Privacy Policy

Your privacy is important to us. Here's how we protect your information.

Last Updated: October 10, 2025

Introduction

Welcome to WishTogether! We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our collaborative wishlist application.

By using WishTogether, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you create an account with WishTogether, we collect:

  • Email Address: Used for account creation, authentication, and communication
  • Display Name: Your chosen name displayed to other users
  • Profile Photo (optional): Avatar image you choose to display
  • Authentication Data: Password (encrypted) or third-party authentication tokens (Google, Apple)

Wishlist Data

When you use our service, we collect and store:

  • Wishlists: Names, descriptions, themes, and settings for wishlists you create
  • Wishlist Items: Product names, descriptions, prices, URLs, images, and status information
  • Sharing Information: User IDs and permissions for wishlists you share with others
  • Metrics: Aggregated data about wishlist usage (item counts, completion rates, etc.)

Usage Information

We automatically collect certain information about how you use WishTogether:

  • Device Information: Browser type, device type, operating system
  • Usage Data: Features accessed, pages viewed, time spent in the app
  • Log Data: IP address, access times, error logs

Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences (theme, language)
  • Analyze usage patterns to improve our service
  • Enable Progressive Web App (PWA) functionality for offline access

How We Use Your Information

We use the information we collect to:

Provide and Maintain Our Service

  • Create and manage your account
  • Store and display your wishlists and items
  • Enable collaboration with other users
  • Sync data across your devices in real-time
  • Send email verification and important account notifications

Improve and Optimize

  • Analyze usage patterns to enhance user experience
  • Debug and fix technical issues
  • Develop new features based on user behavior
  • Optimize performance and reliability

Communication

  • Send you account-related notifications
  • Respond to your support requests
  • Inform you of updates or changes to our service (with your consent)

Security and Compliance

  • Detect and prevent fraud or abuse
  • Enforce our Terms of Service
  • Comply with legal obligations

Data Storage and Security

Where Your Data is Stored

Your data is stored securely using Google Firebase services:

  • Firestore Database: Stores your wishlists, items, and user profile
  • Firebase Authentication: Manages your login credentials securely
  • Firebase Storage: Stores images you upload (item photos, profile pictures)

All data is encrypted in transit using HTTPS and stored in Firebase's secure cloud infrastructure.

Security Measures

We implement industry-standard security measures:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
  • Password Security: Passwords are hashed and never stored in plain text
  • Access Controls: Strict database security rules ensure users can only access their own data and wishlists shared with them
  • Regular Updates: We keep our systems and dependencies up to date with security patches

Data Retention

  • Active Accounts: We retain your data for as long as your account is active
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Backups: Backup copies may be retained for up to 90 days for disaster recovery

Sharing Your Information

With Other Users

When you share a wishlist:

  • Other users can see the wishlist name, items, and your display name
  • Collaborators can view and edit shared wishlists based on permissions you grant
  • Your email address is never shared with other users unless you explicitly provide it

With Third-Party Services

We use trusted third-party services to operate our application:

  • Google Firebase: Hosting, authentication, database, and storage
  • Google Sign-In: Optional authentication method (only if you choose to use it)
  • Apple Sign-In: Optional authentication method for iOS/macOS users

These services have their own privacy policies and handle your data according to their terms.

Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Protect the rights and safety of our users

We will never sell your personal information to third parties.

Your Rights and Choices

Access and Control

You have the right to:

  • Access: View all personal data we have about you
  • Update: Modify your profile information, display name, and photo
  • Delete: Request deletion of your account and all associated data
  • Export: Request a copy of your data in a portable format

Privacy Controls

You can control:

  • Wishlist Visibility: Choose who can see and collaborate on each wishlist
  • Profile Privacy: Control what information is visible to other users
  • Email Preferences: Opt out of non-essential communications

Account Deletion

To delete your account:

  1. Go to Profile > Settings
  2. Select "Delete Account"
  3. Confirm deletion

All your wishlists, items, and personal data will be permanently deleted within 30 days.

Children's Privacy

WishTogether is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

Third-Party Links

Our service may contain links to external websites or services (e.g., product URLs in wishlist items). We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

International Data Transfers

Your information may be transferred to and stored on servers located outside your country of residence. By using WishTogether, you consent to the transfer of your information to countries that may have different data protection laws than your country.

Firebase services are hosted in data centers worldwide, and Google ensures appropriate safeguards are in place for international data transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For significant changes, we will notify you via email or in-app notification
  • Continued use of WishTogether after changes constitutes acceptance of the updated policy

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request information about data we collect and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact us using the information below.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

  • Right to Access: Obtain confirmation of data processing and access to your data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Lodge a Complaint: File a complaint with your supervisory authority

Data Protection Officer

For privacy-related inquiries, you can contact our Data Protection Officer at:

Email:

privacy@wishtogether.app

Response Time: We aim to respond within 30 days

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

WishTogether Support

Email: support@wishtogether.app

Website: www.wishtogether-app.com

Consent

By using WishTogether, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

Thank you for trusting WishTogether with your wishlist needs!