Privacy Policy

Last updated: February 2026

1. Introduction

GifyLab ("we", "us", "our", or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (the "Service").

Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use the Service. By using GifyLab, you consent to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

  • Account Registration: Email address, password (hashed), account creation date
  • Profile Information: Name, company, timezone (optional)
  • Timer Content: Timer name, target date/time, message text, color schemes, and configurations you create
  • Billing Information: Stripe processes payment data; we receive transaction ID, payment method type (card/PayPal), amount, and date. We do NOT store credit card numbers.
  • Support Communications: Any messages you send to our support team

2.2 Information Automatically Collected

  • IP Address: Collected for rate limiting, security, and analytics (hashed for privacy)
  • Authentication Token (JWT): Stored in browser cookies for session management
  • Impression Analytics: When your timer is viewed in emails:
    • Timestamp of impression
    • Country (from CloudFront headers)
    • Email client (Gmail, Outlook, Apple Mail, etc.)
    • User Agent string (email client detection)
    • Hashed IP address of viewer
  • Browser Information: Device type, browser type, operating system (for error tracking)
  • Usage Data: Pages visited, features used, time spent, interactions

2.3 Third-Party Information

We may receive information from third-party services (Stripe for payment confirmation, email services for delivery status).

3. How We Use Your Information

We use collected information for:

  • Service Delivery: Creating and managing your account, storing timer configurations, processing payments
  • Analytics & Insights: Tracking timer impressions, measuring performance, generating reports for your dashboard
  • Security: Preventing fraud, abuse, unauthorized access, rate limiting
  • Billing: Processing payments, managing subscriptions, sending invoices
  • Communication: Sending transactional emails (verification, password reset, billing notifications)
  • Legal Compliance: Complying with laws, responding to legal requests, resolving disputes
  • Service Improvement: Identifying bugs, optimizing performance, developing new features
  • Legitimate Business Interests: Protecting our platform, detecting fraud, improving user experience

4. Third-Party Integrations

GifyLab uses the following third-party services, which may collect data about you:

4.1 Stripe (Payment Processing)

  • Processes all credit card and PayPal payments
  • May collect payment method details (not stored by us)
  • Stripe's Privacy Policy: https://stripe.com/privacy

4.2 Amazon Web Services (AWS)

  • Hosts our platform (DynamoDB for database, Lambda for computing)
  • CloudFront for content delivery and analytics
  • AWS Privacy Policy: https://aws.amazon.com/privacy/

4.3 Email Services

  • Sends verification emails, password resets, and notifications
  • Providers: Amazon SES, SendGrid, or similar services
  • May process your email address for delivery

4.4 Other Services

We may also use analytics, error tracking, or monitoring services. These services have their own privacy policies.

5. Cookies & Tracking Technologies

5.1 Essential Cookies

We use cookies to store your JWT authentication token. This is required for the Service to function (login, session management). These cookies cannot be disabled.

5.2 Analytics Cookies (Optional)

If you consent, we may use analytics cookies to track usage patterns, identify errors, and improve the Service. You can decline these cookies, and we will not load analytics scripts.

5.3 Cookie Consent

We display a cookie consent banner when you first visit. You may manage your preferences at any time via your account settings.

6. Your Privacy Rights (GDPR)

If you are located in the European Union or other jurisdictions with similar laws, you have the following rights:

6.1 Right to Access

You have the right to request a copy of all personal data we hold about you. You can download your data via your account settings under "Export My Data".

6.2 Right to Rectification

You can update or correct your personal information at any time via your account settings.

6.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your account and all associated data. You can submit a deletion request via your account settings under "Delete My Account". Upon submission, we will permanently delete your account, timers, and personal data within 30 days (unless required to retain for legal reasons).

6.4 Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format (JSON) and to transmit it to another service provider.

6.5 Right to Object

You may object to certain processing of your data, particularly marketing communications. You can opt out via your account settings.

6.6 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you may lodge a complaint with your local data protection authority.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

7.1 Right to Know

You may request what personal information we collect, the sources, and purposes.

7.2 Right to Delete

You may request deletion of your personal data.

7.3 Right to Opt-Out of Sale

Important: GifyLab does NOT sell, rent, or share personal information with third parties for their direct marketing purposes.

We may share data with service providers (Stripe, AWS) for operational purposes only, which is not considered "selling" under CCPA.

7.4 Do Not Track

We honor browser Do-Not-Track (DNT) signals. If DNT is enabled, we will not load optional analytics cookies.

8. Data Retention

  • Active Account: We retain your account data and timer configurations while your account is active.
  • After Account Deletion: We delete your personal data within 30 days. Impression analytics are deleted within 90 days.
  • After Cancellation: If you cancel your subscription and revert to Free tier, we retain your data for 180 days before permanent deletion (to allow recovery).
  • Legal Hold: We may retain data longer if required by law, legal process, or legitimate business needs.
  • Analytics Data: Impression analytics are automatically deleted after 90 days to reduce costs and protect privacy.

9. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data is transmitted via HTTPS/TLS
  • Encryption at Rest: Sensitive data (passwords, payment info) is encrypted in DynamoDB
  • Access Controls: Only authorized staff can access customer data; multi-factor authentication is required
  • Rate Limiting: We limit login attempts to prevent brute force attacks
  • Password Hashing: Passwords are hashed using bcrypt (never stored in plain text)
  • Regular Audits: We perform regular security audits and penetration testing

However, no security system is 100% secure. We cannot guarantee absolute security of your data.

10. Breach Notification

In the event of a data breach that compromises your personal information, we will notify you within 72 hours (or as required by law) via email or by posting a notice on our website. We will also notify relevant data protection authorities as required by GDPR.

11. Children's Privacy

GifyLab is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

12. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where AWS has data centers. These countries may not have the same data protection laws as your home country.

By using GifyLab, you consent to the transfer of your personal data to countries outside your country of residence, which may have different data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Material changes will be communicated via email or a notice on our website. Your continued use of the Service constitutes acceptance of the updated Privacy Policy.

14. GDPR Data Rights Requests

To exercise any of your data rights (access, correction, deletion, portability), you can:

  • Use the self-service tools in your account settings (Export My Data, Delete My Account)
  • Send a request to support@gifylab.com with the subject "GDPR Data Request"
  • Provide your email address and the type of request (access, deletion, portability)

We will respond within 30 days (or as required by law).

15. Contact Us

For privacy-related questions or concerns, please contact us:

GifyLab Privacy Team

Email: privacy@gifylab.com

Email (General Support): support@gifylab.com

Website: https://gifylab.com

16. Data Protection Officer

For EU residents, our Data Protection Officer can be contacted at:

Email: dpo@gifylab.com

For more information, see our Terms of Service and manage your data and privacy settings.

© 2026 GifyLab. All rights reserved. This document was last updated February 2026 and is effective immediately.