# Privacy Policy
## GiftMind – Birthday & Gift Ideas App
**Version**
---
### 1. Data Controller
The data controller responsible for the processing of your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018)
---
### 2. Overview of Processing
The GiftMind app processes personal data that you provide when using the app or that is necessary to provide its features. The following sections describe the categories of data, purposes, and legal bases. Data is generally stored **locally on your device** (SwiftData, device settings); only for the AI gift ideas feature are certain details sent to an external service (OpenAI).
---
### 3. What Data Do We Process?
#### 3.1 Contacts and Birthdays
- **Data:** Name, birthday, relationship (e.g. friend, family), interests, personality traits, reminder settings (on/off, days before birthday).
- **Purpose:** To display and manage your contacts and to send you birthday reminders.
- **Storage:** Locally on your device (SwiftData). Data is linked to your account (Apple ID or guest ID) via an identifier (`ownerId`).
- **Legal basis:** Performance of contract (UK GDPR Art. 6(1)(b)); for guest use, your consent by using the app (UK GDPR Art. 6(1)(a)).
#### 3.2 Notes
- **Data:** Notes you enter about contacts (free text).
- **Purpose:** To store your notes about people and to use them (among other things) for personalised gift ideas.
- **Storage:** Locally on your device (SwiftData).
- **Legal basis:** As in section 3.1.
#### 3.3 Gift Ideas
- **Data:** Gift ideas you save (title, description, price, category, favourite, “purchased” status).
- **Purpose:** To manage your ideas per contact.
- **Storage:** Locally on your device (SwiftData).
- **Legal basis:** As in section 3.1.
#### 3.4 AI Gift Ideas (OpenAI)
- **Data:** For a contact you select, **interests, notes and personality traits** are sent to **OpenAI** (USA) to generate personalised gift suggestions.
- **Purpose:** To generate gift ideas based on the information you maintain in the app.
- **Note:** The request is made from your device (API call). Please refer to OpenAI’s privacy information. When you use this feature, personal data may be processed in a third country (USA); appropriate safeguards (e.g. UK international data transfer agreement / standard contractual clauses) may apply.
- **Legal basis:** Your consent by using the “Gift ideas” feature (UK GDPR Art. 6(1)(a)) or performance of contract (UK GDPR Art. 6(1)(b)).
#### 3.5 Sign-in and Account
- **Sign in with Apple:** Apple provides a user identifier (and optionally name/email, depending on your choice with Apple). We store a **provider-specific user ID** (`ownerId`) to link app data to your account. Processing by Apple is subject to Apple’s privacy policy.
- **Guest use:** A local guest ID is created; no sign-in with us or Apple is required. All app data stays on your device.
- **Purpose:** To associate app data with your account; with Apple sign-in, to allow continuity across devices (where supported by the app).
- **Legal basis:** Performance of contract (UK GDPR Art. 6(1)(b)); for Apple sign-in also our legitimate interest in providing the service (UK GDPR Art. 6(1)(f)).
#### 3.6 Settings and Preferences
- **Data:** e.g. accent colour (pink/blue), reminder days (Pro), birthday display horizon, your “own interests” in your profile, notification consent.
- **Storage:** Locally on your device (UserDefaults / settings) or in the app database.
- **Purpose:** To personalise the app and to deliver reminders correctly.
- **Legal basis:** Performance of contract (UK GDPR Art. 6(1)(b)) or consent (e.g. for push notifications, UK GDPR Art. 6(1)(a)).
#### 3.7 Notifications (Push / Local Reminders)
- **Data:** The app schedules **local notifications** on your device. Content may include a person’s name, timeframe (e.g. “birthday in 30 days”) and text such as “No gift yet”.
- **Purpose:** To remind you of upcoming birthdays and gifts.
- **Storage:** Scheduling is done on the device; Apple delivers the notification. We do not store notification content on our own servers.
- **Legal basis:** Consent (UK GDPR Art. 6(1)(a)) that you give when enabling notifications.
#### 3.8 In-App Purchases / Subscription
- **Data:** The Pro version is purchased via the **Apple App Store**. Payment and billing are handled by Apple. We do not receive payment details (e.g. card numbers) from Apple; we may receive confirmation of subscription status (“Premium active”) to enable Pro features.
- **Purpose:** To provide Pro features.
- **Legal basis:** Performance of contract (UK GDPR Art. 6(1)(b)). Processing by Apple is subject to Apple’s privacy policy.
---
### 4. How Long We Keep Your Data
- **App data (contacts, notes, gift ideas, settings):** Retained until you delete the app or the relevant content, or delete your account. For guest use: until you delete the app or local data.
- **User identifier (Apple/Guest):** For the duration of use and any applicable legal retention period.
- **OpenAI:** We do not store on our systems the content sent to OpenAI; retention by OpenAI is governed by OpenAI’s privacy policy.
---
### 5. Recipients and International Transfers
- **Apple:** For app distribution, Sign in with Apple, in-app purchases, and notification delivery. Apple may process data in countries outside the UK; Apple’s privacy policy applies.
- **OpenAI:** Only in connection with the AI gift ideas feature (interests, notes, personality traits). Processing may take place in the USA; we rely on appropriate safeguards (e.g. UK addendum to EU standard contractual clauses / international data transfer agreement) where required.
We do not share your data with other third parties unless we are legally required to do so (e.g. by law enforcement) or you have given your consent.
---
### 6. Your Rights
Under UK data protection law you have the following rights in relation to your personal data:
- **Right of access** (UK GDPR Art. 15): You can request a copy of the personal data we hold about you.
- **Right to rectification** (UK GDPR Art. 16): You can request correction of inaccurate data.
- **Right to erasure** (UK GDPR Art. 17): You can request deletion of your data, subject to any legal obligations we have to retain it.
- **Right to restrict processing** (UK GDPR Art. 18): In certain circumstances you can request that we restrict how we use your data.
- **Right to data portability** (UK GDPR Art. 20): You can request that we provide your data in a structured, commonly used format where technically feasible.
- **Right to object** (UK GDPR Art. 21): You can object to processing based on legitimate interests (UK GDPR Art. 6(1)(f)).
- **Withdrawal of consent:** Where we rely on your consent, you may withdraw it at any time; the lawfulness of processing before withdrawal is not affected.
- **Right to lodge a complaint** (UK GDPR Art. 77): You have the right to complain to the **Information Commissioner’s Office (ICO)** (ico.org.uk) or another supervisory authority.
To exercise your rights, contact us at the email address in section 1. Because most data is stored locally on your device, you can edit or delete much of it yourself in the app (e.g. contacts, notes, settings).
---
### 7. Security
We use technical and organisational measures to protect your data against unauthorised access, loss, and misuse. The app stores data primarily on your device; access by third parties to that data is governed by Apple’s security (device, iCloud backup, depending on your settings).
---
### 8. Guest Use and Local Storage
When you use the app as a **guest**, no data is sent to our servers or to third parties (except possibly OpenAI when you use the gift ideas feature). All contacts, notes, and settings remain on your device. If you uninstall the app or clear app data, that data will be lost.
---
### 9. Children
The app is not directed at children. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will delete the data.
---
### 10. Changes to This Privacy Policy
We may update this privacy policy (e.g. when we add new features or when the law changes). The current version will be available in the app or on our website. If we make significant changes, we will notify you where possible in the app or by email.
---
**Contact:**
For any questions about data protection: **[Email]** (see section 1).
---
**Note:** This document is a draft. Please replace the placeholders (controller name, address, email, date) with your details and have the privacy policy reviewed by a solicitor or data protection specialist if required.