Privacy Policy

Effective May 1, 2026

This Privacy Notice for Charles Eugene Cook Jr. (doing business as SuperGifter) (“we,” “us,” or “our”) describes how and why we may access, collect, store, use, and/or share (“process”) your personal information when you use our services (the “Services”), including when you:

  • Visit our website at https://supergifter.ai
  • Use SuperGifter, an AI gifting copilot that helps you give better gifts to the people you love. Through conversation, it learns about your recipients — their interests, your relationship, the moments worth celebrating — and uses that understanding to suggest gifts that feel personal and considered.
  • Contact us with questions or feedback

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have any questions or concerns, contact us at hello@supergifter.ai.

A quick plain-English summary

SuperGifter is an AI-powered gifting copilot. It learns about the people in your life through conversation — their interests, what they love, the moments that matter — so it can help you find gifts that feel personal and considered. The product remembers what you share, building richer understanding over time, so every future gift gets easier and better.

A few things worth knowing up front:

  • We don’t run third-party trackers, ads, or analytics.
  • We don’t sell your data.
  • The AI providers we work with don’t use your data to train their models.
  • You can delete your account and all associated data at any time by emailing us.

The rest of this policy explains the details, but those four points cover most of what matters.

Summary of key points

This summary highlights key points from our Privacy Notice. You can find more details about any topic by clicking the link following each point or using the table of contents.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us, the choices you make, and the features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We do not ask for or categorize sensitive personal information (such as racial or ethnic origin, sexual orientation, or religious beliefs). However, conversational content may incidentally include sensitive topics — see Information about people in your life.

Do we collect information from third parties? No.

How do we process your information? To provide and improve our Services, communicate with you, prevent fraud, and comply with law. Learn more about how we process your information.

With whom do we share personal information? Only with service providers who help us operate the product (AI model providers, hosting, database, email delivery). We do not sell your data. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We use technical and organizational measures including encrypted password storage, secure authentication, and TLS encryption. No system is 100% secure, but we describe our specific measures in how we keep your information safe.

What are your rights? Depending on where you live, applicable privacy law may give you rights to access, correct, or delete your information. Learn more about your privacy rights.

How do you exercise your rights? Email us at hello@supergifter.ai. We will consider and act on any request in accordance with applicable data protection laws.

Table of contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on to process your personal information?
  4. When and with whom do we share your personal information?
  5. Do we use cookies and other tracking technologies?
  6. Do we offer artificial intelligence-based products?
  7. Is your information transferred internationally?
  8. How long do we keep your information?
  9. How do we keep your information safe?
  10. Do we collect information from minors?
  11. What are your privacy rights?
  12. Controls for Do-Not-Track features
  13. Do United States residents have specific privacy rights?
  14. Information about people in your life
  15. How AI processing works
  16. How SuperGifter works
  17. Do we make updates to this notice?
  18. How can you contact us about this notice?
  19. How can you review, update, or delete the data we collect from you?

1. What information do we collect?

Personal information you disclose to us

In short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide when you register on the Services, use SuperGifter, or contact us. The personal information we collect may include:

  • Names
  • Email addresses
  • Passwords
  • Contact or authentication data
  • Information about gift recipients and your relationships (such as names, ages, interests, preferences, gift history, occasions, and context you share through conversations with the AI)

Sensitive Information. We do not ask for or categorize sensitive personal information. Conversational content may incidentally touch on sensitive topics — see Section 14 for how we handle this.

All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.

Information automatically collected

In short: Some information — such as your IP address and basic browser/device characteristics — is collected automatically when you visit our Services, primarily for security and operational purposes.

When you access or use our Services, our servers automatically collect log data including your IP address, browser type, operating system, language preferences, referring URLs, and information about your activity in the Services (such as timestamps, pages viewed, and features used). This is service-related diagnostic and operational information used to maintain the security and proper functioning of the Services.

We do not run third-party analytics, advertising pixels, behavioral tracking, or fingerprinting. We do not build behavioral profiles for marketing purposes.

2. How do we process your information?

In short: We process your information to provide and administer the Services, communicate with you, ensure security, comply with law, and improve the product.

We process your personal information for the following purposes:

  • To facilitate account creation and authentication. So you can create and log in to your account and keep it in working order.
  • To deliver our Services. So we can provide the AI gifting copilot experience.
  • To respond to your inquiries. So we can answer your questions and resolve issues.
  • To send administrative information. Including notices about our Services, changes to our terms or policies, and other operational communications.
  • To request feedback. So we can improve the product based on your input.
  • To protect our Services. Including fraud monitoring, abuse prevention, and rate limiting.
  • To identify usage trends. To understand how the Services are used so we can improve them.
  • To save or protect a vital interest. When necessary to prevent harm to a person.

3. What legal bases do we rely on to process your information?

In short: We process your personal information only when we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases we rely on to process your personal information. We may rely on:

  • Consent. When you have given us permission to process your personal information for a specific purpose. You can withdraw your consent at any time.
  • Performance of a contract. When we need to fulfill our obligations to you, including providing the Services.
  • Legitimate interests. When reasonably necessary to achieve our legitimate business interests, provided those interests do not outweigh your rights. Examples include diagnosing problems and preventing fraud, understanding how users use the product, and requesting feedback.
  • Legal obligations. When necessary to comply with our legal obligations, cooperate with law enforcement, or defend our legal rights.
  • Vital interests. When necessary to protect a person’s vital interests, such as preventing harm.

If you are located in Canada

We may process your information if you have given us express or implied consent for a specific purpose. You can withdraw your consent at any time.

In some exceptional cases, applicable law permits processing without consent — for example, for fraud detection and prevention, to comply with a subpoena, where the information is publicly available as specified by regulation, or other circumstances permitted under PIPEDA.

4. When and with whom do we share your personal information?

In short: We share information only with service providers who help us operate the Services. We have contracts in place with all of them.

The third parties we share personal information with are:

AI service providers

  • Anthropic — primary AI model provider
  • OpenAI — alternative AI model option
  • Google Cloud AI — alternative AI model option

Infrastructure and operations

  • Render — application hosting
  • MongoDB Atlas — database hosting and storage
  • Resend — transactional email delivery
  • Termly — privacy policy infrastructure

We have data processing agreements or equivalent contractual protections with each of these providers. They are permitted to process your information only for the purposes we specify and are required to protect it.

We may also share information in the following situations:

  • Business transfers. In connection with a merger, sale of assets, financing, or acquisition of all or part of our business.
  • Legal compliance. Where required by law or in response to valid legal process.

We do not sell your personal information, and we have not sold or shared personal information for cross-context behavioral advertising in the preceding twelve months.

5. Do we use cookies and other tracking technologies?

In short: We use a single cookie to support a preview-access feature. We do not use third-party analytics, advertising, or tracking pixels.

The only cookie we set is a temporary preview-access flag (named preview_unlocked) used to control entry to the staging environment. It expires after 30 days and contains no personal information.

We do not use third-party analytics, advertising pixels, retargeting cookies, behavioral tracking, or fingerprinting on our Services. If this changes, we will update this Privacy Notice and notify you accordingly.

You can configure your browser to remove or reject cookies. Doing so may affect features that depend on the preview-access cookie.

6. Do we offer artificial intelligence-based products?

In short: Yes — SuperGifter is built on AI. The conversational experience depends on AI processing.

SuperGifter offers a product powered by artificial intelligence and machine learning (“AI Products”). This Privacy Notice governs your use of those AI Products within our Services.

Use of AI technologies

We provide our AI Products through third-party AI service providers, including Anthropic, OpenAI, and Google Cloud AI. Your input, output, and personal information are shared with and processed by these providers to enable the conversational experience.

Under their commercial API terms, none of these providers use your data to train their models.

Our AI products

Our AI Products are designed for:

  • Conversational AI (chat with the gifting copilot)
  • Natural language processing
  • Text analysis to surface inferences and recommendations

How we process your data using AI

All personal information processed using our AI Products is handled in line with this Privacy Notice and our agreements with the AI service providers. See Section 15 for a more detailed description of how AI processing works inside SuperGifter.

How to opt out

Because AI is integral to SuperGifter, there is no way to use the Services without AI processing. To opt out:

7. Is your information transferred internationally?

In short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States. Your information may be transferred to, stored by, and processed by us and our third-party service providers in the United States and other countries (see Section 4).

If you are a resident of the European Economic Area (EEA), United Kingdom (UK), or Switzerland, those countries may not have data protection laws as comprehensive as those in your country. We will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.

Standard Contractual Clauses

We rely on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of personal information from the EEA, UK, or Switzerland to the United States. These clauses require all recipients to protect personal information originating from the EEA or UK in accordance with European data protection laws. Our SCCs and equivalent safeguards with our third-party providers can be provided upon request.

8. How long do we keep your information?

In short: We keep your information for as long as you have an active account, unless a longer retention period is required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required by law (such as tax, accounting, or other legal requirements). Generally, we keep personal information for the duration of your account.

The reason for this is intentional: SuperGifter’s value compounds with memory. The longer you use it, the more it learns about the people in your life and the better it gets at helping you find meaningful gifts. You can delete your account or any specific recipient at any time, and we will delete the associated data.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible (for example, because the information is held in backup archives), we will securely store it and isolate it from further processing until deletion is possible.

9. How do we keep your information safe?

In short: We use technical and organizational security measures appropriate to a small operator. No system is 100% secure.

Our security measures include:

  • Encrypted password storage using bcrypt hashing
  • JWT-based authentication with expiring tokens
  • Single-use, time-limited tokens for password reset flows
  • TLS encryption for data in transit
  • Encrypted database connections to MongoDB Atlas
  • Reliance on the underlying security infrastructure of our hosting partners (Render, MongoDB Atlas)

Despite these safeguards, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. We cannot promise that hackers, cybercriminals, or other unauthorized third parties will never defeat our security and improperly access, steal, or modify your information. You should only access the Services within a secure environment.

10. Do we collect information from minors?

In short: We do not knowingly collect information from children under 13.

We do not knowingly collect, solicit data from, or market to children under 13 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 13 years of age. If we learn that personal information from users under 13 has been collected, we will deactivate the account and take reasonable measures to promptly delete the data from our records.

If you become aware of any data we may have collected from a child under 13, please contact us at hello@supergifter.ai.

11. What are your privacy rights?

In short: Depending on where you live, applicable privacy law may give you rights to access, correct, or delete your information. You can review, change, or terminate your account at any time.

In some regions (like the EEA, UK, Switzerland, and Canada), you have rights under applicable data protection laws. These may include:

  • The right to request access and obtain a copy of your personal information
  • The right to request rectification or erasure
  • The right to restrict the processing of your personal information
  • The right to data portability (where applicable)
  • The right not to be subject to automated decision-making

If a decision that produces legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a way to request human review. In certain circumstances, you may also object to the processing of your personal information.

You can make a request by contacting us at hello@supergifter.ai. We will consider and act on any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority or the UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent

If we are relying on your consent to process your personal information, you can withdraw it at any time by contacting us. Withdrawal does not affect the lawfulness of processing before its withdrawal, nor does it affect processing conducted on lawful bases other than consent.

Account information

If you would at any time like to review, change, or terminate your account, you can:

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. We may retain some information to prevent fraud, troubleshoot problems, assist with investigations, enforce our legal terms, or comply with applicable legal requirements.

Cookies and similar technologies

Most browsers accept cookies by default. You can usually configure your browser to remove or reject cookies. If you remove or reject the preview-access cookie described in Section 5, certain features of the Services may not function.

If you have questions or comments about your privacy rights, email us at hello@supergifter.ai.

12. Controls for Do-Not-Track features

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature you can activate to signal your privacy preference. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other automated tracking-preference mechanism. If a standard for online tracking is adopted that we must follow in the future, we will update this Privacy Notice.

California law requires us to disclose how we respond to DNT signals. Because there is no industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

13. Do United States residents have specific privacy rights?

In short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific rights regarding your personal information.

Categories of personal information we collect

The table below shows the categories of personal information we have collected in the past twelve months. Examples are illustrative and do not necessarily reflect what we specifically collect.

CategoryExamplesCollected
A. IdentifiersReal name, online identifier, IP address, email address, account nameYES
B. Personal information as defined in the California Customer Records statuteName, contact informationYES
C. Protected classification characteristicsGender, age, race, ethnicity, national origin, marital statusNO
D. Commercial informationTransaction information, purchase history, payment informationNO
E. Biometric informationFingerprints, voiceprintsNO
F. Internet or other similar network activityBrowsing history, search history, behavioral interest dataNO
G. Geolocation dataDevice locationNO
H. Audio, electronic, sensory, or similar informationImages and audio, video, or call recordingsNO
I. Professional or employment-related informationBusiness contact details, work historyNO
J. Education InformationStudent records and directory informationNO
K. Inferences drawn from collected personal informationInferences about preferences, characteristics, and relationships used to power gift recommendations (see Section 14)YES
L. Sensitive personal informationNO

We may also collect other personal information outside of these categories in interactions with us — for example, in customer support communications.

We retain personal information in each collected category for the duration of your account.

Sources of personal information

Learn more about the sources of personal information we collect in Section 1.

How we use and share personal information

Learn more about how we use your personal information in Section 2. We may use your personal information for our own business purposes, such as for internal research and product development. This is not considered “selling” of your personal information.

Will your information be shared with anyone else?

We may disclose your personal information with our service providers under written contracts. Learn more in Section 4. We have not sold or shared personal information to third parties for a business or commercial purpose in the preceding twelve months.

Your rights

You have rights under certain US state data protection laws. These rights are not absolute and may be limited in some circumstances. They include:

  • Right to know whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to non-discrimination for exercising your rights
  • Right to opt out of processing for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects (we do not engage in any of these)

Depending on your state of residence, you may also have:

  • The right to access the categories of personal data being processed
  • The right to obtain a list of categories of third parties to which we have disclosed personal data
  • The right to obtain a list of specific third parties (where applicable)
  • The right to review, understand, and where applicable, correct how personal data has been profiled
  • The right to limit use and disclosure of sensitive personal data

How to exercise your rights

To exercise these rights, contact us by:

  • Email: hello@supergifter.ai
  • Postal mail: 1120 Bird Avenue, Ste. F, #126, San Jose, CA 95125, United States

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent who does not submit proof that they have been validly authorized to act on your behalf.

Request verification

Upon receiving your request, we will verify your identity to confirm you are the person about whom we have information. If we cannot verify your identity from information already on file, we may request additional information for verification or fraud-prevention purposes.

Appeals

Under certain US state data protection laws, if we decline to act on your request, you may appeal by emailing hello@supergifter.ai. We will inform you in writing of any action taken or not taken in response to the appeal, with reasons. If your appeal is denied, you may submit a complaint to your state attorney general.

14. Information about people in your life

When you talk with SuperGifter about people in your life — partners, family, friends, colleagues — we store what you share. This includes names, relationships, ages, interests, past gifts, occasions, and any notes or context you provide. This information powers personalized recommendations and improves over time as you share more.

Recipients of gifts are not users of SuperGifter and have not consented to having their information stored. You are responsible for sharing only what you would be comfortable sharing about someone you care about, and for honoring any request from a recipient to have their information removed. To request removal of a recipient’s information, email hello@supergifter.ai.

When you talk with SuperGifter, you may share information that touches on sensitive topics — health, beliefs, relationships, identity, life events. SuperGifter does not ask for or categorize information by these attributes, but conversational content may include them incidentally. We treat all conversational content with the same care: stored securely, used only to power your experience, never sold, and deletable on request. We recommend you avoid sharing details about others that they would consider deeply private.

15. How AI processing works

SuperGifter is built on AI, and the conversational experience depends on AI processing. To power the conversations, the messages you exchange with SuperGifter — along with the context you’ve shared about your recipients — are sent to AI model providers (currently Anthropic, with options for OpenAI and Google). These providers process the data to generate responses and do not use your data to train their models under their commercial API terms.

SuperGifter learns about you and the people in your life. It draws inferences from what you share — about relationships, preferences, what makes someone feel known. This is the product working as intended, and it’s central to how SuperGifter helps you give thoughtful gifts. We are transparent about it because we think you should understand how the product works.

Because AI is integral to SuperGifter, there is no way to use the Services without AI processing. If you do not want your data processed by AI, the option is to not use SuperGifter or to delete your account.

16. How SuperGifter works

A few operational details worth knowing:

Anonymous use. If you use SuperGifter without an account, we briefly track your IP address to limit anonymous usage to 20 chats per day. This data auto-deletes after 7 days.

Memory and retention. We keep your data as long as you have an active account because the value of SuperGifter compounds with memory — the longer you use it, the better it gets. You can delete your account or any specific recipient at any time, and we will delete the associated data.

Occasion reminders. You can save occasions tied to recipients in your account. SuperGifter may remind you about upcoming saved occasions, by email or in-app, as part of providing the Services.

17. Do we make updates to this notice?

In short: Yes, we will update this notice as necessary to stay accurate and compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Effective” date at the top. If we make material changes, we may notify you either by prominently posting a notice or by directly sending you a notification. We encourage you to review this Privacy Notice periodically.

18. How can you contact us about this notice?

If you have questions or comments about this notice, you may email us at hello@supergifter.ai or contact us by post at:

Charles Eugene Cook Jr.
1120 Bird Avenue
Ste. F, #126
San Jose, CA 95125
United States

19. How can you review, update, or delete the data we collect from you?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing. These rights may be limited by applicable law.

To request to review, update, or delete your personal information, email hello@supergifter.ai.

← Back home