Wishy®

Privacy Policy

Last updated: May 10, 2026

1. Who are we?

Wishy is an app that allows you to create and share wish lists. The data controller for personal data is Boysenberry (Chamber of Commerce number 42016252), operating under the name Wishy.

For questions about privacy, you can reach us via hello@getwishy.app.


2. What data do we collect?

We may process the following data:

Account and profile

Email address: to support your account, log in, and (where applicable) send verification messages.
Name or display name: to display your profile (if you fill it in).
Social login data: if you choose to log in via, for example, Apple, Google, or Microsoft, we typically receive a provider ID and the email address associated with your account (and sometimes a name), as shared by you with the provider.

App usage

Wish lists and content: names of lists, dates, comments, gifts, reservations, photos you upload, and other data entered by you.
Secret Santa draws: data required to run draws (such as participant names and draw status), as entered by you.
Affiliate and webshop links: when using product or shop links, we may record technical and usage data, such as which link, time, and (where available) a country code, for statistics and affiliate reporting.

AI features (gift ideas)

• If you use features where suggestions are automatically generated (such as the gift ideas generator), we process the hints, preferences, and search terms entered by you that are necessary to generate suggestions. This data is processed via Firebase AI Logic and Google AI models (such as Gemini); additionally, Google search or processing services may be used to provide more current or relevant suggestions. The exact scope may vary by feature and app version.

Technology, payment, and improvement

Device and diagnostic data: such as device type, system version, crash reports, and error messages, to improve stability and quality.
Subscription and purchase status: if you subscribe to Premium, Apple and/or Google process payment data; we typically do not receive full payment card details, but we do receive signals such as subscription status and transaction IDs via the stores and/or our partner for subscription management (RevenueCat), to grant you entitlements in the app.

We do not use:

GPS location as a separate category (we do not request continuous location for Wishy).
Your phone contact book.
Your SMS or call history.


3. Why do we process this data?

We use data for:

Account and security: registration, login, fraud and abuse prevention.
Services: storing, displaying, and sharing lists and draws as you use them.
Communication: verification messages and service emails where necessary.
AI features: generating gift ideas and similar suggestions based on your input.
Improvement: troubleshooting, statistics, and product development.
Affiliate and reporting: measuring link usage where necessary for partner agreements.
Premium: determining if you have an active subscription.

The processing is based on the performance of the agreement (using the app), legitimate interest (security, improvement, non-marketing analytics where appropriate), and where necessary consent (for example, if we separately request consent for this in the app).

4. How long do we keep data?

Account and profile: as long as your account exists.
Lists and content: until you delete them or your account is deleted.
Verification codes (OTP): short-term; automatically deleted after about ten minutes (unless technically required otherwise).
Crash and diagnostic data: limited retention period, typically up to a maximum of approximately 90 days for reports, unless needed longer for handling a specific incident.

Delete account: when you delete your account, we aim to delete or anonymize personal data within 30 days, subject to what we are legally required to retain based on statutory retention obligations or legitimate interest (such as limited incident administration).


5. With whom do we share data?

We do not sell your data and do not use it for third-party external marketing.

We do make use of processors and platforms, including:

Google (Firebase, including Authentication, Firestore, Hosting, App Check, Firebase AI Logic / Gemini, and related Google cloud services) for storage, security, AI processing, and infrastructure.
Google (Firebase Crashlytics) for crash reporting.
Apple and Google as app stores and for In-App purchases and subscriptions.
RevenueCat (or similar provider) for linking and validating subscription rights across different platforms.
Email delivery: transactional emails via a professional provider (e.g., for verification), depending on our technical setup.

These parties process data on our behalf or as an independent data controller where that follows from their role (such as Apple/Google for payment). Please also consult their privacy policies for details.

Transfer outside the EEA: data may be processed outside the European Economic Area (particularly when using US cloud and AI services). Where necessary, we rely on appropriate safeguards (such as Standard Contractual Clauses) and additional measures.


6. Sharing wish lists

• If you use a sharing link, anyone with that link can view the list as displayed by Wishy.
You decide with whom you share the link and where you place it.
• Shared views are designed so that no email addresses of others need to be visible in that context (depending on how you share the list and what you enter).


7. Your rights (GDPR)

You may request, among other things, the following:

Access to your data.
Correction of inaccurate data.
Deletion of data (“right to be forgotten”), subject to legal exceptions.
Restriction of processing in certain cases.
Objection to processing based on legitimate interest.
Data portability of data you have provided to us, where technically feasible.

You can manage much of your data yourself within the app. For requests: hello@getwishy.app. We may verify your identity before responding substantively.


8. Security

We apply appropriate technical and organizational measures, including:

• encrypted connections (HTTPS/TLS) where applicable;
access restriction and authentication;
• use of platform security from our cloud providers;
• aiming for regular updates of the app.

No online service can guarantee 100% security; please report suspicious activity via hello@getwishy.app.


9. Cookies and similar technologies

The Wishy app does not use traditional advertising cookies like on an average news site.

We do use functional storage and measurements required for:

• your session and settings;
affiliate click registration where applicable;
app analytics and reports for improvement.

If you visit Wishy web pages (for example, a shared link in the browser), technical cookies or local storage required for the page to function may be used there.


10. Children

Wishy is intended for general use. For children under the age of 16, we recommend having consent from a parent or guardian to use the app and create an account, as appropriate under applicable rules.


11. Changes

We may update this privacy policy. In the event of significant changes, we will inform you where reasonable via the app or by email.


12. Contact and complaints

Privacy questions: hello@getwishy.app

Complaint: you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.

Boysenberry (operating under the name Wishy)
Chamber of Commerce number: 42016252

Create a free website with Framer, the website builder loved by startups, designers and agencies.