Privacy Policy

Last updated: May 10, 2026 (updated with account deletion details)

1. Who We Are

UnWrapIt is a gift recommendation app available on iOS and Android. The app is operated by OBAI Studio (Ivan Bašić, Split, Croatia), reachable at contact@unwrapit.eu or unwrapit.eu.

2. What Data We Collect

We collect only the data necessary for the app to function:

• Account data: email address, display name, and authentication info (managed via Google Sign-In or Apple Sign-In)
• Recipient profiles: information you enter about people you're finding gifts for (name, interests, age range, relationship to you, occasions, budget preferences) — this data is private to your account
• Wishlists and friends: items you save and connections you make within the app
• Purchase history: in-app purchases (Plus subscription, top-up credit packs) handled by Google Play / Apple App Store
• Waitlist email: if you sign up via our website at unwrapit.eu
• Technical data: device type, operating system, app crash logs, anonymous analytics, IP address (used briefly for spam protection)

3. Why We Collect Data

We use your data solely to:

• Provide personalised gift recommendations powered by AI
• Save your wishlists, friends, and recipient profiles across devices
• Send notifications about upcoming occasions, friend requests, and group gift activity (you can disable any of these in settings)
• Improve app quality and detect crashes
• Process in-app purchases (subscriptions, credit top-ups)
• Respond to your support requests

4. Sharing Data with Third Parties

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be processed by these service providers:

• AI gift suggestions: Google Gemini (via Firebase AI Logic). When you request gift ideas, we send the recipient profile (interests, age, relationship, budget) to Google's AI service. We do not send your real name, email, or any other personally identifying information.
• Backend infrastructure: Firebase (Google Cloud) for authentication, database (Firestore), serverless functions, and crash reporting. All servers in EU regions where possible.
• Website hosting: Netlify for the unwrapit.eu landing page.
• Analytics: Firebase Analytics — anonymised and aggregated usage data only (no personal identification).
• Crash reporting: Firebase Crashlytics — anonymised technical data when the app crashes.
• Advertising: Google AdMob shows occasional rewarded ads for Free tier users. AdMob may use your advertising ID for relevance. You can reset or opt out of personalised ads in your device settings (Android: Settings → Google → Ads; iOS: Settings → Privacy → Tracking).
• Payments: Google Play Billing (Android) or App Store (iOS) handle all subscription and one-time payments. We never see or store your credit card details.

5. Affiliate Partnerships

When you click a product link in UnWrapIt (in AI suggestions, wishlist items, or recipient gift ideas), you may be redirected through an affiliate partner before reaching the retailer:

• Amazon Associates (amazon.com, amazon.de, amazon.it, amazon.fr, amazon.es, amazon.co.uk)
• Commission Junction (CJ Affiliate) — for partners like AboutYou, Answear, Foreo, Crocs, Lelosi, and others
• AWIN — for partners like AliExpress, Decathlon, Converse, Sals Forever Flowers
• Dognet — for 40+ partners across Croatia, Slovenia, Czechia, Slovakia, Hungary, and Serbia

If you make a purchase after clicking, we may earn a small commission at no extra cost to you. These partnerships help us keep UnWrapIt free for the majority of users. Affiliate tracking is performed by these networks using cookies and click identifiers — it does not include personally identifying information from UnWrapIt itself.

6. Data Storage and Security

Your data is stored on secure Firebase (Google Cloud) servers, primarily in EU regions. We use industry-standard data protection practices including encryption in transit (HTTPS/TLS) and at rest. Authentication is handled by Firebase Auth with secure password hashing or third-party providers (Google, Apple).

We retain your data for as long as your account is active. If you delete your account, your personal data is deleted within 30 days, except where retention is required by law (e.g. tax records for completed purchases).

7. Your Rights (GDPR)

As a user (especially in the EU/EEA), you have the following rights:

• Right of access: request a copy of all data we hold about you
• Right to rectification: correct inaccurate data
• Right to erasure: delete your account and personal data ("right to be forgotten")
• Right to portability: receive your data in a machine-readable format (JSON export available on request)
• Right to object: object to certain types of data processing, including analytics and personalised advertising
• Right to withdraw consent: for any consent-based processing, you can withdraw at any time

To exercise these rights, contact us at: contact@unwrapit.eu. We respond within 30 days as required by GDPR.

8. How to Delete Your Account

You can request deletion of your UnWrapIt account and associated personal data at any time. We offer two ways to do this:

Option 1: Delete from inside the app (instant)

1. Open the UnWrapIt app on your Android or iOS device
2. Tap the Profile tab (bottom navigation)
3. Scroll down to the Danger zone section
4. Tap Delete Account
5. Confirm the deletion in the dialog that appears

Your account is queued for deletion immediately. Personal data is removed from our active systems within 24 hours and from all backups within 30 days.

Option 2: Request deletion by email

If you can no longer access the app, send an email from your account's registered email address to contact@unwrapit.eu with the subject line "Account Deletion Request". We will verify your identity and process the deletion within 7 working days.

What gets deleted

• Deleted immediately: Your account, display name, email address, recipient profiles, wishlists, friend connections, group gift participation, saved gift ideas, in-app preferences, and notification tokens.
• Anonymised and retained: Aggregated analytics data (no longer linked to you personally) for app improvement purposes.
• Retained for legal compliance: Purchase records for completed in-app purchases (Plus subscriptions, top-up packs) are retained for up to 7 years as required by Croatian tax law (Zakon o porezu na dobit). These records do not contain your name or contact info — only an anonymous transaction ID and amount.

Active subscriptions

If you have an active Plus subscription when you delete your account, the subscription will continue to be billed by Google Play / Apple App Store until you cancel it separately through your store account. To cancel:

• Android (Google Play): Open Google Play → Profile → Payments & subscriptions → Subscriptions → UnWrapIt → Cancel subscription
• iOS (App Store): Open Settings → [Your name] → Subscriptions → UnWrapIt → Cancel subscription

9. App Permissions

UnWrapIt requests the following Android/iOS permissions only when needed:

• Internet: always required for app functionality (sync, AI suggestions, friends)
• Camera: only used to scan a friend's QR code when you choose to add a friend via QR (you tap "Scan QR" first). Camera access is never used for anything else and no photos are saved.
• Notifications: requested on first launch (Android 13+) and optional. Used for occasion reminders, friend requests, group gift activity, and account-related updates. You can disable specific types in app settings.
• Advertising ID: used by Google AdMob for rewarded ads on Free tier. Not used for cross-app tracking. Can be reset in device settings.

10. Cookies (Website Only)

Our website (unwrapit.eu) uses minimal cookies — only technical cookies necessary for the waitlist form and basic site functionality. We do not use cookies for tracking, retargeting, or advertising on the website. The mobile app does not use browser cookies.

11. Children

UnWrapIt is intended for users aged 16 and over (or the applicable age of digital consent in your country — 13 in some regions per COPPA, 14-16 in EU member states under GDPR). We do not knowingly collect data from children below this age. If you believe a child has provided us with personal data without parental consent, please contact us at contact@unwrapit.eu and we will delete the data immediately.

12. International Data Transfers

Some of our service providers (Google Firebase, Google Gemini, Netlify, AdMob) are based in the United States but maintain GDPR-compliant data processing through Standard Contractual Clauses (SCCs) and other approved transfer mechanisms. Where possible, we configure these services to use EU regions.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated by email or within the app at least 14 days before they take effect. The date of the last update is always shown at the top of this page. Continued use of the app after changes constitutes acceptance.

14. Contact

For any privacy-related questions, data requests, or concerns:

• 📧 Email: contact@unwrapit.eu
• 🌐 Website: unwrapit.eu
• 📮 Operator: OBAI Studio, Split, Croatia

If you believe your data protection rights have been violated, you may also contact the Croatian Personal Data Protection Agency (AZOP — Agencija za zaštitu osobnih podataka) at azop.hr.