Privacy Policy & Data Protection

What personal information do we process?

When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information?

We do not process sensitive personal information.

Do we collect any information from third parties?

We may collect information from public databases, marketing partners, social media platforms, and other outside sources.

How do we process your information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

When and with whom do we share personal information?

We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe?

We have adequate organizational and technical processes and procedures in place to protect your personal information.

What are your rights?

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

Wishlist Data and Content

No Account Required: Pingwish operates without user accounts. When you create a wishlist, it is identified by a unique link rather than personal login credentials.

Wishlist Content: The information we store in your wishlists may include:

• Product names, descriptions, and links you add to your wishlist
• Any personal notes or comments you include with wishlist items
• Names or personal identifiers you choose to include in wishlist titles or descriptions
• Wishlist creation and modification timestamps

Data Storage and Lifecycle: Wishlists are stored in secure cloud databases and remain accessible via their unique links until:

• You explicitly delete them using the delete function
• 24 months of complete inactivity (no views or modifications)
• You request deletion by contacting us directly

Personal Data in Wishlists: While we don't require personal information, you may choose to include personally identifiable information in your wishlist content. Under GDPR, you have rights regarding this data including access, rectification, and deletion.

Contact Information

We may collect email addresses when you contact us for support or exercise your data subject rights. We do not require registration or account creation for basic service use.

Sensitive Information: We do not knowingly process sensitive personal information.

Information Automatically Collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information includes:

• Log and Usage Data: Service-related, diagnostic, usage, and performance information our servers automatically collect
• Device Data: Information about your computer, phone, tablet, or other device you use to access the Services
• Location Data: Information about your device's location, which can be either precise or imprecise

Google API: Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Information Collected from Other Sources

In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.

Third-Party Service Providers

We may share your personal information with third-party service providers that perform services for us or on our behalf, including:

• Umami Analytics: For privacy-focused website analytics and performance monitoring using cookieless tracking
• Hosting and Infrastructure Providers: For website hosting and technical operations

Affiliate Partners

We participate in affiliate marketing programs, including:

• Amazon Associates Program: When you click on Amazon product links, Amazon may track your activity for commission purposes
• Other Retail Partners: We may share anonymized or aggregated data with other affiliate partners to track referrals and commissions

These partnerships do not involve sharing your personal identifying information, but may involve sharing anonymized usage data and referral information.

Legal Requirements and Business Transfers

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities, or in connection with a merger, acquisition, or sale of all or a portion of our assets.

How the Gift Finder Works

Pingwish offers a "Gift Finder" feature that allows you to describe gift ideas or search criteria in a free-text search input field. When you submit a search query through the Gift Finder, the text you enter is processed as follows:

• AI Processing (OpenAI): Your search input is transmitted to the OpenAI API, a third-party artificial intelligence service provided by OpenAI, L.L.C. (San Francisco, USA). OpenAI processes your input to extract structured search criteria (such as product category, price range, recipient type, and occasion) from your free-text description. This processing is necessary to interpret your intent and generate relevant product search parameters.
• Product Search APIs: The extracted search criteria are then used as input for product search APIs provided by our retail partners, including but not limited to Amazon, eBay, and other e-commerce platforms. These partners receive the structured search parameters (not your original free-text input) to return relevant product results.

Data Transmitted to Third Parties

When you use the Gift Finder, the following data may be transmitted to third-party services:

• To OpenAI: The full text of your search input as entered in the Gift Finder search field. OpenAI processes this data under its own data processing agreement and privacy policy. We use the OpenAI API in a configuration that does not retain your input for model training purposes.
• To Retail Partner APIs (Amazon, eBay, etc.): Structured, extracted search parameters derived from your input (e.g., "wireless headphones under 50 EUR for teenager"). Your original free-text query is not forwarded verbatim to retail partners.

Pingwish does not store, log, or retain your Gift Finder search queries on its own servers beyond the duration of the individual request processing.

Important: Do Not Enter Personal or Sensitive Information

WARNING: The Gift Finder search field is designed exclusively for describing gift ideas, product preferences, and search criteria. It is not designed, intended, or suitable for the entry of personal, private, or sensitive information of any kind.

You must not enter any of the following into the Gift Finder search field:

• Full names, addresses, phone numbers, or email addresses
• Financial information (credit card numbers, bank details, etc.)
• Identity documents or government-issued identification numbers
• Health or medical information
• Passwords, access codes, or security credentials
• Information about third parties without their consent
• Any data classified as "special category data" under GDPR (Article 9)

Disclaimer of Liability: Pingwish, its owner Daria Aparina (Loony Rocket e.U.), and its affiliates accept no responsibility or liability whatsoever for any personal, private, sensitive, or confidential information that you voluntarily enter into the Gift Finder search field. By using the Gift Finder, you acknowledge and accept that any text you enter may be transmitted to third-party services (including OpenAI and retail partner APIs) as described above, and that Pingwish has no control over how such third parties process, store, or handle the data once transmitted. You use the Gift Finder entirely at your own risk with respect to the content you choose to enter.

Legal Basis for Processing (GDPR)

The processing of your Gift Finder search input is based on Article 6(1)(b) GDPR — processing necessary for the performance of a service you have requested (providing personalized gift search results). By voluntarily entering a search query and submitting it, you initiate the processing necessary to deliver the requested service. You are not required to use the Gift Finder feature, and the rest of Pingwish's services function independently without it.

AI-Generated Results Disclaimer

Search results and product suggestions generated through the Gift Finder are provided "as is" for informational purposes only. Pingwish makes no warranties regarding the accuracy, completeness, suitability, availability, or appropriateness of AI-processed search results or any products returned by third-party APIs. AI processing may occasionally produce inaccurate, incomplete, or irrelevant results. Always verify product details directly with the retailer before making purchasing decisions.

Umami Analytics

We use Umami Analytics, a privacy-first, cookieless analytics solution that respects user privacy. Umami does not collect any personally identifiable information, does not use tracking cookies, and does not require user consent under GDPR. All data collected is anonymous and aggregated for statistical purposes only. Umami is fully compliant with GDPR, CCPA, and PECR regulations.

Because Umami does not track individual users or collect personal data, there is no opt-out mechanism needed, and no consent banner is required.

Your Rights Under GDPR and Other Privacy Laws

In regions covered by GDPR (EEA, UK, Switzerland) and other privacy laws, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for cookies and analytics at any time
• Right to Lodge a Complaint: File complaints with your local data protection authority

How to Exercise Your Rights

Wishlist Data Management: Since Pingwish operates without accounts:

• Direct Deletion: Use the delete function available on your wishlist page
• Request Assistance: Email us at privacy@pingwish.com with your wishlist link
• Data Access: Contact us to request information about data associated with your wishlist link

Analytics Rights:

• Umami Analytics does not collect personal data or use tracking cookies, so no consent or opt-out is required
• Use browser settings to clear local storage if you wish to remove wishlist references from your device

Data Subject Request Process:

1. Contact us at privacy@pingwish.com
2. Specify which right(s) you wish to exercise
3. Provide sufficient information to identify your data (wishlist links, contact details, etc.)
4. We will respond within 30 days (or 1 month under GDPR)
5. Verification may be required to protect against unauthorized access

No Cost: Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.

Complaints and Data Protection Authorities

If you believe your privacy rights have been violated, you can lodge a complaint with:

• Austria: Datenschutzbehörde (DSB) - dsb.gv.at
• Your local EU data protection authority if you reside elsewhere in the EEA
• Contact us first: We encourage contacting us directly to resolve issues quickly

No Tracking Cookies

Cookieless Operation: Pingwish does not use tracking cookies or advertising cookies. We have deliberately chosen a privacy-first approach that respects user privacy without compromising functionality.

No Consent Required: Because we do not use tracking cookies or collect personal data through cookies, no cookie consent banner is required under GDPR, ePrivacy Directive, or similar privacy regulations.

Privacy-First Analytics with Umami

Cookieless Analytics: We use Umami Analytics, a privacy-focused analytics solution that operates without cookies. Umami:

• Does not collect personally identifiable information (PII)
• Does not track individual users across sessions
• Does not use cookies or similar tracking technologies
• Collects only anonymous, aggregated statistics about website usage
• Is fully compliant with GDPR, CCPA, and PECR without requiring user consent
• Does not sell or share data with third parties

Because Umami does not process personal data or track users, it does not require user consent under privacy regulations.

Browser Local Storage for Wishlist References

What We Store Locally: We store wishlist identification keys (unique links) in your browser's local storage to enable the "My Wishlists" feature. This local storage:

• Contains only wishlist link references, not the actual wishlist content
• Helps you access and manage your wishlists conveniently from the "My Wishlists" page
• Remains only on your device and is never transmitted to our servers
• Can be cleared at any time through your browser settings
• Does not track your behavior or collect personal information

No Remote Tracking: We do not track, monitor, or access your local storage data remotely. The wishlist keys are stored purely for your convenience to help you find wishlists you've created.

Important Security Note: If you use Pingwish on a shared or public computer, other users may access your wishlist references through the same browser. To protect your privacy, clear your browser's local storage for pingwish.com after use.

Third-Party Services and Data Processing

We integrate with the following third-party services:

Umami Analytics - Privacy-First Analytics: We use Umami Analytics, an open-source, privacy-focused analytics solution that operates without cookies or personal data collection. Umami:

• Does not use cookies or tracking technologies
• Does not collect personally identifiable information
• Does not track users across websites or sessions
• Collects only anonymous, aggregated usage statistics
• Is fully GDPR, CCPA, and PECR compliant without requiring user consent
• Does not transfer personal data internationally

For more information about Umami's privacy practices, visit Umami Privacy Documentation.

Amazon Affiliate Program: We participate in the Amazon Services LLC Associates Program and other Amazon affiliate programs. When you click on Amazon product links on our website, Amazon may set cookies to track your activity and we may earn a commission on qualifying purchases. This does not affect the price you pay. Amazon's use of cookies is governed by Amazon's Privacy Policy, which you can review at Amazon Privacy Notice.

No Other Third-Party Tracking: We do not use advertising networks, remarketing services, or other third-party tracking technologies on our website.

Managing Local Storage

Since we do not use tracking cookies, there are no cookies to manage. However, you can manage browser local storage:

Browser Settings: You can clear local storage data through your browser settings:

• Chrome: Settings → Privacy and Security → Clear browsing data → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data → Clear Data
• Safari: Settings → Privacy → Manage Website Data → Remove All
• Edge: Settings → Privacy, search, and services → Clear browsing data

Note: Clearing local storage will remove your saved wishlist references, and you'll need the direct links to access your wishlists again.

Legal Basis for Data Processing

Under GDPR and other applicable privacy laws, our legal basis for data processing is:

• Umami Analytics: Legitimate interest (website improvement) - does not require consent as no personal data is processed
• Local Storage: Legitimate interest (providing user convenience) - data stays on your device
• Wishlist Data: Contractual necessity and legitimate interest (service delivery)

Data Retention

Since we use cookieless analytics, there are no tracking cookies to retain. Local storage data retention:

• Browser Local Storage: Persists indefinitely until manually cleared by the user
• Umami Analytics Data: Anonymous aggregated statistics with no personal data retention
• Wishlist Data: Retained for 24 months of inactivity or until deleted

Updates to This Policy

We may update this policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a new effective date.

Minimum Age Requirements

Service Age Limit: Pingwish is not intended for use by children under the age of 13. Users must be at least 13 years old to use our services. Users between 13 and 16 years old (or the age of digital consent in their country) should have parental guidance when using our service.

For Users in the European Economic Area: The minimum age for using our service may be higher in your country based on local laws regarding digital consent (typically 16 in many EU countries).

Children's Data Protection

COPPA Compliance: We do not knowingly collect, use, or disclose personal information from children under 13 years of age without verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA).

GDPR Compliance for Minors: We do not knowingly process personal data of children under the age of digital consent in their respective EU member state without parental consent.

If We Discover Child Data: If we become aware that we have collected personal information from a child under the applicable age limit without appropriate consent, we will take steps to delete such information promptly.

Parental Rights: Parents or guardians who believe their child has provided personal information to us may contact us at privacy@pingwish.com to request review, deletion, or to stop further collection of their child's information.

Safe Usage Guidelines

Parental Guidance: We recommend that parents or guardians supervise minors' use of our service and ensure they understand:

• Not to include personally identifiable information in wishlists
• To keep wishlist links private and only share with trusted individuals
• To understand that affiliate links may lead to third-party shopping sites
• To seek parental permission before clicking on any external links

Privacy-First Approach

Transparency Notice: We believe in full transparency about our data practices. Pingwish has been designed with privacy as a fundamental principle.

No International Data Transfers for Analytics: Unlike many websites that use US-based analytics services (such as Google Analytics), Pingwish uses Umami Analytics, a privacy-first solution that does not collect personal data. Because Umami does not process personally identifiable information, there are no GDPR concerns related to international data transfers for analytics purposes.

Our Privacy-First Measures:

• No tracking cookies or advertising cookies
• Cookieless analytics that respects user privacy
• No user accounts, login, or authentication system
• No session tracking across pages or visits
• Minimal data collection - only what's necessary for service functionality
• Local browser storage for wishlist references (not tracked remotely)

Your Rights: If you have any privacy concerns, you can:

• Contact us to exercise your right to access, rectify, or delete your data
• Clear browser local storage to remove wishlist references
• File a complaint with your local data protection authority if you believe your rights have been violated

Affiliate Marketing Financial Relationships

Material Connections Disclosure: We want to be completely transparent about our financial relationships. Pingwish participates in affiliate marketing programs, which means we may receive financial compensation when you purchase products through certain links on our website. This creates a material connection that could potentially influence our product recommendations and content.

Editorial Independence: While we earn commissions from affiliate relationships, we maintain editorial independence and only recommend products we genuinely believe will provide value to our users. However, you should be aware that financial incentives exist and may influence which products we choose to feature or recommend.

User Protection: This disclosure is made to comply with:

• FTC Guidelines on Endorsements and Testimonials
• EU Consumer Rights Directive
• Amazon Associates Program requirements
• Austrian and European consumer protection laws

Third-Party Service Dependencies

Service Reliability Disclaimer: Our website relies on minimal third-party services (Umami Analytics for privacy-first analytics, Amazon affiliate tracking) for functionality and revenue generation. Changes to these services' terms, privacy policies, or availability could affect our service delivery.

Regulatory Compliance Updates: Privacy laws and regulations are continuously evolving. We commit to updating our practices and policies to maintain compliance. Our privacy-first approach ensures that we remain compliant with GDPR, CCPA, and other privacy regulations without requiring extensive consent management.

Technical and Organizational Security Measures

Data Protection: We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption: All connections to our website use HTTPS encryption
• Secure Hosting: Our services are hosted on secure cloud infrastructure with industry-standard security practices
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Updates: We maintain current security patches and updates
• Data Backups: Secure backup procedures to prevent data loss

Limitations: While we implement reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Privacy by Design Principles

Minimal Data Collection: Pingwish is designed with privacy in mind:

• No User Accounts: We don't require registration or personal information to use our basic service
• Private by Default: Wishlists are private and accessible only via unique links
• Local Storage: Wishlist preferences are stored locally in your browser when possible
• Data Minimization: We collect only the minimum data necessary for functionality
• Transparency: This comprehensive privacy policy explains all data practices

User Control: You maintain control over your data through:

• No Consent Required: We don't use tracking cookies or collect personal data through analytics, so no consent management is needed
• No User Login: There is no user authentication system, login, or session tracking
• Direct wishlist deletion capabilities
• Easy contact methods for data subject requests
• Local browser storage that you can clear at any time

Data Breach Procedures

Incident Response: In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Assess and contain the breach promptly
• Notify relevant supervisory authorities within 72 hours where required by law
• Notify affected users without undue delay if high risk to individual rights
• Implement measures to prevent future incidents
• Document all incidents for regulatory compliance