Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: October 4, 2025

1. Introduction

Welcome to CoupleWish ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Services").

By using our Services, you consent to the data practices described in this policy. If you do not agree with the practices described in this policy, please do not use our Services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide to us, including:

  • Account information: Name, email address, password (encrypted)
  • Profile information: Optional photos, gender, theme preferences
  • Wishlist data: Item names, descriptions, product links, prices, priority levels, notes, and images
  • Calendar events: Important dates, event names, and descriptions
  • Partnership data: Partner connection codes and relationship status
  • Gift reservations: Items you've secretly reserved from your partner's wishlist (kept private from the wishlist owner)
  • Communication data: Support inquiries and feedback
  • Payment information: Processed securely by Apple/Google (we do not store payment card details)

2.2 Information Automatically Collected

When you use our Services, we may automatically collect:

  • Device information: Device type, operating system version, app version
  • Usage data: Features used, time spent in app, interaction patterns
  • Log data: IP address (anonymized), access times, error logs
  • Push notification tokens: To send you reminders and updates (only if you enable notifications)
  • Analytics data: Aggregated usage statistics to improve our Services

Note: We do NOT collect location data, browsing history, or any information outside of the CoupleWish app.

2.3 Information from Third Parties

We may receive limited information from:

  • Apple/Google: Payment transaction status (for in-app purchases only)
  • Analytics providers: Aggregated app performance and crash reports (Supabase)

Privacy First: We do NOT use advertising networks, social media tracking, or third-party data brokers. Your data stays within CoupleWish.

3. How We Use Your Information

We use your information to:

  • Provide and maintain our Services
  • Enable the Secret Reserve system
  • Facilitate wishlist sharing and gift coordination
  • Send notifications and reminders
  • Process payments and transactions
  • Provide customer support
  • Improve and personalize our Services
  • Conduct analytics and research
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Send marketing communications (with consent)
  • Develop new features and services

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Your Consent

We share information when you explicitly consent, such as sharing wishlists with your partner or family members.

4.2 Service Providers

We share limited information with the following trusted service providers:

  • Supabase: Database hosting and authentication (data encrypted at rest and in transit)
  • Apple/Google: Payment processing for in-app purchases only
  • Email service provider: For transactional emails (welcome, reminders, notifications)

These providers are contractually obligated to protect your data and may only use it to provide services to us.

4.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.

4.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

Your data security is our top priority. We use Supabase, a secure and trusted database platform that implements enterprise-grade security measures:

  • Encryption at rest: All data stored in our database is encrypted using AES-256
  • Encryption in transit: All data transmission uses TLS 1.3 protocols
  • Password security: Passwords are hashed using bcrypt and never stored in plain text
  • Row-level security (RLS): Database policies ensure users can only access their own data and data explicitly shared with them
  • Secret Reserve protection: Special security policies ensure wishlist owners cannot see who reserved their items
  • Regular backups: Automated daily backups with point-in-time recovery
  • Infrastructure security: Hosted on secure cloud infrastructure with DDoS protection

Important: No method of transmission over the internet or electronic storage is 100% secure. While we use industry-leading security measures to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability

Request access to your personal information and receive a copy in a portable format.

Correction

Request correction of inaccurate or incomplete personal information.

Deletion

Request deletion of your personal information at any time. Visit our Account Deletion page to permanently delete all your data.

Restriction

Request restriction of processing of your personal information in certain circumstances.

To exercise these rights, please contact us using the information provided at the end of this policy. We will respond to your request within the timeframe required by applicable law.

7. Data Retention

We retain your personal information only as long as you maintain an active account with CoupleWish. Our data retention policy:

  • Active accounts: Data is retained for the lifetime of your account
  • Account deletion: All personal data is permanently deleted within 30 days of account deletion request
  • Anonymized analytics: Aggregated usage statistics (no personal identifiers) may be retained for product improvement
  • Legal obligations: We may retain certain data if required by law (e.g., payment records for tax purposes)

You have control: You can delete your account and all associated data at any time through our Account Deletion page. This action is immediate and irreversible.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.

9. Children's Privacy

Our Services are not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information about your child, please contact us immediately.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Your continued use of our Services after any changes indicates your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@couplewish.app

Privacy Inquiries: support@couplewish.app

Data Protection Officer: support@couplewish.app

We will respond to your inquiry within 30 days or as required by applicable law.

Delete Your Account

You have the right to request deletion of all your personal data at any time. To delete your account and all associated data, please visit our Account Deletion page. This action will permanently remove all your wishlists, calendar events, photos, and personal information from our systems.

13. Regional-Specific Information

13.1 European Union Users (GDPR)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to object to processing of your personal information
  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time (where processing is based on consent)

Our lawful basis for processing your information includes:

  • Contract: To provide our Services as agreed
  • Legitimate Interest: To improve our Services and prevent fraud
  • Consent: For marketing communications and certain data processing activities

13.2 California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information we collect about you
  • Right to delete your personal information
  • Right to opt-out of the sale of your personal information
  • Right to non-discrimination for exercising your privacy rights

Note: We do not sell your personal information to third parties.