Privacy Policy

1. Introduction

Welcome to Giftly, an AI-powered gift recommendation platform operated by Bula Labs, Inc., a Delaware corporation ("Company," "we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website, mobile application, and related services (collectively, the "Service").

What This Policy Covers

This Privacy Policy applies to all users of Giftly, including both gift-givers ("Users") and gift recipients ("Giftees") whose information is provided by Users.

Your Consent

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

Contact Information

For questions about this Privacy Policy or our privacy practices, contact us at [email protected].

2. Information We Collect

We collect several types of information to provide and improve our Service.

2.1 Information You Provide Directly

Account Information:

• Name, email address, password
• Age verification (18+ requirement)
• Profile information and preferences
• Payment information (processed by third-party payment processors)

Giftee Information:

• Names, ages, gender, occupations, employers
• Email addresses and contact information
• Interests, skills, and preferences
• Educational background and important dates
• Relationship details and personal notes
• Social media profile URLs (LinkedIn, Twitter, Facebook, GitHub, Instagram)

User-Generated Content:

• Gift preferences and feedback
• Reviews and ratings of recommendations
• Messages and communications through our platform
• Photos or other content you upload

2.2 Information We Collect Automatically

Usage Data:

• Pages visited, features used, time spent on Service
• Search queries and recommendation interactions
• Click-through rates and user behavior patterns
• Gift recommendation feedback (likes, dislikes, saves)

Device and Technical Information:

• IP address, browser type, operating system
• Device identifiers and mobile advertising IDs
• Referral URLs and timestamps
• Cookies and similar tracking technologies
• Location data (city/state level based on IP address)

2.3 Information From Third-Party Sources

Profile Enrichment Services:

We use People Data Labs (PDL) to enrich Giftee profiles with publicly available professional and social information, including:

• Professional background and career history
• Educational background
• Social media presence and activity
• Location and demographic information
• Skills and interests derived from public profiles

Social Media Integration:

When you provide social media URLs, we may access publicly available information from these platforms to enhance gift recommendations.

Analytics and Advertising Partners:

We receive analytics data from service providers like Google Analytics to understand how our Service is used.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Core Service Functions

Gift Recommendation Engine:

• Analyze Giftee profiles to generate personalized gift suggestions
• Match interests, demographics, and preferences with suitable products
• Improve recommendation accuracy through machine learning

Platform Operations:

• Create and manage user accounts
• Process transactions and facilitate purchases
• Provide customer support and respond to inquiries
• Send service-related communications and updates

3.2 Service Improvement

Analytics and Research:

• Analyze usage patterns to improve our algorithms
• Conduct research on gifting preferences and trends
• Test new features and functionalities
• Monitor and improve Service performance

Personalization:

• Customize user experience and interface
• Provide relevant content and recommendations
• Remember user preferences and settings

3.3 Marketing and Communication

Promotional Communications:

• Send newsletters, product updates, and promotional offers
• Share relevant gifting tips and seasonal recommendations
• Conduct surveys and collect feedback

Social Features:

• Enable sharing of gift recommendations (with your permission)
• Facilitate social interactions related to gifting

3.4 Legal and Safety

Compliance and Protection:

• Comply with applicable laws and regulations
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and policies
• Respond to legal requests and proceedings

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist in operating our Service:

All service providers are contractually required to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or regulatory requirements
• Protect the rights, property, or safety of Bula Labs, our users, or others
• Investigate potential violations of our Terms of Service
• Prevent fraud or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity, subject to this Privacy Policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security and Protection

5.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encryption of data in transit and at rest
• Secure server infrastructure with access controls
• Regular security monitoring and vulnerability assessments
• Multi-factor authentication for administrative access

Organizational Safeguards:

• Employee training on data protection practices
• Access controls limiting who can view personal information
• Regular security audits and compliance reviews
• Incident response procedures for potential breaches

5.2 Data Breach Notification

In the event of a security breach affecting your personal information, we will:

• Notify affected users within 72 hours when feasible
• Provide details about the breach and steps being taken
• Offer guidance on protective measures you can take
• Cooperate with law enforcement and regulatory authorities as required

5.3 Limitations

While we strive to protect your information, no security system is 100% secure. We cannot guarantee the absolute security of your information transmitted through our Service.

6. Your Rights and Choices

6.1 Account Management

• Access and Updates: You can access and update your account information through your user dashboard or by contacting us at [email protected].
• Account Deletion: You may delete your account at any time, which will remove your personal information from our active systems within 30 days.

6.2 Communication Preferences

• Marketing Communications: You may opt out of promotional emails by using the unsubscribe link in any marketing email or by contacting us.
• Service Communications: You cannot opt out of essential service-related communications (e.g., security alerts, account notifications).

6.3 Rights Under Privacy Laws

Depending on your location, you may have additional rights:

For EU Users (GDPR Rights):

• Right to Access: Request a copy of the personal information we hold about you
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Limit how we use your information
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing where applicable

For California Users (CCPA Rights):

• Right to Know: Request disclosure of categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

For Colorado Users (CPA Rights):

• Right to Access: Request access to your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of targeted advertising and sale of personal information

6.4 Exercising Your Rights

To exercise any of these rights, contact us at [email protected] with:

• Your full name and email address
• Specific request and supporting information
• Proof of identity (when required for security)

We will respond to verified requests within 45 days (or as required by applicable law).

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies: Required for core Service functionality, including authentication and security
• Analytics Cookies: Help us understand how users interact with our Service to improve performance
• Preference Cookies: Remember your settings and preferences for a better user experience
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness

7.2 Third-Party Cookies

Our Service may include cookies from third-party services:

• Google Analytics for usage analytics
• Social media platforms for sharing features
• Advertising partners for targeted recommendations

7.3 Managing Cookies

• Browser Controls: Most browsers allow you to control cookies through their settings
• Opt-Out Tools: You can opt out of certain tracking through industry tools like the Digital Advertising Alliance's opt-out page
• Impact of Disabling Cookies: Disabling certain cookies may limit Service functionality

8. International Data Transfers

8.1 Cross-Border Transfers

Bula Labs operates primarily in the United States. If you access our Service from outside the US, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

8.2 Adequacy and Safeguards

For transfers from the EU/UK, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Other appropriate safeguards as required by applicable law

8.3 Legal Basis for Processing (EU Users)

We process personal information based on:

• Contract Performance: To provide our Service and fulfill our obligations
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Consent: For marketing communications and optional features
• Legal Obligations: To comply with applicable laws and regulations

9. Children's Privacy

9.1 Age Restrictions

Giftly is intended for users who are at least 18 years old. We do not knowingly collect personal information from children under 18.

9.2 COPPA Compliance

If we become aware that we have collected personal information from a child under 13, we will:

• Delete the information immediately
• Terminate any associated account
• Notify parents/guardians if contact information is available

9.3 Parental Rights

Parents who believe their child has provided information to us may contact [email protected] to request review and deletion of such information.

10. Data Retention

10.1 Retention Periods

We retain personal information for different periods based on the purpose:

10.2 Retention Criteria

Retention periods are determined based on:

• The purpose for which information was collected
• Legal and regulatory requirements
• Legitimate business needs
• User preferences and deletion requests

10.3 Data Deletion

After retention periods expire, we securely delete or anonymize personal information. Some anonymized or aggregated data may be retained indefinitely for research and analytics.

11. Updates to This Privacy Policy

11.1 Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

11.2 Notification of Changes

Material Changes:

We will provide prominent notice of significant changes through:

• Email notification to registered users
• In-app notifications
• Website banners or notices

Minor Changes:

Updates to contact information, clarifications, or non-material changes will be reflected by updating the "Last Updated" date.

11.3 Continued Use

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

11.4 Annual Updates

In compliance with CCPA requirements, we review and update this Privacy Policy at least annually.

12. Contact Information

12.3 Regulatory Authorities

EU users have the right to lodge a complaint with their local data protection authority if they believe we have violated their privacy rights.

California users may contact the California Privacy Protection Agency at: https://cppa.ca.gov/

12.4 Response Times

We strive to respond to all privacy-related inquiries within 30 days. For requests under specific privacy laws (GDPR, CCPA, etc.), we will respond within the timeframes required by applicable law.

13. State-Specific Privacy Rights

13.1 California Residents

• Notice of Collection: At the time of collection, we will inform you of the categories of personal information collected and the purposes for which it will be used.
• Sale of Personal Information: We do not sell personal information as defined by the CCPA.
• Sensitive Personal Information: We do not process sensitive personal information in ways that require additional CCPA disclosures.
• Do Not Sell or Share My Personal Information: While we don't sell personal information, you can contact us at [email protected] to confirm this status.

13.2 Colorado Residents

Colorado users have rights similar to California users under the Colorado Privacy Act (CPA), including rights to access, correct, delete, and opt out of certain processing activities.

13.3 Virginia Residents

Virginia users have similar rights under the Virginia Consumer Data Protection Act (VCDPA), including rights to access, correct, delete, and obtain a copy of personal information.