Sign UpLog In

Privacy Policy

Effective Date: 07/07/2025
Company: GiftBox Digital Inc., Ontario, Canada

1. INTRODUCTION

This Privacy Policy explains how GiftBox Digital Inc. (“GiftBox”, “we”, “us”, or “our”) collects, uses, and protects the personal information of individuals (“you”) who access and use the GiftBox platform (“Platform”).

By using our services, you agree to the practices described herein. GiftBox complies with applicable privacy laws, including Canada’s PIPEDA, the EU GDPR, and the California Consumer Privacy Act (CCPA/CPRA).


2. INFORMATION WE COLLECT

We collect the following types of information:
- Account Information: name, email address, date of birth, and occasion details
- Payment & Payout Data: connected bank account, Stripe Connected Account ID, payout preferences
- Transaction Details: gift amounts, sender names, messages, and timestamps
- Billing Information: billing name and address provided to payment providers (e.g., Stripe or Apple Pay)
- Device & Technical Data: IP address, browser type, device identifiers, and approximate location
- Communications: emails, support messages, and notifications
- Optional Profile Content: uploaded images and custom greetings
- Verification (KYC) Data: documents requested by Stripe for identity or bank verification


3. HOW WE USE YOUR INFORMATION

We process your data to:
- Create and manage your GiftBox profile
- Enable gift link creation and sharing
- Process payments and payouts through Stripe
- Send transactional and security notifications
- Detect fraud and ensure platform integrity
- Comply with legal and tax obligations


4. DATA ROLES (CONTROLLER / PROCESSORS)

GiftBox acts as a data controller for account and platform-related information.
Stripe and Apple Pay act as independent controllers for payment processing, billing data, and compliance checks.
GiftBox never has access to your full card or banking credentials.

We rely on trusted third-party providers:
- Stripe (payments and payouts)
- Apple Pay (optional payment method)
- Constant Contact (email communications)
- Google Analytics (aggregate analytics and usage metrics)
- Hosting providers such as AWS or Google Cloud (data storage and security)


5. LEGAL BASIS FOR PROCESSING (EU / UK RESIDENTS)

Under the GDPR, we process personal data based on:
- Consent for optional features and marketing
- Contractual necessity to deliver our services
- Legal obligation for tax and compliance requirements
- Legitimate interest for platform security and fraud prevention


6. COOKIES & ANALYTICS

GiftBox uses only essential cookies and aggregate analytics (such as Google Analytics) to understand service performance.
You may disable cookies through your browser settings.
We do not sell personal data.
Certain analytics tools may qualify as “sharing” under CPRA — you may exercise a Do Not Sell or Share right via your browser’s Global Privacy Control (GPC).


7. DATA STORAGE AND SECURITY

Your data is stored on encrypted servers hosted by AWS or Google Cloud. We use TLS encryption, hashed passwords, and restricted internal access. Although we apply industry-standard measures, no system is completely secure.


8. SECURITY INCIDENT NOTIFICATION

If a data breach or security incident occurs that may affect you, we will notify you and applicable authorities in accordance with legal requirements and take appropriate remedial steps.


9. AUTOMATED DECISIONS & REVIEW

GiftBox does not make automated decisions with legal or significant effects on users. Suspicious activity may be flagged for human review to ensure safety and compliance.


10. DATA SHARING AND DISCLOSURE

We never sell your information. We may share limited data with:
- Stripe / Apple Pay for payments and payouts
- Service providers that operate our infrastructure or analytics
- Legal or regulatory bodies if required by law
- Advisors or law enforcement during disputes or fraud investigations


11. THIRD-PARTY DISPLAY OF BILLING DATA

Certain payment providers (e.g., Stripe, Apple Pay) may automatically display the sender’s billing address or name in their receipts or dashboards.
GiftBox does not control these fields and is not responsible for how third-party systems display such information.


12. PAYOUT PROCESSING

GiftBox does not hold user funds. All balances and payouts are managed via your Stripe Connected Account.
The first payout may be held by Stripe for approximately 7–14 days as part of standard compliance review.
Subsequent payouts are automated according to your payout schedule (daily, weekly, or monthly).
GiftBox cannot alter these timelines.


13. INTERNATIONAL TRANSFERS

Your data may be processed in countries outside your residence.
We use Standard Contractual Clauses (SCCs) and other lawful safeguards.
Stripe and other providers may rely on certifications under the Data Privacy Framework (DPF).


14. DATA RETENTION

We retain data only as long as necessary for service provision and legal compliance:
- Account & transaction records — up to 6 years after closure
- Support interactions — 1 year
- Marketing preferences — until withdrawn


15. PUBLIC PROFILE VISIBILITY

Your name and occasion (e.g., “Anna’s Birthday”) may appear to visitors who receive your GiftBox link. You can deactivate the link any time.


16. CHILDREN’S PRIVACY

GiftBox is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. Parents or guardians may request deletion of a child’s information by contacting support@giftboxme.com.


17. TAX RESPONSIBILITY

Users are responsible for understanding and complying with their local tax laws related to gift income. GiftBox does not provide tax advice.


18. BUSINESS TRANSFERS

In case of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, subject to the same privacy commitments.


19. DATA SUBJECT RIGHTS & REQUESTS

Depending on your jurisdiction, you may have rights to:
- Access, correct, delete, restrict, or transfer your data
- Object to processing or withdraw consent
- File a complaint with your local data protection authority

To exercise these rights, email support@giftboxme.com. We will verify your identity and respond within the timeframes required by law. We honor Global Privacy Control (GPC) signals where applicable.


20. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)

California residents have the right to:
- Know what personal information is collected and why
- Request deletion of personal data
- Opt out of any “sale” or “sharing” of data (GiftBox does not sell data)
- Exercise rights without discrimination

Requests can be made to support@giftboxme.com.


21. POLICY UPDATES

We may update this Privacy Policy from time to time. The latest version will always be posted at www.giftboxme.com/privacy with an updated effective date. Material changes will be communicated via email or on-site notice.


22. CONTACT INFORMATION

GiftBox Digital Inc.
Ontario, Canada
support@giftboxme.com
www.giftboxme.com


Effective Date: October 29, 2025