Gift Draw
Log inSign up free

Privacy Policy

Last updated: 2 March 2026

Your privacy matters to us. This policy explains what personal data Gift Draw collects, how we use it, and your rights. We keep it plain and simple, with no legal jargon.

1. Who we are

Gift Draw is a gift exchange platform that lets families and friends organise Secret Santa and other gift draws online. When this policy says “we”, “us” or “Gift Draw”, it refers to the operators of this service.

2. What data we collect

  • Account information: your name and email address when you register.
  • Password: stored as a one-way hash; we cannot read your password.
  • Profile data: optional date of birth and gift interests you choose to add.
  • Group and draw data: groups you create or join, draw assignments, exclusion rules, and budgets.
  • Wish list items: items you add to your wish list, including any links or prices.
  • Child accounts: if you add a child account, we store their name and optional date of birth. Child accounts have no email address and are linked to your parent account.
  • Usage data: basic server logs (IP address, browser type, pages visited) to keep the service running securely.
  • Email logs: a record of notification emails sent (recipient address, subject, delivery status) for troubleshooting.

3. How we use your data

  • To create and maintain your account.
  • To run gift draws and display wish lists to your group members.
  • To send transactional emails: invitations, draw results, and password reset links.
  • To keep the service secure and fix bugs.

We do not use your data for advertising or marketing of any kind.

4. We do not share or sell your data

We will never sell, rent, or share your personal data with third parties for commercial purposes. Your data is yours.

We use a small number of trusted sub-processors to operate the service, including a cloud database host and a transactional email provider. These providers only process data as directed by us and are bound by data processing agreements.

We may disclose data if required to do so by law or a court order, but we will notify you where legally permitted.

5. Cookies, sessions, and affiliate links

We use a single session cookie to keep you logged in. Gift Draw itself does not set any tracking or advertising cookies.

Gift Draw participates in the Amazon Associates programme. When you click a link to Amazon (for example, a wish list item or a gift suggestion), Amazon may set its own cookies on your device to attribute the referral and track purchases. This is governed by Amazon's Privacy Notice. As an Amazon Associate, Gift Draw earns from qualifying purchases made through these links at no extra cost to you.

You can clear your session cookie at any time by logging out or clearing your browser data.

6. Data retention and account deletion

Automatic deletion after inactivity

If your account has had no activity for 12 months, it will be automatically deleted along with all associated data: groups you own, wish list items, draw assignments, and any child accounts linked to yours. You will receive an email warning before deletion occurs.

Manual account deletion

You can delete your account at any time from your profile page. Deletion is immediate and permanent. We do not keep backups of deleted accounts. All your personal data, groups, wish lists, and child accounts will be removed.

7. Children's data

Child accounts are created and managed by a parent or guardian. Children do not need an email address to participate. A parent is fully responsible for any data entered on behalf of a child. We do not knowingly collect data directly from children under 13 without verified parental consent.

If you believe a child's data has been collected without appropriate consent, please contact us and we will delete it promptly.

8. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to or restrict how we process your data.
  • Export your data in a portable format.

To exercise any of these rights, please contact us using the details below.

9. Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt and never stored in plain text. We take reasonable precautions to protect your data, but no system is 100% secure, so please use a strong, unique password.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by displaying a notice on the site. The date at the top of this page always reflects the most recent update.

11. Contact

If you have any questions about this policy or your data, please reach out to us at privacy@kaizah.tech.