GiftBox – lists for couples

Privacy Policy

Last updated: 5.7.2026

This Privacy Policy explains how Klyushnik Stanislav, the developer of GiftBox (“we”, “us”, “our”), collects, uses, and protects your information when you use the GiftBox iOS app (“the App”). We built GiftBox to be private by design: it is a two-person wishlist for couples, and we keep the data we handle to the minimum needed to make the App work.

If you have any questions, contact us at publicsk@icloud.com.


1. Who is responsible for your data

The data controller for GiftBox is Klyushnik Stanislav, based in the Netherlands. You can reach us at publicsk@icloud.com.


2. Information we collect

We only collect what we need to run the App. Specifically:

Account information (via Sign in with Apple). The only way to create an account is Sign in with Apple. When you sign in, Apple provides us with a unique account identifier and, on first sign-in, your name and email address. If you choose Apple’s “Hide My Email” option, we receive a private relay address instead of your real email, and we never see your actual email address.

Content you create. This is the information you add to your wishlist, such as wish names, links, prices, categories, notes, and any photos you attach to a wish. It also includes actions your partner takes, such as claiming an item to gift or marking an item as received.

Partner connection data. To pair with your partner, we process invite codes and the connection between your two accounts.

Purchase information. If you buy a subscription or the lifetime upgrade, the purchase is processed entirely by Apple through the App Store. We never receive or store your card details. We only receive your subscription/entitlement status so we can unlock premium features.

Basic diagnostic data. We may process limited technical information (such as error logs) to keep the App stable and fix bugs. We do not use this to build advertising profiles.

We do not collect your precise location, contacts, or browsing activity, and we do not use third-party advertising or analytics SDKs that track you across other apps and websites.


3. Photos permission

GiftBox asks for permission to access your photo library only so you can attach an image to a wish you are adding. We access a photo only when you actively pick one. We do not scan, browse, or upload any other photos from your library, and we do not access your photos in the background. You can grant or revoke this permission at any time in iOS Settings → GiftBox → Photos.


4. How your data is stored and processed

We use Supabase as our backend service provider to securely store and sync your account, your wishlist content, and your partner connection. Supabase acts as a data processor on our behalf and hosts data in the EU (Ireland). Access to your data is protected by row-level security rules so that only you and your connected partner can see your shared wishlist.

Supabase processes data strictly to provide hosting and sync services to us. You can review Supabase’s practices at https://supabase.com/privacy.


5. How sharing with your partner works

GiftBox is designed for two people to share a wishlist. When you connect with a partner:

  • Your partner can see the wishes you add to your shared list.
  • Your partner can secretly claim an item to gift. You (the wisher) do not see which items have been claimed — that is the core “surprise” mechanic of the App.
  • Once you mark a gift as received, it moves to your personal history, which your partner does not see.

This sharing happens only between you and the partner you choose to connect with, through your accounts on our backend. It is not “sharing” with any outside company for their own purposes.


6. How we use your information

We use your information only to:

  • Create and secure your account.
  • Store and sync your wishlist and partner connection across your devices.
  • Enable the couples sharing and secret-claiming features.
  • Provide optional features you turn on, such as Hint Mode and price-drop alerts.
  • Process and restore your purchases and unlock premium features.
  • Diagnose problems, prevent abuse, and improve the App.

We do not sell your personal data, and we do not share it with advertisers, data brokers, or other third parties for their own marketing or purposes.


7. Who we share data with

We do not sell or rent your data. We only share it with the limited service providers required to operate the App:

  • Apple — for Sign in with Apple, iOS services, and payment processing.
  • Supabase — for backend hosting, storage, and sync (as described above).

These providers may process your data only on our instructions and to provide their service to us. We may also disclose information if required by law or to protect our legal rights.


8. Legal basis for processing (EEA/UK users)

If you are in the European Economic Area or the UK, our legal bases under the GDPR are:

  • Performance of a contract — to provide the App and its core features.
  • Legitimate interests — to keep the App secure, stable, and free of abuse.
  • Consent — where you grant optional permissions such as access to your photos. You may withdraw consent at any time.

9. Data retention

We keep your data for as long as your account is active. If you delete your account, we delete your account information, wishlist content, photos, and partner connection from our systems, except where we are legally required to retain certain records. Standard backups may persist for a short period before being overwritten.


10. Your rights and how to delete your account

You can delete your account and all associated data directly in the App under Settings → Delete Account. This permanently removes your wishlist, photos, and partner connection.

Depending on where you live, you may also have the right to access, correct, export, or restrict the processing of your personal data, and to lodge a complaint with your local data protection authority. To exercise any of these rights, email us at publicsk@icloud.com and we will respond within the timeframe required by law.


11. Security

We use industry-standard measures to protect your data, including encryption in transit, authenticated access via Sign in with Apple, and row-level security rules that restrict data access to you and your connected partner. No system is perfectly secure, but we work to protect your information and to promptly address any issues.


12. Children

GiftBox is not directed at children and is not intended for use by anyone under 16 (or the minimum age required in your country). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.


13. International data transfers

Your data may be processed in the region where our backend provider hosts it (the EU (Ireland)). Where data is transferred outside your country, we rely on appropriate safeguards, such as the standard contractual clauses, to protect it.


14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the App. Your continued use of GiftBox after changes take effect means you accept the updated policy.


15. Contact us

If you have questions about this Privacy Policy or your data, contact:


Email: publicsk@icloud.com