Effective: November 6 2020

giftgoat, inc. (“giftgoat,” “we,” “us,” or “our”) has prepared this Privacy Policy to explain what Personal Data (defined below) we collect, how we use and share that data, and your choices concerning our data practices. This Privacy Policy is incorporated into and forms part of our Terms of Service.

Through our app at https://app.giftgoat.com (the “App”) and https://www.giftgoat.com (the “Website”, and together with the App, the “Service(s)”), we offer customers the ability to send custom, personalized handwritten greeting cards to recipients on behalf of customers. Before using the Services or submitting any Personal Data to giftgoat, please review this Privacy Policy carefully and contact us if you have any questions. By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the App or Website or otherwise use the Services.

Our Services are not intended for children and minors. We do not knowingly or intentionally solicit or collect Personal Data from anyone under the age of eighteen (18), other than with written consent from a parent or legal guardian. If you are a parent or legal guardian, do not permit your children to submit Personal Data without providing permission to us first. If you have reason to believe that a child under the age of 13 has provided Personal Data to giftgoat through the Service please contact us and we will endeavor to delete that information from our databases.

By submitting any Personal Data to us, you agree to the processing of such Personal Data as outlined in this Privacy Policy. In the event additional uses of Personal Data are necessary to provide the Services, we will notify you of the change and provide you an opportunity to respond to the change.

1. Personal Data We Collect

We collect information that alone or in combination with other information in our possession could be used to identify you (“Personal Data”) as follows:

Personal Data You Provide: We collect the following categories of Personal Data from you when (i) you create a user account, (ii) you enter and submit data within the “Contact Us” page on the Services, or (iii) you use or access the Services:

  • Identification Data: We may collect your name, email address, phone number, mailing/billing addresses, and government identification documents (i.e., your driver’s license, passport, or state identification card), if we need to verify your identity.
  • Financial Data: Our payment processor Stripe, Inc. (“Stripe”) collects the financial information necessary to process your payments for the Services. Accordingly, in addition to this Privacy Policy and our Terms of Service, your Financial Data is also processed pursuant to Stripe’s services agreement and privacy policy.
  • Communication Data: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication data is optional to you.
  • Commercial Data: We may retain a history of the products you browse, search, and/or purchase using the Service and the features you use on the Services.
  • Demographic Data: We may collect your age, gender, and income level.
  • Social Media Data: We have pages on social media sites like Instagram, Facebook, Medium, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we may collect Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages. The information you allow us to access varies by Social Media Pages, and depends on the privacy level you have set with each Social Media Page. You can control and find out more about privacy settings at the applicable Social Media Page.

Internet Activity Data: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access the Service (e.g., Chrome, Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:

  • Log Data: Information that your browser automatically sends whenever you visit the Services. Log Data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Services.
  • Cookies Data: Please see the Cookies section below to learn more about how we use cookies.
  • Device Data: Includes name of the device, device’s unique device identifier, mobile network information, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Usage Data: We collect information about how you use our Services, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
  • Location Data: We derive a rough estimate of your location from your IP address. We collect your location information through the App using your device IP address, WiFi, Bluetooth, and GPS coordinates (e.g. latitude/longitude) of your mobile device. If you have given the App permission to access your location, we may collect your device’s location even if you are not using the Service and store your location history. If you want to opt-out of the collection of your location data, please adjust your settings in your mobile device to limit the App’s access to your location data.
  • Stored Data: We may access metadata and other information associated with other files stored on your device, including, but not limited to, photographs, audio and video clips, and personal contacts.
  • Email Open/Click Data: We may use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.
  • Google Data: In order to access the Service, we offer you Google Sign-in. This way, you can create an account or log into the Services using your Google credentials. Through this integration, we will have access to certain user data, such as your name, profile URL, email address, and Google ID. (“Google Data”). Notwithstanding anything else in this Privacy Policy, we (1) only use the Google Data to provide the Service; (2) do not transfer Google Data to third parties except as necessary to provide or improve the Service, as required by law, or in connection with a merger, acquisition, or sale of assets where we provide notice to users; you (3) do not use the Google Data for serving advertisements; and (4) do not permit humans to read Google Data, except (a) if we obtain your affirmative consent, (b) as necessary for security purposes or to comply with applicable law, or (c) our use is limited to internal operations and the Google Data (including derivations) have been aggregated and anonymized.
  • Social Networking Data: If you log on to the Service with your login credentials from a social networking site (such as Facebook or Twitter) (each, a “Social Networking Site”), we may receive Personal Data about you from such Social Networking Site. As an example, if you log into the Services with Facebook Login, Facebook will provide us with basic information, such as your first name, last name, your time zone, profile picture, e-mail, and general location. This information is provided to us under the terms of Facebook’s privacy policy. We may add any Personal Data received from a Social Networking Site to the information we have already collected on you from the Service, and we will use such data in accordance with this Privacy Policy. Facebook will also know you logged onto our Service and may display items related to the Service in your Facebook account. You can control the information that we receive from Facebook using the privacy settings in your Facebook account.

Special Categories of Personal Data: “Special Categories of Personal Data” are a subset of Personal Data. Special Categories of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, and criminal history. We do not collect Special Categories of Personal Data.

Personal Data Collected from Publicly Available Sources: We may collect information directly from publicly available sources, including, but not limited to, governmental services and databases.

Derived Data: We may infer your preferences for certain products and services based on the Personal Data we collect about you.

Cookies: We use cookies to operate and administer our Services, gather usage data on our Services, and improve your experience on it. A “cookie” is a piece of information sent to your browser by a website you visit. Cookies can be stored on your computer for different periods of time. Some cookies expire after a certain amount of time, or upon logging out (session cookies), others survive after your browser is closed until a defined expiration date set in the cookie (as determined by the third party placing it), and help recognize your computer when you open your browser and browse the Internet again (persistent cookies).

For more details on cookies please visit All About Cookies.

On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Services and you may not be able to benefit from the full functionality of the Services.

Advertising networks may use cookies to collect Personal Data. Most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative’s online resources at http://www.networkadvertising.org and follow the opt-out instructions there.

If you access the Services on your mobile device, you may not be able to control tracking technologies through the settings.

Analytics: We may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”).

Google Analytics uses cookies to help us analyze how users use the Services and enhance your experience when you use the Services. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/.

Online Tracking and Do Not Track Signals: We and our third party service providers may use cookies or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Services and use that information to send targeted advertisements. Our Services currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.

2. Third-Party Information Collection

When you use the Service, or its content, third parties may use technology to automatically collect information about you or your device. These third parties may include:

  • analytics companies;
  • your telecommunications service provider;
  • your device manufacturer; and
  • advertisers, ad networks, and ad servers.

These third parties may use technology to track and collect information about you when you use our Services. The information these third parties collect may be associated with your personal information.

They may also collect information, including personal information, about your online activities over time and across different websites, apps, and other online services. If and when collected, these third parties may use this information to provide you with interest-based advertising or other targeted content.

We have no control over these third parties, their tracking technology or their use of such technology. If you have questions about advertisements or other types of targeted content, you should directly contact the responsible third party.

3. How We Use Personal Data

Although our Website is targeted and limited to U.S. residents, we do not actively restrict non-U.S. residents from accessing to our Website. For those users located in the European Union, the EU General Data Protection Regulation (“GDPR”) requires that our use of Personal Data be based on at least one “legal basis” permitted under the GDPR. The following consists of the “legal basis” that justify our used of your Personal Data, if any is collected:

  • Contract Performance: where your Personal Data is required to enter into or perform obligations under our contract with you.
  • Consent: where you have consented to our use of your Personal Data.
  • Legal Obligation: where we need to use your Personal Data to satisfy legal obligations.
  • Legal Claims: where your Personal Data is necessary for us to defend claims against us or make claims against you or a third party.
  • Legitimate Interests: where we use your Personal Data to reach a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
  • Vital Interests: where we need to process your Personal Data to protect the vital interests of you or another individual.

Most commonly, we will rely on consent, contract performance, legal obligation, and legitimate interest as our legal bases for using your Personal Data.

We may use Personal Data for the following purposes:

  • To provide the Services;
  • To respond to your inquiries, comments, feedback, or questions;
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions, and policies;
  • To analyze how you interact with our Services;
  • To maintain and improve the Services;
  • To develop new products and services;
  • To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

Usage information we collect allows us to improve the Service and deliver a better, more personalized experience.

Aggregated Information. We may aggregate Personal Data and use the aggregated information to analyze the effectiveness of our Services, to improve and add features to our Services, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with prospective business partners. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy.

Marketing. We may use your Personal Data to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email or telephone number, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.

Advertising. We may also use your Personal Data to display advertisements from our advertisers. Even though we will not disclose your personal information for these purposes without your consent, if you click or otherwise interact with an advertisement, the advertiser may assume you are part of its targeted audience.

4. Sharing And Disclosure Of Personal Data

giftgoat does not sell your Personal Data. In certain circumstances, we may share the categories of Personal Data described above without further notice to you, unless required by the law, with the following categories of third parties:

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with vendors, contractors, and other service providers, including providers of hosting services, cloud services, and other information technology services providers, event management services, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and web analytics services.
  • Pursuant to our instructions, these parties will access, process, or store Personal Data in the course of performing their duties to us. We take commercially reasonable steps to ensure our service providers adhere to the security standards described in Section 10 we apply to your Personal Data.
  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively, a “Transaction”), your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
  • Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) enforce our rights arising from any contracts entered into between you and us, including the Terms of Terms, and for billing and collection purposes, (iii) protect and defend our rights or property, (iv) prevent fraud, (v) act in urgent circumstances to protect the rights, property, and personal safety of users of the Service, or the public, or (vi) protect against legal liability.
  • Affiliates: We may share Personal Data with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with giftgoat. Our affiliates may use the Personal Data we share in a manner consistent with this Privacy Policy.
  • Other Users: Certain actions you take may be visible to other users of the Service. For example, when you upload content to the Services for other users to analyze and review.

5. Data Retention

We keep Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.

6. Update Your Information

You can review and update your personal information by logging into the Services and visiting your account details. Please log in to your account or contact us if you need to change or correct your Personal Data.

If you delete User Content, as defined in our Terms of Service, from the Service, copies of your User Content may remain viewable and accessible in cached and archived pages or copied or stored by other users or service providers. As such, you should be careful about your User Content. Our Terms of Service (https://www.giftgoat.com/terms) govern how to properly access and use information, including User Content, on or from the Service.

7. Your Personal Data Rights

Depending on certain exceptions and your country’s data protection laws, you may have the following rights:

  • Access: you can request a copy of the Personal Data we hold about you.
  • Complaint: If you are not satisfied with our use of your Personal Data, you have the right to complain to your local data protection authority.
  • Consent Withdrawal: where we are processing Personal Data on the basis you have provided us with consent, you can withdraw your consent.
  • Correction: you can ask us to correct any inaccuracies in the Personal Data we hold about you.
  • Erasure: you can ask us to delete your Personal Data if we no longer have a legal basis to use it.
  • Objections: you can object to other types of processing, such as under the legal basis of legitimate interest, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
  • Portability: when feasible, you may have the right to ask us to transfer your Personal Data to a third party in structured, commonly-used, and machine-readable format.
  • Restrictions: you can ask us to restrict the processing of your Personal Data during any open investigation in regard to the use of your Personal Data.

You also have the right to ask us not to process your Personal Data for marketing purposes at any time. This right may be exercised through (i) online data collection forms that provide you the opportunity to deny consent to such processing or (ii) a direct email to us.

8. California Privacy Rights Disclosures

Where provided for by law and subject to any applicable exceptions, California residents may have the right:

  • To know the categories of Personal Data that giftgoat has collected about you, the business purpose for collecting your Personal Data, and the categories of sources from which the Personal Data was collected;
  • To access the specific pieces of Personal Data that giftgoat has collected about you;
  • To know whether giftgoat has disclosed your Personal Data for business purposes, the categories of Personal Data so disclosed, and the categories of third parties to whom we have disclosed your Personal Data;
  • To have giftgoat, under certain circumstances, delete your Personal Data;
  • To opt out: we may share Identification Data and Internet Activity Data with social media platforms and other advertising partners that will use that information to serve you targeted advertisements on social media platforms and other third party websites – under certain regulations such sharing may be considered a “sale” of Personal Data; and
  • To be free from discrimination related to the exercise of these rights.

If you would like to exercise any or all of these rights, you may do so by contacting us. Your authorized agent may submit requests in the same manner. Once we receive your request, we will verify your identity by sending an email to the email address you provide to us.

Please contact us if you have questions about your rights or our disclosures under the CCPA, or to request access to an alternative format of this Privacy Policy.

Third Party Marketing: If you are a California resident and wish to opt out of sharing your Personal Data with third parties for their direct marketing purposes, please email giftgoat at [email protected] and clearly state your request, including your name, mailing address, email address, and phone number. Please see the “Your Choices” section of this Privacy Policy for additional information.

9. Links To Other Websites

The Service may contain links to other websites not operated or controlled by giftgoat, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

10. Security

You use the Services at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services or e-mail. Please keep this in mind when disclosing any Personal Data to giftgoat via the Internet. We ask that you be careful about sharing, posting or giving out information in public accessible areas of the Services. The information you share, post, or give may be viewed by any user of the Service.

Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our Service. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third party websites.

Once we have received your Personal Data, we will use the procedures and security measures described above to try to prevent unauthorized access of your Personal Data.

11. International Users

By using our Service, you understand and acknowledge that your Personal Data will be transferred from your location to our facilities and servers in the United States.

12. Careers

If you submit your information in connection with a job opportunity at giftgoat, we will use and disclose the information you provide to process your application (including to contact you and/or your references and former employers if appropriate) and to comply with government reporting requirements. We also retain statistical information about applicants to help inform our recruitment activities. We will process this information based on our legitimate interest of evaluating job candidates or, when you provide us with sensitive information, based on your consent.

13. Your Choices

In certain circumstances providing Personal Data is optional. However, if you choose not to provide Personal Data that is needed to use some features of our Service, you may be unable to use those features. You can also contact us to ask us to update or correct your Personal Data. You may also delete your account by emailing [email protected] with your request. Please note that we will need to verify that you have the authority to delete the account and certain activity generated prior to deletion may remain stored by us and may be shared with third parties as detailed in this Privacy Policy.

14. Changes To The Privacy Policy

The Service and our business may change from time to time. As a result, we may change this Privacy Policy at any time. If and when we make material changes to how we treat your and other users’ Personal Data, we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it.

giftgoat will display the date of the last revision made to the Privacy Policy at the top of this page. You are responsible for ensuring we have a current and active email address for you, so we can notify you of revisions, and periodically visiting this Privacy Policy to check for any changes.

15. Contact Us

If you have any questions about our Privacy Policy or information practices, please feel free to contact us at our designated request address at [email protected] or giftgoat inc., Attn: Legal Department, 515 E. Grant Street, Suite 150, Phoenix, AZ 85004. If you do not feel we have resolved your complaint regarding our Privacy Policy, you have the right to contact your local data protection authority.