GiftMind← Back to home

Privacy Policy

Last updated: 16 May 2026

1. Who we are

GiftMind (“we”, “us”, “our”) operates the website at giftmind.co.uk. We are the data controller for personal data collected through this service. If you have questions about how we handle your data, contact us at support@giftmind.co.uk.

2. What data we collect

We collect the following personal data when you use GiftMind:

  • Account data: your name and email address when you register.
  • Contact data: names, birthdays, anniversaries, and interests you add for people you buy gifts for.
  • Usage data: gift preferences, feedback on suggestions, shortlists, and budget settings.
  • Technical data: IP address, browser type, and pages visited, collected automatically via server logs.

3. How we use your data

We use your data to:

  • Provide and personalise the GiftMind service, including generating AI gift recommendations.
  • Send reminder emails for upcoming occasions (where you have opted in).
  • Improve the accuracy of recommendations over time using aggregated, anonymised signals.
  • Comply with legal obligations and resolve disputes.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

4. Payments — we never hold your payment information

GiftMind does not process, store, or handle any payment card or financial information.When you click “Shop now” on a gift suggestion, you are taken directly to the retailer’s own website to complete your purchase. All transactions are between you and the retailer. GiftMind is not a party to any purchase and accepts no liability for transactions made with third-party vendors.

5. Cookies and tracking

We use session cookies that are strictly necessary to keep you logged in. We do not use advertising or tracking cookies. We may log Shop Now clicks to measure which product categories are popular; this data is aggregated and not used to build individual profiles.

6. Data sharing

We share data only with:

  • Anthropic: gift suggestion prompts are processed by the Claude API. Prompts may include contact first names and interest categories but never contact surnames or contact email addresses.
  • Neon / our database host: your data is stored in a managed PostgreSQL database.
  • Vercel: our hosting provider processes requests and serves the application.
  • Resend: used to send transactional emails such as password reset links and reminders.

All sub-processors are contractually bound to handle data securely and in compliance with applicable data protection law.

7. Data retention

We keep your account data for as long as your account is active. If you delete your account, your personal data is permanently deleted within 30 days, except where we are required by law to retain it longer.

8. Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Object to or restrict our processing of your data.
  • Receive your data in a portable format.

To exercise any of these rights, email support@giftmind.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

9. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. No system is completely secure, but we take reasonable steps to protect your data from unauthorised access, loss, or disclosure.

10. Changes to this policy

We may update this policy from time to time. If we make material changes we will notify you by email or by posting a notice on the site. Continued use of GiftMind after changes take effect constitutes acceptance of the updated policy.