Privacy Policy

1. Eligibility and Age Restrictions

BestWish is intended for use by individuals who are at least 16 years of age. By using our service, you represent and warrant that:

• You are at least 16 years old
• If you are between 16 and 18 years old, you have the consent of your parent or legal guardian to use our service
• You have the legal capacity to agree to our Terms of Service and this Privacy Policy

We do not knowingly collect or process personal data from individuals under 16 years of age. If we become aware that we have inadvertently collected personal data from someone under 16, we will take steps to delete such information promptly.

2. Information We Collect

We collect and process the following types of personal data:

• Identity & Contact Data: email address, name, password (encrypted)
• Birthday Connection Data: recipient names, birthdays, relationships
• Message Content: birthday message details, recipient traits, AI-generated messages
• Technical Data: IP address, browser type, device information
• Usage Data: how you interact with our service, features used, preferences

3. Cookies and Tracking Technologies

By using BestWish, you consent to our use of cookies and similar tracking technologies that are essential for the website's functionality and help us improve our service. These technologies are necessary for:

• Essential Website Operation:
  • Maintaining your login session
  • Ensuring website security
  • Remembering your basic preferences
• Service Improvement:
  • Understanding how our service is used
  • Identifying technical issues
  • Measuring website performance

While most web browsers allow cookie controls through their settings, disabling cookies will prevent our service from functioning properly. By continuing to use BestWish, you acknowledge and agree to the use of these necessary technologies.

4. How We Use Your Information

We process your personal data for these purposes:

• To create and manage your birthday connections
• To generate personalized birthday messages using AI
• To enable message sharing and delivery (email, WhatsApp, SMS)
• To maintain your message history and preferences
• To secure your account and prevent unauthorized access
• To improve and optimize our services
• To analyze usage patterns and enhance user experience
• To maintain and improve our AI message generation system

5. Marketing Communications

We may send you marketing and promotional communications via email to keep you informed about:

• New features and services
• Special offers and promotions
• Tips for using BestWish effectively
• Updates about our service

Your Communication Preferences:

• You can control your marketing preferences:
  • Opt-out through the unsubscribe link in our emails
  • Adjust email preferences in your account settings
  • Contact us directly to update your preferences
• Even if you opt-out of marketing communications, you'll still receive:
  • Essential service notifications
  • Account-related communications
  • Security alerts
  • Legal notices

6. Data Privacy and Sharing

We are committed to maintaining the privacy and security of your personal data:

• Your personal information is kept private and secure
• We never sell your personal data to third parties
• We may share anonymized message content for inspiration purposes:
  • All personal identifiers are removed
  • Names, dates, and specific details are anonymized
  • Messages may be used as examples in our public gallery
• We use data internally to:
  • Improve our AI message generation
  • Enhance user experience
  • Develop new features
  • Analyze service performance

7. Third-Party Services

We work with these essential third-party services:

• OpenAI: For generating personalized birthday messages
• Email Service Providers: For message delivery
• WhatsApp/SMS Services: For message delivery
• Database Services: For secure data storage (SQLite)

When using these services, your data is processed according to their respective privacy policies and our data processing agreements with them. We only share the minimum data necessary for each service to function.

8. Your GDPR Rights

Under GDPR, you have these rights:

• Access your personal data
• Correct inaccurate data
• Request data deletion
• Object to data processing
• Request data portability
• Withdraw consent at any time

9. Data Retention

We keep your personal data only for as long as necessary to provide our services and comply with legal obligations. Birthday messages and related data are retained for 12 months after creation, unless you request earlier deletion.

10. Data Storage and International Transfers

Your data is stored in cloud data centers primarily located in the United States. By using our service, you acknowledge and agree that your personal data may be transferred to and processed in the United States and other countries where our service providers are located.

Types of International Transfers:

• Message Generation:
  • Transfer of message context and recipient traits to OpenAI (US) for AI-powered message generation
  • All personal identifiers are removed before transfer
• Message Delivery:
  • Transfer of message content and recipient contact details to email/messaging providers
  • Only essential delivery information is shared
• Cloud Storage:
  • Storage of user accounts, preferences, and message history in US data centers
  • Encrypted during transfer and storage

Data Transfer Safeguards:

For users in the European Union (EU), European Economic Area (EEA), and other regions with data protection laws:

• We ensure appropriate safeguards are in place for all international data transfers:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with service providers
  • End-to-end encryption for data in transit
  • Regular audits of data transfer mechanisms

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of personal data at rest and in transit
• Regular security assessments and updates
• Strict access controls and authentication measures
• Regular backup procedures
• Employee training on data protection