Privacy Policy

1. Data controller and scope

Robinio Invest OÜ is the data controller for the Giftlist Studio website, dashboard, gallery, pricing page, login flows, and hosted public gift list pages.

Registered address: Vesivärava 22-4, Tallinn, Estonia.

This policy applies to data processed when you create an account, build or share a list, upload media, collect reservations, browse the marketing site, join a launch update list, or interact with a public list as a guest.

2. Personal data we process

• Account and profile data such as email address, display name, profile photo URL, provider identifiers, account creation time, and trial/access status.
• Gift list data created by the host, including list title, slug, event type, design choice, visibility settings, password-protection status, intro text, event date and location, gift items, story entries, wheel entries, and related ordering metadata.
• Hosted media metadata such as storage path, file type, file size, and video duration. Images may be optimized and videos may be processed to MP4 for supported plans.
• Reservation data entered by guests, including the guest name, optional message, whether the guest allowed public name display, reservation timestamp, and the reserved item.
• Billing and referral data such as selected package, currency, amount, checkout session identifiers, payment references, referral codes, referral reward balances, and access period timestamps.
• Marketing lead data such as email address, locale, signup source, and submission timestamps when a visitor requests launch, pricing, or product updates.
• Technical and security data such as sign-in persistence, password-protected list access cookies, consent preferences, server logs, and abuse-prevention or troubleshooting metadata.
• Limited analytics data on selected pages only if the visitor has granted analytics consent.

3. What may become public

• If a host sets a list to public or password-protected public, the list title, intro content, event presentation, gift items, stories, and other host-published content may become visible to anyone with the link or password.
• When a guest reserves a gift, the host always receives the guest name and any optional message in the dashboard for that reserved item.
• A guest can separately choose whether their name may be displayed publicly on the gift card. If the guest does not allow public name display, the host still sees the name privately in the dashboard.
• Gift reservation messages may be shown on the public gift card after reservation. Hosts should therefore publish only the type of guest interaction they are comfortable showing on a shared list page.

4. Why we process the data

• To create and maintain user accounts and let users sign in with Google or email/password.
• To let hosts create, edit, preview, publish, password-protect, and delete gift lists.
• To host media and render public list pages, gallery examples, and dashboard previews.
• To process gift reservations, prevent duplicate reservations, and show reservation status to guests and hosts.
• To activate paid or complimentary access periods, calculate package eligibility, and manage package lifecycle events such as trial end and purge scheduling.
• To process referral discounts and reward credits.
• To collect and manage launch, pricing, and product update signups submitted through lead capture forms.
• To keep the service secure, detect misuse, enforce technical limits, and troubleshoot failures.
• To measure selected marketing, login, wedding landing, and dashboard pages if analytics consent has been granted.

5. Legal bases

• Contract or pre-contractual steps: when you create an account, build a list, share a list, or purchase a package.
• Legitimate interests: maintaining security, preventing abuse, avoiding duplicate or unauthorized reservations, preserving service integrity, and improving operational reliability.
• Consent: optional analytics and any other optional storage or measurement that requires consent.
• Legal obligations: where billing, accounting, fraud prevention, or other mandatory retention rules apply.

6. Cookies, browser storage, and password-protected access

• Necessary storage is used for sign-in persistence, cookie preferences, password-protected public list access, and demo reservation state on gallery sample pages.
• Password-protected public lists create an access cookie after the correct password is entered. The cookie is designed to expire automatically after its technical validity period.
• Passwords for protected public lists are not stored in plain text. The service stores password verification secrets as hashed and salted values.
• Analytics is optional and stays off until the visitor gives consent. Public gift list pages are excluded from analytics page tracking.

7. Service providers and international transfers

• Firebase is used for authentication, database storage, and hosted file storage.
• Vercel is used to host and deliver the application.
• Stripe is used for package checkout and payment processing when billing is enabled.
• Google Analytics 4 may be used after consent on selected pages only.
• Some of these providers may process data outside Estonia or outside the EEA. Where that happens, the processing follows the provider’s legal and contractual transfer mechanisms.

8. Retention and deletion

• Account profile data is kept while the account remains active or as long as needed to operate the service relationship.
• Gift list content is retained while the list is active, during the applicable trial or paid access period, and until the host deletes the list or the service lifecycle removes hosted list content after the configured access period ends.
• Deleting a list from the dashboard is designed to remove the list document, hosted list media, stories, wheel entries, reservation records, password secret, and public slug claim associated with that list.
• Billing, fraud-prevention, and accounting metadata may be retained longer where necessary for legitimate business or legal reasons.
• Marketing lead sign-up records are kept until the recipient unsubscribes, asks for deletion, or the launch update list is no longer needed.
• Cookie preferences are stored for 180 days unless cleared earlier. Demo reservation session storage is temporary and tied to the visitor’s current browser session.

9. Security and access control

• Access to dashboard data depends on account authentication and ownership checks.
• Public list content is only served while the relevant access state is valid, and password-protected lists require a valid access token after successful password verification.
• Reservation writes use server-side validation and transaction logic to prevent conflicting gift reservations.
• Media processing and hosted content access are subject to storage rules, application checks, and package-specific limits.

10. Your choices and rights

• You can accept only necessary storage and keep analytics disabled.
• You can reopen Cookie settings from the footer at any time and update your analytics preference.
• If you joined a launch update form, you can ask us to remove your email from that list.
• Hosts can edit or delete their lists from the dashboard.
• Subject to applicable law, you may have rights to access, correct, erase, restrict, or object to the processing of your personal data and to lodge a complaint with the competent supervisory authority.
• For privacy-related follow-up, contact Robinio Invest OÜ using the company details shown on this page.

11. Changes to this policy

We may update this policy when the service, legal requirements, providers, or data flows change. The version published on this page is the current one.