How we collect, use, and protect your personal information in compliance with GDPR and other privacy laws.
Effective Date: July 23, 2025
Last Updated: July 23, 2025
This Privacy Policy describes how VIRALITYBOMB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ("we," "us," "our," or "Giftable") collects, uses, processes, and protects your personal information when you use our digital interactive postcard service available at giftable.love (the "Service"). This policy applies to all users of our Service, regardless of how you access or use it.
We are committed to protecting your privacy and ensuring transparency about our data practices. This Privacy Policy is designed to help you understand what information we collect, why we collect it, how we use it, and what choices you have regarding your personal information.
As a company established in Poland and operating within the European Union, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains your rights under these laws and how you can exercise them.
Data Controller:
VIRALITYBOMB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Address: ul. Marsz. Józefa Piłsudskiego 74, lok. 320, 50-020 Wrocław, Poland
KRS Number: 0001181815
NIP: 8971956455
Email: ilya@viralitybomb.com
For any questions regarding this Privacy Policy or our data processing practices, please contact us using the information provided above.
We collect several types of information from and about users of our Service. The categories of personal information we collect depend on how you interact with our Service.
Account Information: When you create an account with Giftable, we collect information such as your name, email address, and password. This information is necessary to provide you with access to our Service and to communicate with you about your account.
Payment Information: When you purchase our services, we collect payment information including billing address and payment method details. However, we do not store your complete payment card information on our servers. Payment processing is handled by Stripe, our third-party payment processor, which maintains PCI DSS compliance standards.
Profile Information: You may choose to provide additional profile information such as a profile picture or personal preferences to customize your experience with our Service.
Digital Postcards: We collect and store the content you create using our Service, including text, images, and other media you include in your digital postcards. This content is necessary to provide the core functionality of our Service.
Recordings: Our Service includes functionality that allows you to record your screen and face reactions. When you use these recording features, we collect and store the audio and visual recordings you create. These recordings are an integral part of the interactive postcard experience we provide.
Communications: We may collect information when you communicate with us, such as when you contact our customer support team or respond to our communications.
Usage Information: We automatically collect information about how you use our Service, including the features you use, the actions you take, and the time, frequency, and duration of your activities.
Device Information: We collect information about the device you use to access our Service, including device type, operating system, browser type and version, screen resolution, and device identifiers.
Log Information: Our servers automatically record information when you use our Service, including your IP address, browser type, referring/exit pages, and timestamps.
Location Information: We may collect general location information based on your IP address to provide localized services and comply with applicable laws.
Analytics Services: We use third-party analytics services, including Google Analytics and Microsoft Clarity, which may collect information about your use of our Service. These services help us understand how users interact with our Service and improve our offerings.
Social Media: If you choose to connect your social media accounts or share content from our Service on social media platforms, we may receive information from those platforms in accordance with their privacy policies.
Under the GDPR, we must have a legal basis for processing your personal information. The legal bases we rely on include:
Contract Performance: We process your personal information to provide our Service to you, including creating and delivering digital postcards, processing payments, and maintaining your account. This processing is necessary for the performance of our contract with you.
Legitimate Interests: We may process your personal information based on our legitimate interests, such as improving our Service, ensuring security, preventing fraud, and conducting analytics. We carefully balance our interests against your rights and freedoms.
Consent: For certain types of processing, such as marketing communications and non-essential cookies, we rely on your explicit consent. You can withdraw your consent at any time.
Legal Obligations: We may process your personal information to comply with legal obligations, such as tax requirements or responding to legal requests from authorities.
We use the personal information we collect for various purposes related to providing and improving our Service:
We use your information to provide, maintain, and improve our Service, including creating and delivering digital postcards, processing recordings, managing your account, and providing customer support.
We use your contact information to communicate with you about your account, respond to your inquiries, provide customer support, and send important notices about our Service.
We use your payment information to process transactions, manage billing, and prevent fraud. Payment processing is handled by our third-party payment processor, Stripe.
We use analytics information to understand how our Service is used, identify trends, diagnose technical issues, and improve our Service's functionality and user experience.
With your explicit consent, we may use your email address to send you marketing communications about our Service, new features, and special offers. You can opt out of these communications at any time.
We may use your information to comply with applicable laws, regulations, legal processes, or governmental requests.
We do not sell, trade, or otherwise transfer your personal information to third parties except as described in this Privacy Policy.
We may share your information with trusted third-party service providers who assist us in operating our Service, conducting our business, or serving our users. These service providers include:
Payment Processing: Stripe processes payments on our behalf and may have access to payment-related information necessary to provide their services.
Analytics Services: Google Analytics and Microsoft Clarity collect and analyze usage data to help us understand and improve our Service.
Hosting and Infrastructure: Our hosting providers may have access to your information as necessary to provide hosting and infrastructure services.
All service providers are contractually obligated to protect your information and use it only for the purposes we specify.
We may disclose your information if required to do so by law or in response to valid requests by public authorities, such as a court order or government agency.
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
We may disclose your information when we believe it is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.
We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account Information: We retain your account information for as long as your account is active or as needed to provide you with our Service.
Digital Postcards and Recordings: We retain your digital postcards and recordings for six (6) months from the date of creation, after which they may be automatically deleted unless you have specifically requested to keep them longer.
Payment Information: Payment-related information is retained as necessary for accounting, tax, and legal compliance purposes.
Analytics Data: Analytics data is typically retained for up to 26 months, as determined by our analytics service providers' retention policies.
When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention and deletion procedures.
As a data subject under the GDPR, you have several important rights regarding your personal information. These rights include:
You have the right to request access to the personal information we hold about you. This includes the right to obtain confirmation of whether we are processing your personal information and, if so, to receive a copy of that information along with details about how we process it.
You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can update much of your account information directly through your account settings.
You have the right to request that we delete your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the information has been unlawfully processed.
You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or when you have objected to processing based on legitimate interests.
You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller when the processing is based on consent or contract and is carried out by automated means.
You have the right to object to the processing of your personal information in certain circumstances, particularly when processing is based on legitimate interests or for direct marketing purposes.
When processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information violates the GDPR. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
To exercise any of these rights, please contact us using the contact information provided in Section 2. We will respond to your request within one month, though this period may be extended by two additional months in complex cases.
Our Service may involve the transfer of your personal information to countries outside the European Economic Area (EEA), including the United States, where our service providers such as Google (for hosting and analytics) and Stripe (for payment processing) may process your information.
When we transfer your personal information outside the EEA, we ensure that appropriate safeguards are in place to protect your information, such as:
Adequacy Decisions: Transfers to countries that have been deemed by the European Commission to provide an adequate level of data protection.
Standard Contractual Clauses: Contractual commitments between us and our service providers that include data protection obligations approved by the European Commission.
Certification Schemes: Service providers that participate in certification schemes that demonstrate compliance with data protection standards.
We will only transfer your personal information to third countries or international organizations when appropriate safeguards are in place and your rights as a data subject can be effectively enforced.
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: We use encryption to protect sensitive information during transmission and storage.
Access Controls: We limit access to personal information to employees and service providers who need it to perform their job functions.
Regular Security Assessments: We regularly review and update our security measures to address new threats and vulnerabilities.
Secure Infrastructure: We use secure hosting environments and follow industry best practices for data security.
Payment Security: Payment processing is handled by Stripe, which maintains PCI DSS compliance and uses industry-standard security measures.
While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your information using reasonable and appropriate measures.
Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 without appropriate parental consent. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. We will work with you to address the situation and ensure compliance with applicable laws regarding children's privacy.
For users between the ages of 13 and 16, we require verifiable parental consent before collecting, using, or disclosing their personal information. This consent must be obtained through a method that reasonably ensures that a parent or guardian has authorized the collection and use of the child's personal information.
We use cookies and similar tracking technologies to enhance your experience with our Service, analyze usage patterns, and provide personalized content.
Essential Cookies: These cookies are necessary for the basic functionality of our Service and cannot be disabled. They include cookies that enable you to log into your account and use core features.
Analytics Cookies: We use analytics cookies from Google Analytics and Microsoft Clarity to understand how users interact with our Service. These cookies help us improve our Service by providing insights into user behavior and preferences.
Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.
You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling certain cookies may affect the functionality of our Service.
For more detailed information about the cookies we use and how to manage them, please refer to our separate Cookie Policy.
Our Service integrates with several third-party services that have their own privacy policies:
Stripe: Our payment processor. Their privacy policy is available at https://stripe.com/privacy.
Google Analytics: Our analytics service. Google's privacy policy is available at https://policies.google.com/privacy.
Microsoft Clarity: Our user behavior analytics service. Microsoft's privacy policy is available at https://privacy.microsoft.com/privacystatement.
We encourage you to review the privacy policies of these third-party services to understand how they collect, use, and protect your information.
With your explicit consent, we may send you marketing communications about our Service, new features, special offers, and other information that may be of interest to you. These communications will be sent to the email address associated with your account.
You can opt out of marketing communications at any time by:
Even if you opt out of marketing communications, we may still send you important service-related communications, such as account notifications, security alerts, and updates to our terms or policies.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:
We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
Email: ilya@viralitybomb.com
Address: VIRALITYBOMB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. Marsz. Józefa Piłsudskiego 74, lok. 320, 50-020 Wrocław, Poland
We will respond to your inquiry as promptly as possible and within the timeframes required by applicable law.
This Privacy Policy was last updated on July 23, 2025. This document is effective as of the date listed above and supersedes all previous versions.