Givetplace
Sign inSign up

Privacy Policy

Last updated: May 22, 2026

Givetplace ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at givetplace.com (the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide

When you create an account or use the Service, we collect:

  • Account data: email address, username, display name, and profile picture.
  • Givet content: titles, descriptions, and images you upload when creating wishes.
  • Communications: thank-you messages and any correspondence with us.
  • Referral codes: codes you share or redeem.

1.2 Payment Information

All payment processing is handled by Stripe, Inc. We do not store your full card number, CVV, or bank account details. Stripe shares with us limited transaction metadata (amount, status, session ID) necessary to credit your account and fulfil Givets. If you connect a bank account to receive payouts (Stripe Connect), that onboarding is managed directly by Stripe under their own privacy policy.

1.3 Usage Data

We automatically collect data about how you interact with the Service, including IP address, browser type, pages visited, Givets viewed or funded, and Givet Credit transactions. This data is stored by Supabase and is used solely to operate and improve the platform.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

  • Contract performance: to create your account, process payments, and deliver the Service.
  • Legitimate interests: to detect fraud, ensure platform security, and improve the Service.
  • Legal obligation: to comply with applicable laws and regulations.
  • Consent: for optional communications such as product updates (you may withdraw consent at any time).

3. How We Use Your Information

We use collected information to:

  • Create and manage your account and authenticate your sessions.
  • Process payments and credit Givet Credits to your account.
  • Display your Givets to other users and facilitate funding.
  • Send transactional emails (account confirmation, payment receipts, notifications) via Resend.
  • Administer referral and reward programs.
  • Detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service.
  • Comply with legal obligations and enforce our policies.
  • Improve the platform's features and performance.

4. Data Sharing and Disclosure

We do not sell your personal data. We share data only as described below:

  • Stripe, Inc.— payment processing and Stripe Connect payouts. Stripe's privacy policy is available at stripe.com/privacy.
  • Supabase, Inc. — database hosting, authentication, and file storage. Your data is stored on Supabase-managed infrastructure.
  • Resend, Inc. — transactional email delivery (account verification, payment confirmations).
  • Other users: your username, avatar, and public Givets are visible to other users of the platform. Your email address is never shared publicly.
  • Law enforcement: we may disclose data when required by law, court order, or to protect the rights and safety of users or the public.

5. International Data Transfers

Givetplace uses service providers (Stripe, Supabase, Resend) that may process your data in the United States or other countries outside your jurisdiction. When we transfer data from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or the service provider's participation in an approved adequacy framework.

6. Data Security

We implement industry-standard security measures including encrypted connections (TLS), row-level security policies on our database, and access controls to protect your data. Authentication sessions are managed by Supabase using secure, httpOnly cookies. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service and comply with legal obligations. Transaction records may be retained for up to 7 years for accounting and tax purposes. You may delete your account at any time through your account settings, which will remove your profile data. Some anonymised or aggregated data may be retained for analytics.

8. Cookies and Local Storage

We use session cookies set by Supabase to keep you logged in and protect your session. These are strictly necessary for the platform to function. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal information, we will delete that data promptly. If you believe we have inadvertently collected such data, please contact us.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: request that we limit processing of your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, delete your account from your profile settings or contact us at privacy@givetplace.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information:

  • Right to Know: you may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: you may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: we do not sell your personal information to third parties.
  • Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise your California rights, contact us at privacy@givetplace.com. We will respond within 45 days as required by the CCPA. We may need to verify your identity before fulfilling your request.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email or a prominent notice on the platform. Your continued use of the Service after any update constitutes acceptance of the revised policy.

13. Contact

For privacy questions or to exercise your rights, contact us at privacy@givetplace.com.