Privacy Policy

Last Updated: November 19, 2025

Welcome to SecretSantaMatch.com ("we", "us", "our"). We are deeply committed to your privacy. This policy explains what information we handle, how we use it, and your rights concerning your data.

1. Information We Collect

Our service is designed with a "privacy-first" approach. We collect different types of information depending on how you use the service.

A. Core Generator Data (Stored in URL)

When you use our main Secret Santa generator without enabling special features, all information is processed in your browser and encoded into the shareable URLs.

• What is collected: Participant names, exclusions, assignments, and event details you enter.
• How it's stored: This data is compressed and stored directly in the part of the URL that comes after the '#' symbol (the "URL hash").
• Our Access: We do not store this information on our servers and have no access to it. This design ensures maximum privacy for your core group data.

B. Editable Wishlist Data (Stored Securely)

To allow participants to update their wishlists after matches are made, we securely store wishlist information.

• What is stored: When a user saves a wishlist, we store their self-entered interests, likes, dislikes, and wishlist links.
• How it's stored: This data is stored using Netlify's secure Blob storage, associated with a non-identifiable, randomly generated ID for your specific gift exchange. It is not tied to a personal account, email, or IP address.
• Our Access: This data is stored on our service provider's infrastructure to allow the feature to work but is not used for any purpose other than displaying it to members of your group who have the correct link.

C. Anonymous Usage Data (Analytics)

To improve our service and make strategic decisions, we collect completely anonymous, aggregated data about how the tool is used.

• What is collected: We may track non-personally identifiable information such as the retailer domains found in wishlist links (e.g., "amazon.com"), and the topics mentioned in "likes" and "interests" fields (e.g., "coffee," "gardening").
• How it's stored: This information is sent as an anonymous event to Google Analytics. It is always aggregated and never contains full names, links, or any personally identifiable information (PII).

2. How We Use Your Information

• To Provide the Service: To generate matches and allow wishlists to be updated and viewed by your group.
• To Improve Our Service: Anonymous, aggregated data helps us understand what features and gift categories are popular, guiding our future development and content strategy.
• To Support Our Free Service: We use advertising and affiliate links to generate revenue that keeps the generator 100% free.

3. Cookies, Advertising, and Tracking Technologies

We use cookies and similar technologies. You have control over this through the cookie consent banner presented when you first visit our site.

• Google Analytics: If you consent, we use Google Analytics to gather anonymous traffic data to understand how our site is used.
• Google AdSense: If you consent, Google and its partners may use cookies to serve personalized ads based on your visit to this site and other sites on the internet. You can opt out of personalized advertising by visiting Google's Ads Settings.
• Affiliate Links: Our site contains affiliate links (e.g., to Amazon, Credit Karma, and others). If you click on these links and make a purchase or sign up for a service, we may earn a commission. These links use cookies to track referrals. This comes at no extra cost to you.

4. Third-Party Services and Data Sharing

We use certain third-party services to provide and improve our application. These services may have access to some data as described below.

• Hosting and Storage (Netlify): Our website is hosted on Netlify, and we use Netlify Blobs to store the Editable Wishlist data. Netlify acts as a data processor for this information.
• Link Shortening (TinyURL): To provide you with convenient, shorter links, we use a third-party service, TinyURL. When short links are generated, the long, data-encoded URL is sent to TinyURL. This process is subject to TinyURL's privacy policy. If you prefer not to use this service, you can disable the "Short Links" toggle in the sharing panel to copy and share the full links.

5. Data Storage and Security

The security of your data is important to us. Wishlist data is stored with Netlify, a leading web infrastructure company that uses modern security practices to protect data. Data encoded in URLs remains on your device and is only shared when you share the links.

6. Data Retention

Data encoded in URLs is not stored by us and therefore is not retained. Wishlist data stored in our system is retained indefinitely to ensure that links continue to work for your group year after year. As we do not have user accounts, this data is tied only to an anonymous exchange ID.

7. Your Privacy Rights (GDPR & CCPA/CPRA)

We respect your privacy rights. Here is how you can exercise them on our account-free service:

• Right to Know/Access: You can access the data associated with your exchange at any time by using your unique, private link.
• Right to Deletion: Because we do not have user accounts, we cannot identify your data based on personal information. To "delete" your data, simply stop using the generated links. If an organizer loses their master link, the associated wishlist data becomes permanently inaccessible (orphaned) and cannot be retrieved.
• Right to Opt-Out: You can opt out of non-essential cookies for analytics and advertising at any time using our cookie consent banner. We do not sell your personal information.
• Right to Correct: Participants can correct or update their wishlist information at any time using their private link to access the "Edit My Wishlist" feature.

For users in Europe (under GDPR) or California (under CCPA/CPRA), you have these and other statutory rights. This policy and your use of the service are governed by the laws of the Province of Ontario, Canada. If you have questions about exercising your rights, please contact us.

8. Children's Privacy

Our service is not intended for use by children under the age of 16, and we do not knowingly collect any data from them.

9. Changes to This Policy

We may update this privacy policy from time to time. We will post the new privacy policy on this page and update the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@secretsantamatch.com.