Privacy Policy

GiftLetter (“GiftLetter,” “we,” “us”) helps you remember the people who matter and send them meaningful gifts and cards on time. This policy explains what we collect, how we use it, and the choices you have. By using GiftLetter you agree to this policy.

Information we collect

Account information. When you sign up we collect your name, email address, and password (or, if you sign in with Google, the basic profile and email Google shares). If you create a public profile, anything you choose to put on it is visible to others.

Recipient and event details. To do its job, GiftLetter stores the people you add as recipients and their occasions — names, relationships, important dates, notes, addresses you enter for shipping, and the letters and gift baskets you assemble for them.

Information from services you connect. GiftLetter only accesses a connected account after you explicitly authorize it, and only for the scopes described below:

• Google Calendar (read-only): we read your calendar list and event details so upcoming occasions surface automatically and you can pick which calendars to sync. We do not create, edit, or delete your calendar events.
• Google Contacts (read-only): we read your contacts so you can import the people you want to remember as recipients. We do not modify your contacts.
• Apple iCloud (Calendar and Contacts): if you connect iCloud with an app-specific password, we use it the same way — to read events and contacts you choose to sync. The password is stored encrypted and is never shown back to you.

Attendee emails are never stored.When we sync a calendar event, other guests’ email addresses are converted to a one-way cryptographic hash in memory and discarded — we never write a third party’s plaintext email to our database. This lets an event link to a recipient you already track without us ever holding that person’s address.

Payment information. Memberships are processed by Stripe. We never see or store your full card number; we keep only the subscription status and a Stripe customer reference.

How we use information

• Surface upcoming events and remind you before they arrive.
• Draft personalized letters and assemble gift suggestions. To do this we send the relevant recipient and event context to our AI provider (Anthropic’s Claude) to generate the draft.
• Fulfill and schedule the cards and gifts you choose to send.
• Operate, secure, support, and improve the service.

We do not sell your personal information, and we do not use information obtained from Google or iCloud for advertising.

Google API Services — Limited Use disclosure

GiftLetter’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve user-facing features that are prominent in the GiftLetter experience.
• We do not transfer Google user data to others except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition.
• We do not use Google user data for advertising.
• We do not allow humans to read Google user data unless we have your affirmative consent for specific messages, it is necessary for security purposes or to comply with applicable law, or the data has been aggregated and anonymized.

Gift sources and the Etsy API

To suggest gifts, GiftLetter draws on product listings from third-party marketplaces, including Etsy. We retrieve only publicly available listing information — such as titles, images, prices, and links — through Etsy’s official API; we never screen-scrape. We do notaccess, collect, or store the personal information of Etsy members, and we send Etsy only non-identifying search terms to find relevant listings — never your account, contacts, calendar, or recipient details. Listing data is cached only as permitted by Etsy’s API Terms of Use and is refreshed or discarded accordingly.

The term ‘Etsy’ is a trademark of Etsy, Inc. This application uses the Etsy API but is not endorsed or certified by Etsy, Inc.

Sharing

We share information only with:

• Service providers that run GiftLetter on our behalf — Stripe (payments), Anthropic (AI letter and gift generation), and our hosting and email infrastructure — under contractual confidentiality obligations.
• Merchants and affiliate networkswhen you click a gift link. GiftLetter is an intelligence and sending layer, not a merchant of record; purchases happen on the retailer’s own site, and we may earn an affiliate commission. We do not pass your contacts, calendar, or recipient data to these networks.
• Authorities when required by law, and a successor entity in a merger or acquisition.

Data retention and deletion

We keep your information for as long as your account is active. You can disconnect Google or iCloud at any time from the Integrations page, which revokes our access and stops future syncing. You can delete individual recipients and events, or request deletion of your entire account and all associated data by emailing privacy@giftletter.ai. On account deletion we remove your personal data from our active systems, except where we must retain limited records to comply with legal obligations.

Security

We protect data in transit and at rest, encrypt sensitive credentials such as your iCloud app-specific password, and limit access to authorized personnel. No system is perfectly secure, but we work to safeguard your information.

Children

GiftLetter is not directed to children under 13, and we do not knowingly collect their personal information.

Changes

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated to you directly.

Contact

Questions about this policy or your data? Email privacy@giftletter.ai.