Prinda is operated by Prinda Ltd (Company No. 17191489), a private limited company registered in England and Wales, with its registered office at Lowin House, Tregolls Road, Truro, Cornwall, TR1 2NA. References to "we", "us", or "our" throughout this policy mean Prinda Ltd.
Contact us at: privacy@prinda.ai
As we are based in the UK, Prinda is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We extend the same protections to all users worldwide.
EU/EEA users: As a UK-based business post-Brexit, we are actively working toward appointing a formal EU representative under GDPR Article 27. In the meantime, EU and EEA residents may exercise all data rights directly by contacting privacy@prinda.ai. The UK has received an EU adequacy decision, meaning your data is protected to a standard the European Commission considers equivalent to EU GDPR. You also retain the right to lodge a complaint with your local Data Protection Authority (details in Section 7).
| Data | Why we need it |
|---|---|
| Email address | Account creation, sign in, password reset |
| First name, last name | Personalising the app, displaying your profile |
| Encrypted password | Securing your account (hashed, never stored in plain text) |
| Profile avatar (optional) | Displaying your profile picture |
| Last sign-in timestamp | Security and session management |
| IP address (sign-in) | Security monitoring and fraud prevention |
| Data | Why we need it |
|---|---|
| People you add (name, nickname) | To organise your gift lists by recipient |
| Birthday (optional) | Occasion reminders and age-appropriate gift suggestions |
| Country (optional) | Localising retailer suggestions (e.g. Amazon UK vs Amazon US) |
| Interests (optional, free text) | Powering AI suggestions for gifts, experiences, and getaways โ the more you add, the better the suggestions |
| Relationship type (e.g. partner, parent, friend) | Tailoring suggestion style and occasion relevance |
| Pet information (species, name, age โ optional) | Enabling pet-friendly activity and gift suggestions where relevant |
| Gift items (name, price, notes, URL) | Your actual gift list content |
| Occasions (Christmas, Birthday, etc.) | Organising gifts and events by occasion |
| Gift groups (shared whip-rounds) | Group gift coordination with other Prinda users |
| Holiday & travel preferences (destination, budget, travel dates, group size, activity preferences) | Powering AI holiday and getaway suggestions for group and solo travel planning |
| Gathering & event planning details (venue preferences, group size, activity interests) | Helping coordinate group events and experiences |
| AI suggestions generated (gifts, experiences, destinations) | Stored to avoid repetition and improve future suggestions |
| Feedback on suggestions (accepted/discarded) | Improving the quality of future AI suggestions |
| Data | Why we need it |
|---|---|
| Subscription plan and status | Enforcing plan limits, showing your current plan in the app |
| Billing period (monthly/annual) | Knowing when your subscription renews |
| Payment provider customer reference | Linking your account to your payment provider record (e.g. Stripe customer ID) |
| Payment transaction records | Immutable ledger of charges โ required for billing disputes and financial records |
| Subscription change history | Audit trail of plan upgrades, downgrades, and cancellations |
We do not store your full card number, CVV, or bank details. Payment card data is handled entirely by our payment processor (Stripe) and never touches our servers.
| Data | Why we need it |
|---|---|
| Email addresses you invite | Sending gift group invitations to other users |
| Invite status (pending/accepted/declined) | Tracking whether invitations have been responded to |
| Data | Why we need it |
|---|---|
| Device type, browser, OS (via user agent) | Ensuring the app works correctly on your device |
| App usage patterns | Understanding how features are used to improve the product |
| Feature requests you submit | Tracking and building improvements you ask for |
| Onboarding wizard progress | Resuming where you left off |
| Device push notification token | Sending you reminders, occasion alerts, and event notifications. Only collected if you grant notification permission. You can withdraw this at any time in your device settings. |
Prinda uses artificial intelligence to generate personalised suggestions for gifts, experiences, activities, and holiday destinations. Here's exactly how it works:
Automated decision-making (GDPR Article 22): Prinda does not make solely automated decisions that produce legal or similarly significant effects on you. All AI suggestions (gifts, experiences, destinations) are advisory recommendations only โ you always decide whether to act on them. No automated profiling, scoring, or decision-making of any legal significance takes place.
We do not sell your data. We share it only with services essential to running Prinda:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, and storage infrastructure | EU (AWS) |
| OpenRouter (+ xAI, Google, Anthropic, Meta) | AI suggestion generation for gifts, experiences, and destinations โ routes requests to the best available model | USA |
| Brevo | Transactional email delivery (account confirmation, reminders, notifications). Processes your email address solely to send emails on our behalf. | EU |
| Stripe | Payment processing for paid subscriptions | USA / EU |
| Apple App Store / Google Play | App distribution and updates | Global |
Transfers of personal data to the USA are made under appropriate safeguards. For UK GDPR purposes, we rely on the UK International Data Transfer Addendum (UK IDTA) as approved by the UK ICO. Where EU GDPR applies, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission. We do not share your data with advertisers, data brokers, or any other third parties.
Under UK GDPR you have the right to:
To exercise any of these rights, email privacy@prinda.ai. We will respond within one calendar month as required by UK GDPR. If you are not satisfied with our response, you have the right to complain to a supervisory authority:
Prinda is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. By creating an account, users confirm they are 13 years of age or older.
If we discover or are informed that a user is under 13, we will immediately suspend the account and delete all associated personal data without retention. Parents or guardians who believe a child has created an account should contact us at privacy@prinda.ai and we will act without undue delay. In compliance with the Children's Online Privacy Protection Act (COPPA) and equivalent laws worldwide, we do not knowingly solicit, collect, or retain personal information from children under 13, and we do not share such information with third parties.
Prinda uses browser local storage and session storage to keep you signed in and remember your preferences (such as theme and filter settings). We do not use tracking cookies or third-party advertising cookies. No cookie consent banner is shown because we only use strictly necessary storage that does not require consent under UK PECR (Privacy and Electronic Communications Regulations).
We do not use third-party analytics, advertising networks, or cross-app tracking. We do not track you across other apps or websites. We do not share your data with data brokers or advertising platforms. On iOS, Prinda does not use Apple's Advertising Identifier (IDFA) and does not engage in cross-app tracking as defined by Apple's App Tracking Transparency (ATT) framework. On Android, Prinda does not use the Advertising ID for tracking purposes.
We take security seriously. Your password is hashed using industry-standard algorithms and is never stored in plain text. All data is transmitted over HTTPS/TLS. Access to the database is protected by Row Level Security (RLS) policies โ database rules ensure you can only read and write your own data, even at the infrastructure level. We monitor for unusual access patterns and review security practices regularly.
In the event of a personal data breach, we will assess the risk to your rights and freedoms without delay. Where required by UK GDPR (Article 33), we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a qualifying breach. If the breach is likely to result in a high risk to your rights and freedoms (for example, exposure of sensitive gift-list or financial data), we will notify you directly without undue delay in accordance with GDPR Article 34.
Any breach notification we send to you will include: what happened and when, what data was involved, what steps we have taken to address the breach, and how to contact us for further information or to exercise your rights.
We do not sell your personal information as defined by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and we have not done so in the preceding 12 months. California residents have the right to: know what categories of personal information we collect and why; request a copy of the specific personal information collected about them; request deletion of their personal information; opt out of any future sale of their data (which we do not conduct); and not be discriminated against for exercising these rights.
To exercise any California privacy right, contact privacy@prinda.ai. We will respond within 45 days as required by CCPA. California residents also have rights under the California "Shine the Light" law (Cal. Civ. Code ยง 1798.83) regarding disclosure of personal information to third parties for direct marketing โ we do not disclose personal information for direct marketing purposes.
We handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25). Canadian residents have the right to access their personal information, request correction of inaccurate information, withdraw consent for non-essential processing, and lodge complaints. To exercise these rights, contact privacy@prinda.ai. Unresolved complaints may be referred to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d'accรจs ร l'information (CAI).
To the extent applicable, we handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). Australian residents may request access to or correction of their personal information held by us. We will respond to access requests within 30 days. If you believe we have handled your information in breach of the APPs, you may raise a complaint directly with us at privacy@prinda.ai. If not resolved, complaints may be referred to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
We respect applicable privacy laws in all countries where Prinda is used. If the laws of your country grant you additional privacy rights not described here, please contact us at privacy@prinda.ai and we will do our best to accommodate your request and comply with applicable law.
We may update this privacy policy from time to time. When we make material changes โ such as collecting new categories of data, changing how we share data, or changing the legal basis for processing โ we will notify you in the app and ask for your active consent before the new version takes effect. We will not rely on "continued use" as a substitute for explicit consent for material changes.
For minor, non-material changes (such as clarifications, corrections, or contact detail updates), we will update the "Last updated" date at the top of this page and note the change in the app. You can always review the current version at prinda.ai/legal/privacy.html.
For any privacy questions, data requests, or concerns: