Privacy Policy - GiftWallet

1. Introduction

GiftWallet ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing and using GiftWallet, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when:

Creating an Account: Name, email address, and password when you register for a GiftWallet account
Adding Gift Cards: Gift card details including card number, PIN, expiry date, company name, balance, and barcode information
Managing Transactions: Information about transactions, purchases, and balance updates associated with your gift cards
Changing Settings: Password changes and account preference updates

2.2 Information Collected Automatically

We may automatically collect certain information about your device and usage patterns:

Device information (device type, operating system, unique device identifiers)
Device name and user agent information
Log data and access times
IP address and location information
Advertising Information: Google AdMob collects advertising identifiers, device model, and general location for ad personalization

2.3 Information from Third-Party Services

If you choose to use third-party authentication services, we collect:

Google Authentication: Your Google account email and basic profile information
Apple Authentication: Your Apple account email and authentication tokens
Social account provider identification and associated metadata

3. How We Use Your Information

We use the information we collect for the following purposes:

Account Management: Creating and managing your GiftWallet account, authentication, and access control
Service Delivery: Storing, managing, and displaying your gift card information and transaction history
Security: Protecting your account through end-to-end encryption, salt-based password hashing, and fraud detection
Advertising: Google AdMob uses collected information to display personalized advertisements within our app
Communication: Responding to your inquiries and providing customer support
Service Improvement: Analyzing usage patterns to enhance and optimize our Service
Legal Compliance: Fulfilling legal obligations and protecting our legal rights
Password Management: Securely storing and verifying your passwords using industry-standard hashing

4. Data Security

We implement comprehensive security measures to protect your information:

End-to-End Encryption: Your gift card data and sensitive information are encrypted using AES encryption, ensuring only you can decrypt and view this information
Password Security: Passwords are hashed using Laravel's Hash facade with bcrypt algorithm, making them irreversible
Salt-Based Protection: We generate unique cryptographic salts for additional security
HTTPS/TLS: All communications between your device and our servers are encrypted
Database Security: We implement industry-standard database protection and access controls
API Token Security: We use Laravel Sanctum for secure API token management

However, no security system is impenetrable. While we strive to protect your information using all reasonable means, we cannot guarantee absolute security. You acknowledge that you use our Service at your own risk.

5. Information Sharing and Disclosure

5.1 Third-Party Sharing

We do not sell, trade, or rent your personal information to third parties. However, we may share information in the following circumstances:

Advertising Services: Google AdMob receives device identifiers and general location information to serve targeted advertisements
Legal Requirements: When required by law, court order, or government request
Fraud Prevention: To prevent, detect, or address fraud, security, or technical issues

5.2 Third-Party Authentication

When you use Google or Apple authentication:

You are directing these providers to share limited information with us
We store only the essential information needed to authenticate you
You should review Google and Apple's privacy policies for their practices

6. Gift Card Information

Your gift card information is highly sensitive. Please be aware that:

We encrypt your gift card numbers, PINs, and balance information
Gift card data is stored securely in our encrypted database
You have the ability to archive gift cards, and archived gift cards can be permanently deleted
Deleted gift card data is removed from our active systems
We never share your gift card details with unauthorized parties

Important: You are responsible for maintaining the confidentiality of your gift card information. Never share your gift card PINs or numbers with anyone, and be cautious when entering this information.

7. Advertising and Google AdMob

We use Google AdMob to display advertisements within the GiftWallet app. AdMob may collect and use information for the following purposes:

Displaying personalized advertisements based on your interests and device information
Measuring ad performance and campaign effectiveness
Preventing ad fraud and improving ad quality

Important Note: Your gift card information and account data are never shared with AdMob or used for ad personalization. AdMob only receives device identifiers and general location information. You can opt out of personalized ads by adjusting your device's ad preferences. Please review Google's Privacy Policy for more information about how they handle advertising data.

8. Communications

We may communicate with you about your account, service updates, and security matters. You can manage communication preferences through your device settings or within the GiftWallet app. We will never send unsolicited promotional content without your consent.

9. Data Retention

We retain your personal information for as long as necessary to provide our Service and comply with legal obligations:

Active Accounts: While your account is active, we retain all associated information
Archived Data: Archived gift cards may be retained until you delete them
Account Deletion: Upon account deletion, we retain only legally required information
Backup Systems: Information may persist in backup systems for up to 90 days after deletion
Legal Holds: Information may be retained longer if required by law or legal proceedings

10. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

Access: The right to access and review your personal information
Correction: The right to correct inaccurate or incomplete information
Deletion: The right to request deletion of your personal information, subject to certain exceptions
Portability: The right to receive your data in a portable format
Withdraw Consent: The right to withdraw consent for certain processing activities
Opt-Out: The right to opt out of certain communications

To exercise any of these rights, please contact us using the information in the Contact Us section below.

11. Children's Privacy

GiftWallet is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information immediately and terminate the child's account. If you believe we have collected information from a child under 13, please contact us immediately.

12. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your home country. By using GiftWallet, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules.

13. Third-Party Links

Our Service may contain links to third-party websites and applications. This Privacy Policy applies only to our Service. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services before providing your information.

14. Authentication Methods

We support multiple authentication methods:

Email & Password: Traditional email registration with secure password hashing
Google Sign-In: OAuth authentication through Google's services
Apple Sign-In: OAuth authentication through Apple's services with JWT token verification

When using third-party authentication, we receive and store only the information necessary for account creation and authentication. We do not request unnecessary permissions.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The date of the last update will be noted at the top of this document. Your continued use of GiftWallet following the posting of revised Privacy Policy means that you accept and agree to the changes. We encourage you to review this policy periodically to stay informed about how we protect your information.

16. GDPR and Privacy Regulations

If you are located in the European Union, the United Kingdom, or other regions with data protection regulations such as GDPR, CCPA, or similar laws, we comply with these regulations:

We process your data based on legal grounds such as contract performance, consent, or legitimate interests
We provide transparency about our data processing practices
We implement data protection by design and by default
We facilitate your rights as outlined in Section 9 above
We maintain records of our processing activities