Privacy Policy

AnsGift (“we”, “us”, “our”) is a digital gifts platform operated by AnsGift Ltd, a company registered in Bulgaria. We provide experience-based gifts including Treasure Hunts, 7-Day Challenges, and Adventure Roulette, delivered via our website and mobile application.

For any privacy-related questions, contact us at: [email protected]

We collect the following categories of personal data:

• Account data: email address and name when you register or sign in.
• Purchase data: buyer name, buyer email, recipient name, recipient email, and gift customisation details when you purchase a gift.
• Payment data: payment is processed entirely by our payment provider. We do not store card numbers or payment credentials — only a confirmation that the payment was successful.
• Gift experience data: text responses, photos, and videos submitted by gift recipients during their experience, stored securely in the cloud.
• Device data: a device identifier used solely to deliver notifications about gift progress.
• Location data: approximate location may be used during certain gift experiences to support location-based activities. Location data is not stored on our servers.
• Health data: fitness-related information (such as activity metrics) may be accessed for health-based challenge activities, with your explicit permission. This data is processed on your device and is never transmitted to our servers.

We use your personal data to:

• Process and fulfil gift purchases
• Deliver gift codes and confirmation emails
• Authenticate users and maintain secure sessions
• Enable gift recipients to access and complete their experience
• Send push notifications about gift progress (with your permission)
• Respond to customer support requests
• Comply with legal obligations

We do not use your data for advertising, profiling, or sell it to third parties.

As a company based in Bulgaria (EU), we process personal data under the General Data Protection Regulation (GDPR). Our legal bases are:

• Contract performance — processing necessary to fulfil your gift purchase and deliver the experience.
• Consent — for push notifications and optional health data access (you can withdraw at any time in your device settings).
• Legitimate interests — fraud prevention, security, and improving our service.
• Legal obligation — where required by applicable law.

• Account data is retained while your account is active and for 2 years after deletion.
• Order and gift data is retained for 7 years for tax and legal compliance.
• Gift experience media (photos/videos) is retained for 1 year after gift completion, then deleted.
• Push notification tokens are deleted when you uninstall the app or revoke permission.

We share data with the following trusted third parties, solely to operate our service:

• Stripe — payment processing. Stripe is PCI DSS compliant. See Stripe's Privacy Policy.
• Amazon Web Services (AWS) — email delivery and media storage, hosted in the EU.
• Google Firebase — push notifications and optional Google Sign-In.
• Apple — optional Apple Sign-In and iOS push notifications.

All third-party processors are bound by data processing agreements and comply with GDPR where applicable.

Under GDPR, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Restriction — request that we limit how we process your data.
• Withdraw consent — at any time, without affecting prior processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) at www.cpdp.bg.

Our website uses only technically necessary cookies to keep you signed in and maintain your session. We do not use tracking, advertising, or analytics cookies.

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, secure authentication, and strict access controls. No method of transmission or storage is 100% secure, but we take reasonable steps to protect your information.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The “Last updated” date at the top of this page always reflects the most recent version.