amazon and others) for affiliate tracking
Administrative logs: administrator actions for security and audit purposes

4. Purposes and legal basis

We process your personal data in accordance with Art. 6(1) of the GDPR, based on the following legal grounds:

Performance of contract (Art. 6(1)(b))

Account creation and management
Provision of wishlist, gift, event, and Secret Santa services
Sending service-related notifications (reservations, invitations, drawings)
Support ticket management

Consent (Art. 6(1)(a))

Analytical cookies (Google Analytics)
Push notifications on mobile device
Sending promotional communications

Legitimate interest (Art. 6(1)(f))

Platform improvement through aggregate analysis
Fraud and abuse prevention
Service security

Legal obligation (Art. 6(1)(c))

Data retention required by tax and accounting regulations
Responding to requests from competent authorities

5. Cookies

For detailed information about the cookies used by the platform, their purposes, and how to manage them, please refer to our Cookie Policy available on the dedicated page of the site.

6. Third-party services

To operate the platform, we use the following third-party services that may process your data:

Google Analytics (Google LLC) — Web traffic analysis, activated only with cookie consent
Sentry (Functional Software Inc.) — Application error and performance monitoring
Apple Push Notification service (APNs) (Apple Inc.) — Sending push notifications to the iOS app
Resend (Resend Inc.) — Sending transactional emails (notifications, confirmations, password resets)
Firecrawl — Automatic extraction of product data from URLs (image, title, price)
Amazon Web Services S3 (Amazon Inc.) — Storage of files and images uploaded by users
Affiliate partners (e.g., Amazon) — Click tracking on product links for the affiliate program

Each third-party provider is required to process data exclusively for the stated purposes and in compliance with applicable regulations.

7. International data transfers

Some of our service providers (Google, Apple, Amazon, Sentry, Resend) are based in the United States. Data transfers to the US are carried out on the basis of:

EU-US Data Privacy Framework for certified providers
Standard Contractual Clauses (SCCs) approved by the European Commission

In any case, we adopt supplementary measures to ensure an adequate level of protection for your personal data.

8. Data retention period

We retain your data for the time strictly necessary for the purposes for which they were collected:

Account data: until account deletion + 30 days for permanent removal
Session data and logs: 30 days
Analytics data: 24 months
Support tickets: 12 months after closure
Affiliate data: according to partner program terms
Backups: 90 days, then automatically deleted

At the end of the retention period, data is deleted or irreversibly anonymized.

9. Data subject rights

Under Articles 15-22 of the GDPR, you have the right to:

Access (Art. 15): obtain confirmation of processing and a copy of your data
Rectification (Art. 16): correct inaccurate or incomplete data
Erasure (Art. 17): request deletion of your data ("right to be forgotten")
Restriction (Art. 18): restrict processing in certain circumstances
Portability (Art. 20): receive your data in a structured, machine-readable format
Objection (Art. 21): object to processing based on legitimate interest
Withdrawal of consent (Art. 7): withdraw consent at any time

To exercise your rights, write to info@presentfor.me. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it if you believe that the processing of your data violates the GDPR.

10. Children's data

Present For Me is intended for users aged 16 years or older. We do not knowingly collect personal data from children under 16. If a parent or guardian discovers that a minor has provided personal data without consent, they can contact us at info@presentfor.me to request its deletion.

11. Automated processing

The platform uses automated processes for certain features:

Gamification system: automatic assignment of points and badges based on user actions
Birthday gift lottery: automatic selection of winners based on scores and referral points
Secret Santa: automatic random drawing of gift recipients

None of these processes produce significant legal effects. You can always contact us to obtain a human review of any automated decision.

12. Data security

We adopt technical and organizational measures to protect your personal data:

Password encryption: passwords are protected with bcrypt (irreversible hashing)
HTTPS: all communications are encrypted with TLS
CSRF protection: anti-forgery tokens on every request
Rate limiting: API request throttling to prevent abuse
Secure API tokens: mobile authentication with revocable tokens

13. iOS app

If you use the Present For Me iOS app, we collect additional data specific to the mobile application:

Device token for push notifications (Apple APNs)
Device model, operating system version, and app version
Device name (for managing multiple sessions)

This data is processed exclusively to ensure the app functions properly and to deliver push notifications. You can revoke push notification permissions from your device settings at any time.

14. Changes to the privacy policy

We reserve the right to update this policy to reflect changes in our practices or for regulatory compliance. In case of substantial changes, we will inform you via:

Notice on the platform
Email to the address associated with your account
Push notification (if you have the app installed and notifications enabled)

We encourage you to periodically review this page to stay informed.

15. Contact

For any question, request, or report related to the protection of your personal data:

Email: info@presentfor.me
Website: www.presentfor.me

Privacy Policy 🔒