Privacy Policy — GiftSense (Shop Mini)

Effective: 26 November 2025

1) Who we are (Controller)

dear digital bv (“we”, “us”, “our”) is the controller for personal data processed via the GiftSense Shop Mini. HQ: Rooigemlaan 532, 9000 Ghent, Belgium. Email: info@deardigital.com. We are not required to appoint a Data Protection Officer under GDPR Art. 37.

2) What we collect

  • Profile data you provide: name, email, yearly budgets per year.
  • Event data you provide: recipient name, event name, date, yearly recurrence, per‑event budget, favourite brands, notes, optional purchased amount for the year.
  • Derived/analytics: product_search_query (AI‑generated keywords), yearly_spent and purchased_gifts per year, timestamps, minimal technical logs.
  • Auth/technical: tokens issued by Shopify Shop Minis (exchanged for our JWT), SDK storage keys; no browser localStorage/sessionStorage.

3) Why and on which legal bases (GDPR Art. 6)

  • Provide the service (create/update/show profile and events; suggestions; budget tracking): Art. 6(1)(b) contract or pre‑contractual steps.
  • Security, fraud prevention, service improvement: Art. 6(1)(f) legitimate interests (keeping the mini secure and reliable).
  • Direct marketing/newsletters (if used): Art. 6(1)(a) consent; you can withdraw at any time.
  • Compliance with law: Art. 6(1)(c) where applicable.

4) With whom we share data

  • Processors: Supabase (hosting/database/edge functions), OpenAI (to generate keyword suggestions from your prompts), Shopify Shop Minis (to run the Mini and enable product discovery in Shop).
  • Legal/disclosure: if required by law, regulation, or to protect rights and safety.
  • We do not sell personal data.

5) International transfers

Some processors may be outside the EEA (e.g., OpenAI, some Supabase infrastructure). Where data is transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses and, where needed, supplementary measures to protect your data (GDPR Chapter V).

6) Retention

We retain your data while you use GiftSense and for up to 3 years after your last interaction unless a longer period is required by law, then delete or anonymise it. You can request deletion at any time (see “Your rights”).

7) Cookies and SDK storage

GiftSense runs inside the Shop app and primarily uses Shopify’s Minis SDK storage hooks (useAsyncStorage, useSecureStorage). We do not rely on browser cookies/localStorage in the WebView. The Shop app may apply its own technical storage—see Shopify’s notices.

8) Your rights (GDPR Arts. 12–22)

You have the right to access, rectification, erasure, restriction, portability, and to object (including to processing based on legitimate interests and to direct marketing). Where we process based on consent, you may withdraw it at any time without affecting prior processing. Exercise rights by emailing info@deardigital.com.

9) Belgian Data Protection Authority

You may lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données), Drukpersstraat 35, 1000 Brussels, Tel +32 2 274 48 00, www.dataprotectionauthority.be.

10) Security

We apply technical and organisational measures appropriate to the risk (token‑based auth, role‑based access, least‑privilege). No payment data is processed by GiftSense.

11) Children

GiftSense is not directed to children under 13 (or the local age of digital consent). We do not knowingly collect children’s data.

12) Changes

We may update this policy; material changes will be communicated via the app or other reasonable means. Continued use means you accept the changes.

13) Contact

Email: info@deardigital.com
Address: Rooigemlaan 532, 9000 Ghent, Belgium