PRIVACY POLICY

This Privacy Notice for GGGAM Enterprises LLC 6 ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you: Download and use our mobile application (Giftrr), or any other application of ours that links to this Privacy Notice Use Giftrr. Giftrr is an app that helps people find perfect gift ideas. Ideal for making gift-giving easy and fun. Available on iOS and Android. Engage with us in other related ways, including any sales, marketing, or events Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at main@giftrrapp.com. SUMMARY OF KEY POINTS This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for. What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us. Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process chat data and screenshots when you provide WhatsApp chat files and other chat screenshots for gift recommendation analysis in our app. Do we collect any information from third parties? We do not collect any information from third parties. How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information. In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more about when and with whom we share your personal information. How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe. What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights. How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws. Want to learn more about what we do with any information we collect? Review the Privacy Notice in full. TABLE OF CONTENTS 1. WHAT INFORMATION DO WE COLLECT? 2. HOW DO WE PROCESS YOUR INFORMATION? 3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION? 4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? 5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS? 6. HOW DO WE HANDLE YOUR SOCIAL LOGINS? 7. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY? 8. HOW LONG DO WE KEEP YOUR INFORMATION? 9. HOW DO WE KEEP YOUR INFORMATION SAFE? 10. DO WE COLLECT INFORMATION FROM MINORS? 11. WHAT ARE YOUR PRIVACY RIGHTS? 12. CONTROLS FOR DO-NOT-TRACK FEATURES 13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? 14. DO WE MAKE UPDATES TO THIS NOTICE? 15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE? 16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU? 1. WHAT INFORMATION DO WE COLLECT? Personal information you disclose to us In Short: We collect personal information that you provide to us. We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following: names email addresses provided screenshots uploaded images chat data and screenshots (when you provide WhatsApp chat files and other chat screenshots for gift recommendations) Sensitive Information. We may process chat data and screenshots when you voluntarily provide WhatsApp chat files and other chat screenshots for gift recommendation analysis in our app. This information is used solely to provide you with personalized gift recommendations and is stored securely on our servers. Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below. Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission: Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings. This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. Information automatically collected In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services. We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. The information we collect includes: Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings). Google API Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. 2. HOW DO WE PROCESS YOUR INFORMATION? In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We process the personal information for the following purposes listed below. We may also process your information for other purposes only with your prior explicit consent. We process your personal information for a variety of reasons, depending on how you interact with our Services, including: To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order. To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service. To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service. To fulfill and manage your orders. We may process your information to fulfill and manage your payments and subscriptions made through the Services. To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them. To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm. 3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION? In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests. If you are located in the EU or UK, this section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information: Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent. Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you. Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to: Analyze how our Services are used so we can improve them to engage and retain users Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person. If you are located in Canada, this section applies to you. We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time. In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example: If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way For investigations and fraud detection and prevention For business transactions provided certain conditions are met If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim For identifying injured, ill, or deceased persons and communicating with next of kin If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced If the collection is solely for journalistic, artistic, or literary purposes If the information is publicly available and is specified by the regulations We may disclose de-identified information for approved research or statistics projects, subject to ethics oversight and confidentiality commitments 4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? In Short: We may share information in specific situations described in this section and/or with the following categories of third parties. Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows: Data Analytics Services User Account Registration & Authentication Services Performance Monitoring Tools Cloud Computing Services Data Storage Service Providers Payment Processors We also may need to share your personal information in the following situations: Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Offer Wall. Our application(s) may display a third-party hosted "offer wall." Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for the acceptance and completion of an advertisement offer. Such an offer wall may appear in our application(s) and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will be brought to an external website belonging to other persons and will leave our application(s). A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account with the relevant reward. 5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS? In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies. As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within our Services. Use of AI Technologies We provide the AI Products through third-party service providers ("AI Service Providers"), including OpenAI and Anthropic. As outlined in this Privacy Notice, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products for purposes outlined in "WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?" You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider. Our AI Products Our AI Products are designed for the following functions: Chat analysis AI applications How We Process Your Data Using AI All personal information processed using our AI Products is handled in line with our Privacy Notice and our agreement with third parties. This ensures high security and safeguards your personal information throughout the process, giving you peace of mind about your data's safety. CHAT DATA AND SCREENSHOT ANALYSIS In Short: We collect, store, and analyze WhatsApp chat files and chat screenshots you provide for personalized gift recommendations with comprehensive privacy protections. 1. CHAT DATA COLLECTION 1.1 Types of Data We Collect: - WhatsApp chat export files (.txt format) - Chat screenshots from messaging platforms - Conversation transcripts and text data - Metadata associated with chat files 1.2 Collection Methods: - Direct upload by users through our app interface - Voluntary submission for gift recommendation analysis - No automatic collection or scraping of chat data 1.3 Legal Basis for Processing: - Explicit consent from users - Legitimate interest in providing personalized services - Contractual necessity for service delivery 2. DATA PROCESSING AND ANALYSIS 2.1 AI Analysis: We use artificial intelligence and machine learning to: - Analyze conversation patterns and topics - Identify interests, preferences, and gift-giving occasions - Extract relevant information for gift recommendations - Generate personalized suggestions based on chat content 2.2 Processing Limitations: - Analysis is limited to gift recommendation purposes only - No profiling for marketing or advertising - No analysis of sensitive personal information - Automated decision-making is limited to gift suggestions 2.3 Data Minimization: - We only process data necessary for gift recommendations - Irrelevant personal information is filtered out - Analysis focuses on interests and preferences only 3. DATA SECURITY MEASURES 3.1 Technical Safeguards: - End-to-end encryption for data transmission - AES-256 encryption for data at rest - Secure cloud storage with access controls - Regular security audits and penetration testing 3.2 Administrative Safeguards: - Limited access to authorized personnel only - Employee training on data protection - Background checks for data handlers - Confidentiality agreements for all staff 3.3 Physical Safeguards: - Secure data centers with 24/7 monitoring - Biometric access controls - Environmental monitoring and fire suppression - Regular backup and disaster recovery procedures 4. DATA STORAGE AND RETENTION 4.1 Storage Locations: - Primary storage: Secure cloud servers in the United States - Backup storage: Encrypted backups in multiple geographic locations - Processing servers: Temporary storage during analysis 4.2 Retention Schedule: - Active analysis: 30 days maximum - Encrypted backups: 90 days maximum - Legal compliance: Up to 12 months after account termination - Immediate deletion upon user request 4.3 Data Lifecycle Management: - Automatic deletion after retention periods - Secure overwriting of deleted data - Regular purging of expired data - Audit trails for all data operations 5. THIRD-PARTY DATA SHARING 5.1 AI Service Providers: - Limited sharing with AI processing partners - Strict contractual obligations for data protection - Prohibition on data retention beyond processing - Regular compliance audits of third parties 5.2 Data Sharing Restrictions: - No sale of chat data to third parties - No sharing with advertisers or marketers - No disclosure to law enforcement except as legally required - No international transfers without adequate protection 5.3 Third-Party Contracts: - Data Processing Agreements (DPAs) with all processors - Standard Contractual Clauses for international transfers - Regular review and updates of third-party agreements - Right to audit third-party compliance 6. USER RIGHTS AND CONTROLS 6.1 Access Rights: - Right to access your chat data - Right to receive a copy of processed data - Right to know how your data is being used - Right to request data portability 6.2 Correction and Deletion Rights: - Right to correct inaccurate data - Right to request data deletion - Right to withdraw consent - Right to restrict processing 6.3 Objection Rights: - Right to object to processing - Right to object to automated decision-making - Right to withdraw consent at any time - Right to lodge complaints with supervisory authorities 7. DATA BREACH RESPONSE 7.1 Breach Detection: - 24/7 monitoring for security incidents - Automated alerts for suspicious activity - Regular security assessments - Incident response team on standby 7.2 Breach Notification: - User notification within 72 hours of discovery - Regulatory notification as required by law - Public disclosure if necessary - Detailed incident reports and remediation plans 7.3 Breach Mitigation: - Immediate containment of security incidents - Forensic analysis of breach scope - Implementation of additional security measures - Regular updates to affected users 8. INTERNATIONAL DATA TRANSFERS 8.1 Transfer Mechanisms: - Standard Contractual Clauses (SCCs) - Adequacy decisions by relevant authorities - Binding Corporate Rules where applicable - Certification schemes and codes of conduct 8.2 Transfer Safeguards: - Encryption during international transfers - Access controls for transferred data - Regular review of transfer mechanisms - Compliance with destination country laws 9. CHILDREN'S PRIVACY PROTECTION 9.1 Age Verification: - Service restricted to users 18 and older - No collection of data from minors - Parental consent required for any minor-related data - Regular age verification checks 9.2 Special Protections: - Enhanced security for any minor-related data - Immediate deletion of minor data if discovered - Special handling procedures for parental requests - Compliance with COPPA and similar regulations 10. PRIVACY BY DESIGN 10.1 Built-in Privacy: - Privacy considerations in all system design - Default privacy settings - Minimal data collection by design - User control over data processing 10.2 Regular Reviews: - Annual privacy impact assessments - Regular review of data processing activities - Updates to privacy measures as needed - Continuous improvement of privacy practices 11. CONTACT AND COMPLAINTS 11.1 Privacy Inquiries: - Email: main@giftrrapp.com - Response within 30 days - Free of charge for reasonable requests - Clear explanation of any refusals 11.2 Supervisory Authority: 12. EXPLICIT CONSENT MECHANISMS 12.1 Informed Consent Process: Before processing any chat data, we ensure you have provided informed consent by: - Presenting clear, plain-language explanations of data processing - Providing detailed information about data collection and use - Explaining your rights and how to exercise them - Obtaining explicit, affirmative consent for each type of processing 12.2 Consent Granularity: You can provide specific consent for: - Individual chat file analysis - Different types of data processing - Data retention periods - Third-party data sharing (where applicable) - Marketing communications (if any) 12.3 Consent Withdrawal: You have the right to withdraw consent at any time, which will: - Immediately stop processing of your chat data - Trigger deletion of your data within 30 days - Provide confirmation of consent withdrawal - Allow continued use of non-chat features 12.4 Consent Documentation: We maintain comprehensive records of: - When and how consent was obtained - What specific processing was consented to - Any modifications or withdrawals of consent - Evidence of informed consent for audit purposes 12.5 Special Consent Requirements: Enhanced consent is required for: - Processing data involving third parties - Analysis of conversations with minors - Processing of sensitive personal information - International data transfers - Automated decision-making processes 12.6 Consent Management Tools: You can manage your consent through: - In-app privacy dashboard - Email consent management links - Direct contact with our privacy team - Regular consent reminders and updates 12.7 Consent Updates: 13. COOKIES AND TRACKING TECHNOLOGIES 13.1 Types of Cookies: We use the following types of cookies and tracking technologies: Essential Cookies: Required for basic website functionality and security - Session cookies for user authentication - Security cookies for fraud prevention - Load balancing cookies for performance Analytics Cookies: Used to understand website usage and improve user experience - Google Analytics for website traffic analysis - Performance monitoring cookies - User behavior tracking (anonymized) Functional Cookies: Enhance user experience and remember preferences - Language and region preferences - User interface customizations - Accessibility settings 13.2 Cookie Management: You can control cookies through: - Browser settings to block or delete cookies - Our cookie consent management interface - Opt-out mechanisms for analytics cookies - Third-party cookie controls 13.3 Third-Party Cookies: We may use third-party services that set cookies: - Google Analytics for website analytics - Social media platforms for sharing features - Payment processors for transaction security - AI service providers for chat analysis 13.4 Cookie Retention: Cookies are retained for: - Session cookies: Until browser is closed - Persistent cookies: Up to 2 years maximum - Analytics cookies: Up to 26 months - Security cookies: As required for security purposes 13.5 Cookie Consent: By using our services, you consent to: - Essential cookies (required for service operation) - Analytics cookies (for service improvement) - Functional cookies (for enhanced user experience) - Third-party cookies (as disclosed in this policy) 13.6 Cookie Withdrawal: You can withdraw cookie consent by: 14. DATA PROTECTION OFFICER (GDPR COMPLIANCE) 14.1 Data Protection Officer Contact: For European Union residents and GDPR compliance matters: - Email: dpo@giftrrapp.com - Phone: (570)-361-9876 - Mail: Data Protection Officer, GGGAM Enterprises LLC 6, 1111B S Governors Ave, STE 37552, Dover, DE 19904 - Response time: Within 30 days of verified request 14.2 GDPR Rights for EU Residents: Right of Access: Request copies of your personal data Right to Rectification: Correct inaccurate or incomplete data Right to Erasure: Request deletion of your personal data Right to Restrict Processing: Limit how we use your data Right to Data Portability: Receive your data in a structured format Right to Object: Object to processing based on legitimate interests Rights Related to Automated Decision-Making: Human review of automated decisions 14.3 Legal Basis for Processing (GDPR Article 6): - Consent: You have given clear consent for processing - Contract: Processing is necessary for service performance - Legal Obligation: Processing is required by law - Legitimate Interest: Processing is necessary for our legitimate business interests 14.4 Data Transfers Outside EU: - We use Standard Contractual Clauses for international transfers - We ensure adequate protection for your data - We comply with EU-US Privacy Framework requirements - We maintain data processing agreements with all processors 14.5 Supervisory Authority: 15. ARTIFICIAL INTELLIGENCE AND AUTOMATED DECISION-MAKING 15.1 AI/ML Technologies Used: We use artificial intelligence and machine learning technologies for: - Chat content analysis and pattern recognition - Interest and preference identification - Gift recommendation generation - Service improvement and optimization - Fraud detection and security monitoring 15.2 Automated Decision-Making: Our AI systems make automated decisions including: - Gift recommendation scoring and ranking - Content filtering and moderation - User preference categorization - Service personalization 15.3 Human Review Rights: You have the right to: - Request human review of automated decisions - Contest automated decisions that affect you - Receive explanations of automated decision logic - Opt-out of automated decision-making where legally permitted 15.4 AI Transparency: We provide transparency about our AI systems: - Clear explanation of AI decision-making processes - Information about data used for AI training - Regular audits of AI system fairness and accuracy - User control over AI-driven features 15.5 AI Data Sources: Our AI systems are trained on: - Anonymized and aggregated user data - Publicly available information - Third-party data sources (with proper licensing) - Synthetic data generated for training purposes 15.6 AI Bias Prevention: We implement measures to prevent AI bias: - Regular bias testing and monitoring - Diverse training data sets - Algorithmic fairness assessments - Continuous improvement of AI models 15.7 AI Contact Information: For AI-related inquiries and automated decision requests: - Email: ai-privacy@giftrrapp.com - Response time: Within 30 days of verified request - Human review available upon request - Explanation of AI decisions provided free of chargeYou have the right to lodge a complaint with your local data protection authority: - EU residents: Contact your national data protection authority - UK residents: Information Commissioners Office (ICO) - We will cooperate with all supervisory authority investigations- Adjusting browser settings - Using our cookie management interface - Contacting us directly - Note: Withdrawing consent may affect service functionalityWhen we make material changes to data processing, we will: - Provide 30 days advance notice - Explain the changes clearly - Request renewed consent where required - Allow you to modify or withdraw consent - Provide options to continue or discontinue service use- Right to lodge complaints with data protection authorities - Information on relevant supervisory authorities - Assistance with complaint procedures - Cooperation with regulatory investigations