Privacy Policy - Wishr

Read Wishr's privacy policy to understand how we collect, use, and protect your personal information. Your privacy is our priority.

Wishr - Your Wishlist, Your Way

Create and share wishlists for any occasion. Make gift-giving simple with Wishr - the ultimate wishlist app for birthdays, weddings, holidays, and more.

Skip to main content

Privacy Policy

Last updated: October 10, 2025

1. Introduction

At Wishr ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and services (collectively, the "Services").

By using Wishr, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us when you:

  • Create an account (email address, username, password, country, birthday)
  • Complete your profile (profile picture, bio, social media links for creator accounts)
  • Create and manage wishlists (item names, descriptions, prices, URLs, images, occasions)
  • Use our messaging system (messages, access requests, notifications)
  • Search for and connect with other users
  • Mark items as purchased or participate in group purchases
  • Upload photos using our AI visual search feature
  • Contact our support team

2.2 Automatically Collected Information

When you use our Services, we automatically collect:

  • Device Information: Device type, operating system, unique device identifiers, mobile network information
  • Usage Data: Features accessed, pages viewed, time spent in app, wishlist interactions
  • Location Data: General location based on IP address (not precise GPS location)
  • Log Data: IP address, browser type, access times, pages viewed, app crashes
  • Push Notification Tokens: Device tokens for delivering push notifications across multiple devices

2.3 Biometric Information

If you enable biometric authentication (Face ID, Touch ID, or fingerprint), we store an encrypted authentication token on your device. We do not have access to your biometric data itself - it remains securely stored on your device and is managed by your device's operating system. We only store encrypted tokens that verify you've successfully authenticated with biometrics.

2.4 Information from Third-Party Services

When you use certain features, we may collect information from:

  • Product URLs: When you paste Amazon, Etsy, or other product links, we extract product information (title, price, image, description)
  • AI Visual Search: When you upload photos, we use third-party AI services to identify products
  • Social Media: Trending product information from social media platforms (for creator accounts)

2.5 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. You can control cookie preferences through your browser settings, but disabling cookies may limit certain features of our Services.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Create and manage your account
  • Enable you to create, share, and manage wishlists
  • Facilitate connections between users and wishlist access requests
  • Process and coordinate gift purchases, including group purchases
  • Send you push notifications and emails about purchases, messages, and account activity
  • Provide AI-powered visual search and auto-population features
  • Enable biometric authentication for quick and secure sign-in
  • Support creator accounts with enhanced features and analytics
  • Personalize your experience and provide relevant content
  • Respond to your comments, questions, and support requests
  • Detect, prevent, and address technical issues, fraud, and security concerns
  • Analyze usage patterns to improve our Services
  • Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

4.1 With Other Users

Your profile information (username, profile picture, bio for creators) and wishlists are shared with other users based on your privacy settings. When you share a wishlist or approve an access request, the recipient can view the shared content. When you purchase an item, you can choose whether to reveal your identity to the wishlist owner.

4.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Supabase: Database hosting, authentication, file storage, and real-time services
  • Amazon Web Services: Product information retrieval for auto-population
  • Etsy: Product information retrieval from Etsy marketplace
  • AI Service Providers: Visual search and product recognition services
  • Email Service Providers: Transactional and notification emails
  • Push Notification Services: Expo push notification delivery
  • Analytics Providers: Usage analytics and app performance monitoring

4.3 For Group Purchases

When you participate in a group purchase, your email address may be shared with other contributors for coordination purposes. WhatsApp group links may also be shared among contributors for communication.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4.5 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.6 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

5. Your Privacy Controls and Choices

5.1 Privacy Settings

You can control your privacy through the app settings:

  • Wishlist Visibility: Set your wishlist as Public, Friends Only, Private, or Creator mode
  • Search Discoverability: Control whether others can find you in search results
  • Purchase History: Choose whether others can see items you've gifted
  • Identity Revelation: Decide whether to reveal your identity when purchasing gifts
  • Creator Mode: Enable special visibility settings for content creators

5.2 Notification Preferences

You can control push notification and email preferences in the app settings. You can choose which types of notifications to receive for purchases, access requests, messages, and system updates.

5.3 Biometric Authentication

You can enable or disable biometric authentication at any time in the app settings. Disabling biometrics will remove stored authentication tokens from your device.

5.4 Account Information

You can update your profile information, email address, and password at any time through the app. You can also upload or remove your profile picture.

5.5 Deleting Your Content

You can delete individual wishlist items, occasions, messages, and other content at any time. Deleted content is permanently removed from our servers.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you Services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we permanently delete your personal information, wishlist data, messages, and other content within 30 days. Some information may be retained in backup systems for up to 90 days for security and legal compliance purposes.

Anonymized usage data may be retained indefinitely for analytics and service improvement purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS
  • Encryption of sensitive data at rest
  • Row Level Security (RLS) policies in our database to control data access
  • Secure authentication with encrypted password storage
  • Biometric authentication tokens stored securely on device using SecureStore
  • Regular security audits and updates
  • Limited employee access to personal information
  • Multi-device security with unique device identification

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

8. Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

For users between 13 and 18 years of age, we recommend parental guidance and supervision when using our Services.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country.

By using our Services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

10. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a structured format
  • Objection: Object to certain processing of your information
  • Restriction: Request restriction of processing your information
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information below. We will respond to your request within 30 days. Note that we may need to verify your identity before processing certain requests.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at privacy@wishr.com.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

Our legal basis for processing your information includes: (1) your consent, (2) performance of a contract with you, (3) compliance with legal obligations, and (4) our legitimate interests in providing and improving our Services.

You also have the right to lodge a complaint with a supervisory authority in your country.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, products, or services (e.g., Amazon, Etsy, WhatsApp, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

When you click on product links or use our auto-population features, you may be directed to third-party websites that have their own privacy policies and terms of service.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy in the app and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@wishr.com

Support: support@wishr.com

Website: https://wishr.com/contact

We will respond to your inquiry within 30 days.

16. Data Protection Officer

If you are in the EEA and have questions about how we process your personal data, you can contact our Data Protection Officer at dpo@wishr.com.

This Privacy Policy was last updated on October 10, 2025. Please review it periodically for any changes.