Privacy Policy
Last updated: March 4, 2026
At GiftMatch, we respect the privacy of our visitors and are committed to protecting personal data. This Privacy Policy explains what information we collect, how we use it, and what rights you have in connection with it. By using our platform, you agree to the practices described in this document.
1. Who We Are
GiftMatch ("we", "our", "the platform") is an online gift recommendation service, accessible at giftmatch.app. We operate from Romania and comply with European data protection legislation (GDPR β General Data Protection Regulation, EU Regulation 2016/679).
GiftMatch is a personal project operated from Romania. For any questions regarding the processing of personal data, you can contact us at the email address listed in the Contact section below.
2. What Data We Collect
We collect the following categories of information:
2.1 Data provided directly by you
- Search preferences: budget, occasion, relationship, interests β used exclusively to generate gift recommendations
- Free-text messages: if you provide additional details about the person (chatMessage), this text is sent to our AI service and product search API to generate recommendations. It may contain personal information
- Contact data: name and email address, only if you contact us through the contact form
2.2 Automatically collected data
- Technical data: IP address, browser type, operating system, screen resolution
- Usage data: pages visited, time spent on site, actions performed (searches, product clicks)
- Client-side storage (localStorage): language preference, theme, wishlist, cookie consent record, PWA state β stored locally in your browser, not as HTTP cookies (details in Section 5)
2.3 Data we do NOT collect
- We do not collect payment data or financial information
- We do not collect sensitive data (race, religion, health, etc.)
- We do not knowingly collect data from minors under 16
- We do not permanently store your search history β preferences are stored locally on your device
πΎ We use localStorage (client-side browser storage) for: language preference, theme, wishlist, cookie consent record, and PWA state. This data never leaves your device and is not transmitted to our servers.
3. How We Use Your Data
We use collected data for the following purposes:
- Generating recommendations: Your search preferences are sent to our server to generate personalized gift recommendations using AI
- AI processing: Your search criteria (including any free-text message) are sent to OpenAI's API for generating search keywords and scoring product relevance. OpenAI processes this data under their Data Processing Agreement and does not use it for model training
- Improving the service: Anonymized usage data helps us improve recommendation algorithms and user experience
- Technical operation: Technical data is necessary for correct content delivery and platform security
- Communication: We respond to messages sent through the contact form
- Affiliation: When you click on a product, AliExpress may set affiliate cookies to track the purchase, allowing us to receive a commission at no cost to you
4. Legal Basis for Processing
We process your data based on the following legal bases under GDPR:
- Consent (Art. 6(1)(a)): For non-essential cookies and marketing communications
- Legitimate interest (Art. 6(1)(f)): For analytics, security, and service improvement
- Contract performance (Art. 6(1)(b)): For providing the requested recommendation service
5. Cookies, LocalStorage, and Tracking Technologies
GiftMatch uses client-side browser storage (localStorage) and may involve third-party cookies when you click product links. Below is a detailed breakdown of what is stored and by whom.
β οΈ GiftMatch itself does not set any HTTP cookies. The only cookies are set by AliExpress when you click on a product link.
Table A: localStorage (client-side only β data never leaves your device)
| Item | Purpose | Duration | Category |
|---|---|---|---|
| Language preference | Remembers your selected language (locale) | Persistent | Essential |
| Theme preference | Remembers light/dark mode selection | Persistent | Essential |
| Cookie consent record | Stores your storage preferences | Persistent | Essential |
| PWA install prompt | Remembers if you dismissed the install prompt | Persistent | Essential |
| Wishlist | Saves products you add to your wishlist | Persistent | Functional |
Table B: Third-party cookies
| Cookie | Set By | Purpose | Duration |
|---|---|---|---|
| Affiliate tracking | AliExpress | Tracks purchases through the affiliate program to attribute commissions | 30 days |
AliExpress affiliate cookies: When you click on a product link, AliExpress may set cookies to track the purchase. These cookies are managed by AliExpress according to their own Privacy Policy.
You can manage your storage preferences at any time using the "Manage cookies" link in the footer.
6. Sharing Data with Third Parties
We do not sell or rent your personal data. We may share data in the following limited situations:
- OpenAI: Your search criteria and free-text messages are sent to OpenAI's API for AI-powered recommendation generation. OpenAI acts as a data processor under their Data Processing Agreement (DPA). See: https://openai.com/policies/privacy-policy
- AliExpress: Receives AI-generated search keywords (not your raw input) and your selected shipping country/currency for product searches. When you click on a product, you are redirected to AliExpress and their privacy policy applies
- Service providers: We use third-party services for hosting and infrastructure that may process technical data on our behalf
- Legal obligations: We may disclose data if legally required or to protect our rights
7. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the following rights:
- Right of access: You can request a copy of the personal data we hold about you
- Right to rectification: You can request correction of inaccurate data
- Right to erasure ("right to be forgotten"): You can request deletion of your personal data
- Right to restriction: You can request limitation of your data processing
- Right to portability: You can request your data in a structured, commonly used format
- Right to object: You can object to processing of your data based on legitimate interest
- Right to withdraw consent: You can withdraw consent at any time, without affecting the legality of prior processing
To exercise these rights, contact us at . We will respond within 30 days.
You have the right to file a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Bucharest, www.dataprotection.ro.
8. Data Security
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. These include: encrypted HTTPS connections, limited data access, and regular security updates. However, no method of internet transmission is 100% secure.
9. Data Retention
- Search data (on our servers): Automatically deleted after 90 days
- API call logs: Automatically deleted after 30 days
- Administrative audit logs: Retained for 365 days
- Contact data: Kept for the duration necessary to resolve your request, maximum 12 months
- Browser storage (localStorage): Persists until you clear browser data or use "Manage cookies" in the footer to reset your preferences
10. International Data Transfers
When you click on a product link, your data is transferred to AliExpress (Alibaba Group), which has servers in various international locations. This transfer is necessary for service provision. AliExpress applies its own protection mechanisms in accordance with applicable legislation. For data processed by us, we ensure that any transfer outside the EEA is done in accordance with appropriate safeguards provided by GDPR (standard contractual clauses or adequacy decisions).
11. Children and Minors
GiftMatch is not intended for persons under 16 years of age. We do not knowingly collect data from minors. If you discover that a child has provided us with personal data, contact us immediately at for deletion.
12. Changes to This Policy
We reserve the right to update this Privacy Policy periodically. Significant changes will be communicated by posting a notice on the site or by email (if we have your address). The date of the last update is displayed at the top of the page. We encourage you to periodically review this page.
13. Contact
For any questions or requests related to privacy, you can contact us:
- π§ Privacy email:
- π Contact page: giftmatch.app/contact