Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you use Namedraw, we collect information you provide directly to us, including:

• Account Information: Email address, name, and authentication details when you create an account or sign in through social providers (Google, Facebook).
• Exchange Information: Details about gift exchanges you create or participate in, including exchange names, participant information, gift preferences, budget limits, and drawing configurations.
• Communications: Any information you provide when contacting us for support or feedback.

1.2 Automatically Collected Information

We automatically collect certain information about your device and how you interact with our service:

• Usage Data: Pages visited, features used, actions taken (such as creating exchanges, executing drawings), time and date of visits, and session duration.
• Device Information: Browser type, operating system, device type, IP address, and general location information.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain your session, remember your preferences, and improve your experience.

1.3 Analytics and Tracking

We use PostHog, a product analytics platform, to understand how users interact with our service and to improve the user experience. PostHog helps us track:

• Feature usage and user behavior patterns
• Performance metrics and error tracking
• User journey and conversion funnels
• Session recordings (with personally identifiable information masked)

PostHog may collect and process your IP address, browser information, and usage patterns. We configure PostHog to respect user privacy by masking sensitive information in session recordings. You can learn more about PostHog's privacy practices at https://posthog.com/privacy.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our gift exchange platform, including executing fair and random name drawings, managing exclusions and forbidden pairs, and facilitating communications between participants.
• Authentication: To verify your identity, manage your account, and provide secure access to your exchanges.
• Communications: To send you important updates about your exchanges, magic link authentication emails, and service announcements.
• Analytics and Improvements: To understand how users interact with our service, identify areas for improvement, troubleshoot issues, and develop new features.
• Security: To detect, prevent, and address fraud, security issues, and other potentially prohibited or illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• With Exchange Participants: When you create or join a gift exchange, your name, email, and gift preferences may be visible to other participants as necessary for the exchange functionality.
• Service Providers: We may share information with third-party service providers who perform services on our behalf, such as:
  • PostHog for analytics and product improvements
  • Email service providers for sending transactional emails
  • Cloud hosting providers for data storage and processing
  • Authentication providers (Google, Facebook) when you use social login
  These service providers are contractually obligated to protect your information and use it only for the purposes we specify.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
• With Your Consent: We may share information with third parties when you give us explicit consent to do so.

4. Data Security

We take the security of your personal information seriously and implement industry-standard security measures to protect it:

• Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols. Sensitive data is encrypted at rest.
• Access Controls: We restrict access to personal information to authorized personnel who need it to perform their job functions.
• Authentication: We use magic link authentication and secure social login to prevent unauthorized access to accounts.
• Regular Security Assessments: We regularly review and update our security practices to address new threats and vulnerabilities.

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

5. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account Data: We retain your account information until you request account deletion or your account is inactive for an extended period.
• Exchange Data: Information about gift exchanges is retained to allow participants to access exchange history and results.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for statistical purposes.
• Legal Obligations: We may retain certain information as required by law or for legitimate business purposes such as fraud prevention.

When data is no longer needed, we securely delete or anonymize it so that it cannot be recovered or reconstructed.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: You can request access to the personal information we hold about you.
• Correction: You can update or correct your account information at any time through your account settings.
• Deletion: You can request deletion of your account and associated personal information. See Section 9 for details.
• Data Portability: You can request a copy of your data in a portable format.
• Opt-Out: You can opt out of certain communications and data collection practices. Note that opting out of essential service communications may limit functionality.
• Object to Processing: You can object to certain types of data processing, including analytics tracking.

To exercise any of these rights, please contact us at hello@namedraw.app. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication, session management, and core functionality.
• Analytics Cookies: Used by PostHog and other analytics tools to understand usage patterns and improve our service.
• Preference Cookies: Used to remember your settings and preferences.

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country. When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

9. Account Deletion

You have the right to request deletion of your account and all associated personal information at any time. When you delete your account:

• Your account information and profile data will be permanently deleted
• Your participation in exchanges will be removed where possible
• Some information may be retained in anonymized form for analytics purposes
• We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention)

For detailed information on the account deletion process, please visit our Account Deletion page or contact us at hello@namedraw.app.

10. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@namedraw.app, and we will delete such information from our systems.

11. Third-Party Links

Our service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice on our service
• Provide you with an opportunity to review the changes before they become effective (for material changes)

Your continued use of our service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at hello@namedraw.app.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure (right to be forgotten)
• The right to restrict processing
• The right to data portability
• The right to object to processing
• Rights related to automated decision-making

Our legal basis for processing your personal information includes:

• Contract Performance: Processing necessary to provide our service
• Legitimate Interests: Analytics, security, and service improvements
• Consent: For certain optional features and communications
• Legal Obligations: Compliance with applicable laws

You also have the right to lodge a complaint with a supervisory authority in your country.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: hello@namedraw.app

We will respond to your inquiry within 30 days.