Privacy Policy
Last Updated: July 26, 2024
1. Introduction
Welcome to GiftSensei (https://giftsensei.app, the "Application"). This Privacy Policy explains how Aleksandar Petrov ("we," "us," or "our") collects, uses, shares, and protects your information when you use our Application. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable Bulgarian data protection laws.
2. Data Controller
The entity responsible for the processing of your personal data (Data Controller) is:
Identity: Aleksandar Petrov
Address: Vladislav Varnenchik 16, Varna 9000, Bulgaria
Email: contact@giftsensei.app
3. Information We Collect
We collect the following types of information:
Information you provide directly: When you use the gift suggestion form, you provide us with the following details, which are necessary to generate personalized gift ideas:
Recipient description (e.g., "My mother," "a friend")
Age range
Interests or hobbies
Occasion
Budget preference (optional)
We strongly advise against entering any personally identifying information (like full names, specific addresses) or sensitive personal data into these fields.
Information collected automatically: When you access the Application and interact with our backend service, we or our third-party service providers may automatically collect certain technical information:
IP Address: Collected by our hosting provider (Vercel) to operate the service, ensure security, prevent abuse, and perform basic analytics.
Usage Data & Server Logs: Our hosting and backend provider (Vercel) automatically logs information about requests made to our Application and backend API. These logs include the IP address, request timestamp, requested resource, status code, user agent, and potentially the data submitted via the form (recipient, age, interests, occasion, budget) as part of the API request payload. This logging is essential for operational monitoring, debugging errors, security analysis, and ensuring service availability.
4. How We Use Your Information and Legal Basis
We use the collected information for the following purposes, relying on specific legal bases under GDPR:
To Provide and Operate the Application: Processing the information you enter in the form (recipient, age, interests, occasion, budget) by sending it to a third-party AI service (OpenAI) to generate gift suggestions, and then displaying these suggestions and related affiliate links to you.
Legal Basis (GDPR): Art. 6(1)(b) - Processing is necessary for the performance of a contract (or to take steps at the request of the user prior to entering into a contract) by providing the requested service.To Enable AI-Powered Suggestions: Your input data is formatted into a prompt and sent to OpenAI's API to leverage their AI models for generating relevant gift ideas.
Legal Basis (GDPR): Art. 6(1)(b) - Necessary for providing the core feature of the service requested.To Ensure Security, Maintain, and Improve the Application: Processing IP addresses and usage data contained within server logs managed by our infrastructure provider (Vercel). This helps us prevent fraud, debug technical issues, monitor performance, ensure the security and integrity of our systems, and understand general usage patterns (in an aggregated or anonymized form where possible) to potentially enhance the service.
Legal Basis (GDPR): Art. 6(1)(f) - Legitimate interest in securing, maintaining, operating, and improving our Application and service.To Enable Affiliate Linking: Generating and displaying sponsored links to Amazon.com using our affiliate tag (antal01-21). If you click these links, Amazon processes your data according to their policies for tracking potential purchases and commissions. We do not receive personal data about your purchases from Amazon, only potentially aggregated commission reports.
Legal Basis (GDPR): Your explicit action of clicking the affiliate link constitutes interaction with a third-party service.
5. Data Sharing and Third Parties
We do not sell your personal information. We share information only when necessary to provide the service or as required by law, specifically with the following categories of third parties:
AI Service Provider (OpenAI, L.L.C.): We send the user-provided input (recipient, age, interests, occasion, budget) as part of a prompt to OpenAI's API (using models like `gpt-4o-mini`) to generate the gift suggestions. OpenAI acts as a data processor for this specific task, processing the data according to its policies. For details, see: OpenAI Privacy Policy and API Data Usage Policies.
Hosting and Backend Provider (Vercel Inc.): Our Application frontend and backend API function are hosted on Vercel. Vercel processes request data (including IP addresses and the data submitted via the form as part of API calls) and stores operational server logs as a data processor on our behalf, necessary for delivering and maintaining the service. For details, see: Vercel Privacy Policy and Vercel Data Processing Addendum.
Affiliate Partner (Amazon Services LLC Associates Program): If you click on a sponsored affiliate link (containing our tag antal01-21), you are redirected to Amazon.com. Amazon uses cookies and processes your data according to its own privacy policies to track referrals and potential commissions. For details, see: Amazon.com Privacy Notice.
Font Provider (Google LLC): We use Google Fonts to display text. Google may collect usage data or use cookies as described in their policies. For details, see: Google Privacy Policy.
Legal Requirements: We may disclose your information if required to do so by law, court order, or in response to valid requests by public authorities (e.g., law enforcement agencies).
6. Data Retention
We do not actively store the specific content of your gift search queries (recipient, interests, etc.) on databases directly controlled by us beyond the immediate processing required to generate and display suggestions.
However, the data you submit is processed by OpenAI and is included in operational server logs automatically generated and managed by our hosting and backend provider (Vercel). These logs, containing IP addresses, request details, and potentially the input data sent to the API, are retained by Vercel for a limited period (typically days or weeks, consistent with standard industry practices for operational logs) primarily for security, monitoring, and debugging purposes. Data retention by Vercel is governed by their policies.
Data processed by OpenAI is subject to their data usage and retention policies (see link in Section 5). We do not control the retention periods of these third-party services.
7. Data Security
We implement reasonable technical and organizational measures appropriate to the risk, such as using HTTPS for data transmission, to protect the information we handle. However, no internet transmission or electronic storage method is 100% secure. We rely on the security measures implemented by our third-party providers (Vercel, OpenAI). While we strive to protect your information, we cannot guarantee its absolute security.
8. Your Data Protection Rights (GDPR)
As a user, particularly if you are located in the European Economic Area (EEA), you have the following data protection rights regarding your personal data:
Right to Access: You can request information about whether we process your personal data and, if so, access to that data.
Right to Rectification: You can request that we correct any inaccurate personal data or complete incomplete data.
Right to Erasure ("Right to be Forgotten"): You can request the erasure of your personal data under certain conditions (e.g., if it's no longer necessary for the purposes collected, or if processing is based on consent and you withdraw it). Note that data within mandatory Vercel logs or processed by OpenAI might be subject to their retention/deletion cycles, which we don't directly control.
Right to Restrict Processing: You can request the restriction of processing your personal data under certain circumstances.
Right to Object to Processing: You can object to the processing of your personal data based on our legitimate interests (Art. 6(1)(f) GDPR).
Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you can request to receive your personal data in a structured, commonly used, machine-readable format, or have it transmitted directly to another controller where technically feasible.
Right to Withdraw Consent: If processing is based on consent (e.g., potentially for certain cookies via a banner), you have the right to withdraw consent at any time.
To exercise any of these rights concerning data potentially processed under our control, please contact us at: contact@giftsensei.app . We will respond to your request in accordance with GDPR requirements, typically within one month.
You also have the right to lodge a complaint with a supervisory authority. The competent authority in Bulgaria is the Commission for Personal Data Protection (CPDP):
Commission for Personal Data Protection
2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Website: https://www.cpdp.bg/
9. International Data Transfers
Your information is processed using services (Vercel for hosting/backend, OpenAI for AI processing) whose servers may be located outside of your country or the European Economic Area (EEA), including primarily the United States. These transfers are necessary to provide the Application's core functionality.
We rely on the data transfer mechanisms implemented by these third-party providers, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards under GDPR, to ensure that your data receives adequate protection when transferred outside the EEA. By using the Application, you acknowledge that your data will be transferred to and processed in these locations as described.
10. Children's Privacy
The Application is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at contact@giftsensei.app , and we will take steps to remove that information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, service providers, or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically for any changes.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
By email: contact@giftsensei.app
By mail: Aleksandar Petrov, Vladislav Varnenchik 16, Varna 9000, Bulgaria