Privacy

Last updated May 7, 2026

Privacy Policy

How Wishtar collects, uses, shares, and protects information across the app.

This Privacy Policy explains how Wishtar handles information when you use the Wishtar website, mobile experience, and Android app.

Wishtar is a social wishlist platform for creating wishlists, sharing posts, joining communities, chatting, sending gratitude cards, receiving notifications, and using optional Premium and Gift Pot payment features.

Information We Collect

We collect information you provide directly, information created by your activity in Wishtar, and technical information needed to run the service.

  • Account information, such as email address, username, password credentials handled by Supabase Auth, verification details, and optional Google sign-in information if you choose Google login.
  • Profile information, such as first name, last name, avatar, profile settings, theme preferences, Premium status, follower and following activity, blocks, mutes, and privacy controls.
  • Content you create or upload, including wishlists, wishlist items, product links, prices, notes, images, posts, comments, communities, community membership, gratitude cards, reports, and moderation details.
  • Messages and attachments in direct chats, wishlist group chats, and community chats. Private chat media is stored in private buckets and served through app authorization checks.
  • Payment-related records for Premium, Gift Pot contributions, payouts, refunds, handling fees, and subscription status. Stripe processes payment details; Wishtar stores records such as Stripe customer, subscription, checkout, payout, and payment identifiers, but not full card numbers.
  • Notification information, including notification preferences, in-app notification events, push notification tokens, device identifiers used for push, delivery logs, and read or seen timestamps.
  • Usage and safety information, such as search queries, search result clicks, feed impressions and feedback, wishlist views, rate-limit events, IP-derived request data, browser or device details, crash reports, server logs, and performance metrics.

How We Use Information

  • Provide, personalize, maintain, and improve Wishtar features.
  • Create and secure accounts, authenticate sessions, send verification and password reset messages, and prevent unauthorized access.
  • Display profiles, posts, wishlists, communities, chats, gratitude cards, notifications, and search results according to your settings and the audience for each feature.
  • Operate Premium subscriptions, Gift Pot contribution flows, payout setup, refunds, invoices, and payment status updates through Stripe.
  • Rank and improve feeds, search, recommendations, notification delivery, and product metadata fetching.
  • Enforce privacy settings, message permissions, blocks, mutes, collaboration permissions, rate limits, and other safety controls.
  • Review reports, investigate abuse, prevent spam or fraud, debug errors, measure performance, and keep the service reliable.
  • Comply with legal, tax, accounting, security, and platform obligations.

Visibility And Sharing

Wishtar is social by design, so some information is shared with other users based on the feature you use and the settings you choose.

  • Public or visible content may include your profile, username, avatar, Premium visual indicators, posts, public wishlists, communities, saved wishlists, collaborations, comments, likes, and activity previews.
  • Private wishlists, direct chats, wishlist chats, community chats, and private media are shared with the people who are allowed to access those spaces.
  • Collaborators, community owners, chat participants, and report reviewers may see information needed to run those features.
  • We share information with service providers that help us operate Wishtar, including Supabase for authentication, database, and storage; Stripe for payments and billing; Google when you use Google login; Firebase Cloud Messaging or platform push providers for push notifications; Sentry and web-vitals tooling for errors and performance; and hosting or infrastructure providers such as Vercel.
  • We may disclose information if required by law, to protect users or Wishtar, to investigate abuse or fraud, or in connection with a merger, acquisition, financing, or transfer of the service.
  • We do not sell your personal information or use it for third-party behavioral advertising.

Cookies, Local Storage, And Device Storage

Wishtar uses cookies and browser or device storage for authentication, security, preferences, performance, and app behavior.

  • Supabase authentication cookies and tokens keep you signed in and protect authenticated requests.
  • Local or session storage may save theme choices, virtual scroll position, lightweight client cache data, wishlist view deduplication, and push notification device identifiers.
  • The Android app may store push tokens and app state needed to deliver native app features.

Privacy Controls And Choices

  • You can update profile details, theme, notification preferences, privacy settings, message permissions, and account security in Settings.
  • You can choose whether non-followers can see your posts, wishlists, saved wishlists, and collaborative lists.
  • You can choose who can start a direct chat with you: everyone, followers, mutual follows, or no one.
  • You can block or mute users where those controls are available.
  • You can disable push notifications in the app or through your device settings.
  • You can delete your account from Settings. Deletion may remove your profile, follows, posts, wishlists, chats, and related account data, subject to records we must keep for legal, safety, payment, tax, or backup reasons.

Retention

We keep information for as long as needed to provide Wishtar, maintain security, comply with legal obligations, resolve disputes, process payments, enforce terms, and operate backups. When information is no longer needed, we delete it or de-identify it where practical.

Security

We use technical and organizational safeguards such as Supabase row-level security, private storage buckets for private media, access controls, rate limits, job secrets, logging, and observability. No internet service is completely secure, so you should use a strong password and keep your account credentials private.

International Use

Wishtar and its providers may process information in countries other than where you live. Those countries may have different data protection laws. Where required, we rely on appropriate safeguards or legal bases for those transfers.

Your Rights

Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent for certain processing. You can exercise many choices in the app. For other requests, contact the Wishtar team through the support contact published with the app or deployment.

Children

Wishtar is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information to Wishtar, contact us so we can review and delete it where required.

Changes

We may update this Privacy Policy as Wishtar changes. When updates are material, we will take reasonable steps to notify users in the app or by another appropriate method. The latest version will always show the last updated date above.