Privacy policy

Last updated: 2026-07-11

This Privacy Policy explains how we handle personal data across the GiftRadar website and gift planning service.

Summary (Plain English)

  • We only collect the information we need to generate gift suggestions and manage your account.
  • We do not sell your data.
  • We do not use your data for targeted advertising.
  • We do not share your data with third parties for their own marketing.
  • You can delete your account or ask us to delete your data at any time.

Who we are

Asambl Technologies Ltd, trading as GiftRadar, is the data controller for personal data processed through this website and service. The registered address is:

71–75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom

Company number: 17066085

ICO registration number: ZC102886

For privacy questions or data requests, contact: support@asambl.app

What we collect

Occasions and recipients

When you create an occasion, we collect the people, dates, budgets, and context you enter. These are stored to generate suggestions and keep your gift plans organised.

Gift ideas and feedback

We store suggestions you save, ideas you add manually, their status (ordered, shipped, etc.), and your thumbs up/down ratings to personalise and improve the service.

Account data

If you sign in to save your data, the shared asambl account service provides GiftRadar with your verified email address, name, profile image, and account ID. Your GiftRadar plans and preferences stay in GiftRadar and are not copied into another asambl product.

Cookies and analytics

We use a session cookie (HTTP-only) to keep you signed in. This is essential and does not require consent.

With your consent, we use PostHog for analytics, tracking anonymous usage events like page views, occasion creation, and button clicks. PostHog cookies are only set after you click “Accept” on the consent banner. You can change your preference at any time by clearing your browser data or contacting us.

We do not use third-party advertising cookies or trackers.

Why we process your data

We process personal data to:

  • generate personalised gift suggestions
  • connect you securely to your asambl account
  • save occasions, gift ideas, and reminders you choose
  • improve suggestion quality over time
  • understand aggregate usage patterns

Legal basis

Where UK GDPR or EU GDPR applies, our legal basis is consent for optional analytics and reminders, and legitimate interest for providing and improving the service.

You can withdraw consent at any time by contacting us or unsubscribing from any emails.

AI processing

GiftRadar may send a short, anonymous summary of interests, things to avoid, the occasion, budget, and timing to an AI provider (currently OpenAI) to improve the order and explanation of real gift options. We do not send recipient names, raw notes, email addresses, user IDs, or permanent recipient IDs.

How we use email

We may send you emails about:

  • reminders you have chosen for an occasion
  • delivery and gift-status prompts you have requested
  • wishlist and Secret Santa activity needed to run those features

Every email includes an unsubscribe link, and we do not add you to unrelated mailing lists.

Data retention

We keep personal data only for as long as needed.

  • Account data: while your account is active, then deleted within 30 days of account deletion
  • Occasion records, gift ideas, and recipient profiles: while your account is active, unless you ask for deletion earlier

Sharing and processors

We use service providers to help operate the website and service.

At the time of writing, those include:

  • Cloudflare: website hosting, DNS, CDN, and serverless compute
  • OpenAI: AI-supported gift suggestion generation
  • Resend: GiftRadar reminders and service email
  • WorkOS: shared asambl account sign-in
  • Neon: database hosting
  • PostHog: privacy-friendly analytics (consent-gated)

These providers process data only to provide their services to us. They are not authorised to sell your data or use it for their own marketing purposes.

We will update this policy if our processors change.

International transfers

Some of our providers may process data outside the UK or EU.

Where this happens, we rely on appropriate safeguards, such as standard contractual clauses or the UK International Data Transfer Agreement, where required.

Your rights

If UK GDPR or EU GDPR applies to you, you may have the right to:

  • access your personal data
  • correct inaccurate data
  • ask us to delete your data
  • withdraw consent at any time
  • object to certain kinds of processing
  • request a copy of your data in a structured format
  • complain to the Information Commissioner's Office (ICO)

To exercise these rights, email: support@asambl.app

We aim to respond within one calendar month. If a request is complex and we need more time, we will let you know within that first month.

Security

We take reasonable steps to protect personal data, including access controls, least-privilege access, secure hosting, and encrypted connections.

No system can be guaranteed 100% secure, but we work to reduce risk and protect the information we handle.

Children

GiftRadar is not intended for children under 16, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy as the product and services evolve.

When we do, we will update the “Last updated” date above. If a change is significant, we will notify existing users by email before it takes effect.

Contact

For privacy and data requests: privacy@asambl.app

For general enquiries: contact@asambl.app