Privacy Policy

Last Updated: May 28th, 2026

WHO WE ARE

We are a Delaware limited liability company legally known as Giftogram LLC doing business as Giftogram (referred to in this Privacy Policy as “Giftogram”, we, us, our or words of similar import). We provide various rewards, incentives, payouts and other products (“Giftogram Products”) as well as various services, such our digital Giftogram Product delivery service, web-to-print gift card customization service and related support tools and services (“Services”) to our “Customers”. When referring to our “Customers” in this Privacy Policy, we mean (a) “Business Purchasers”, which are companies that are eligible to use our website at www.giftogram.com (the “Site”), and that purchase or desire to purchase Giftogram Products from us as gifts, incentives or payouts to be given to employees, customers and others in a business context, and (b) “Recipients”, which are individuals or companies that are eligible to use our Site and that have received a Giftogram Product from a Business Purchaser. For further information about using our Site, click here if you are or intend to be a Business Purchaser, or click here if you are a Recipient.

OUR ROLE IN PROCESSING YOUR DATA

Giftogram acts in different capacities depending on the context in which personal data is processed:

• Data Controller / Business: When Giftogram collects and uses personal data directly from Business Purchasers, Site visitors, or others for its own purposes (such as account management, billing, fraud prevention, marketing, and regulatory compliance), Giftogram acts as the data controller or “business” under applicable law.

• Data Processor / Service Provider: When a Business Purchaser provides recipient personal data to Giftogram solely to facilitate the delivery of Giftogram Products on that Business Purchaser’s behalf, Giftogram acts as a data processor or “service provider.” In those cases, the Business Purchaser is the data controller and is responsible for the lawfulness of the original data collection. Recipients seeking to exercise privacy rights with respect to data provided by a Business Purchaser should direct their requests to that Business Purchaser in the first instance.

This distinction is reflected throughout this Privacy Policy. References to Giftogram’s own purposes and legitimate interests apply only to processing activities where Giftogram acts as the data controller.

SCOPE OF THIS POLICY

Giftogram has prepared this Privacy Policy (as amended or supplemented, the “Privacy Policy”) to inform you about our practices regarding the personal data we collect about “Users” of our Site and other Services. When referring to “Users” (also referred to in this Privacy Policy as “you”, “yours” or words of similar import), we mean (a) employees and representatives of past, current and prospective Business Purchasers, (b) Recipients who redeem or attempt to redeem Giftogram Products using the Services, and (c) other individuals who visit or use our Site or interact with any of our Services.

Third-Party Sites

This Privacy Policy applies only to our Giftogram Products and Services. It does not apply to other non-Giftogram websites and mobile applications, including those of our Business Purchasers or other third parties that link to or from our Services. Our Site and other Services may contain links to third-party sites or applications that may have privacy policies that differ from ours. We are not responsible for the practices of such sites or applications. The privacy and data security practices of such third-party sites and applications are governed by the privacy policies of those third parties. The links to third-party sites to or from our Services do not imply that we endorse or have reviewed those third-party sites.

Job Applicants and Employees

This Privacy Policy does not apply to our employees or job applicants within the context of their employment or job seeking.

YOUR CONSENT

You should read this Privacy Policy carefully, as it is important that you understand what personal data we collect about you and what we do with that personal data. By using any of our Services, you tell us that you have read, understand and consent to this Privacy Policy, including our privacy practices as described in this Privacy Policy. If you do not consent to these privacy practices, you are not authorized to download, register with us, or otherwise use any of our Services. If you withdraw your consent after having given it to us, you are not authorized to use, and you must immediately stop using, the Site and any of our other Services. You agree to this Privacy Policy by using our Services.

This Privacy Policy may change from time to time, as described below.

CHILDREN’S USE OF OUR SERVICES

Protecting the privacy of children is very important to us. Our Services are not directed at children and children are not eligible to use our Services. We do not collect or maintain personal data from individuals we actually know are under 13 years of age. If you become aware of any data we may have collected from children under 13 years of age, please contact us.

COLLECTION OF PERSONAL DATA

The personal data we collect about you depends upon what type of User you are and how you interact with our Services.

Business Purchasers:

• Contact Information: We collect contact information such as your name, address, email address, telephone number, and mobile telephone number. We also collect contact information about the Recipients to whom a Business Purchaser has directed us to send one or more Giftogram Products.
• Account Information: We collect information you provide us to register and ensure the privacy of your account with us, such as username, password and security questions and answers. This information is the key that opens the door to your account with us. Please do not share it with anyone other than those who are authorized to access your account. If you believe your account with us has been compromised, you should contact us immediately.
• Financial Data: You provide us your bank account information, payment details, billing information and other financial information about you to enable us to be paid for the Services and Giftogram Products that you purchase from us. We use a third-party payment processor to collect and process your payment card information on our behalf. We do not collect or retain your payment card information.
• Site Usage Data. We automatically collect various types of data related to a Business Purchaser’s use of our Site (“Site Usage Data”). Site Usage Data includes date and time of access to the Site and the Site pages and other content the Business Purchaser accesses or downloads. It also includes device related information such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices used to access our Site. We collect and use Site Usage Data for system administration purposes, to improve the Site and to offer Users better Services and Giftogram Products.
• Chat and Messaging: If you use our chat feature (provided by HubSpot) or our SMS/text messaging support channel, we collect your name, mobile number, email address and any information you provide in your message. Please review HubSpot’s privacy policy at hubspot.com/privacy-policy. Our customer support team may also use Intercom to provide support via chat and ticketing. Please review Intercom’s privacy policy at intercom.com/legal/privacy.
• SMS/Text Message: If you provide your mobile number and opt in to receive SMS communications from Giftogram (for example, to receive support notifications or reward delivery updates), we will use your mobile number solely for those purposes.Mobile opt-in consent is not shared with third parties for their own marketing or promotional purposes.
  • Mobile opt-in consent is not shared with third parties for their own marketing or promotional purposes.
  • Message and data rates may apply. You may opt out at any time by replying STOP to any message or contacting us as described below.
  • Mobile numbers collected for SMS communications will not be sold, rented, or shared with unaffiliated third parties except as required to deliver the communications (e.g., SMS delivery providers) or as required by law.

If you access the Services as an employee or other type of representative of a Business Purchaser, you are considered an authorized User under that Business Purchaser's contract with us. Your use of the Services is subject to that contract, this Privacy Policy, and our terms of service applicable to Business Purchasers, which can be found here: https://giftogram.com/terms-of-service. If you have questions about the collection and use of your personal data in connection with us providing our Services to the Business Purchaser you represent, please contact that Business Purchaser.

Recipients:

• Contact Information and other Data: We collect a Recipient’s name, address, email address, and telephone number to facilitate the redemption of the Recipient’s Giftogram Product. We may also collect the Recipient’s date of birth from the Business Purchaser that has directed us to send that Recipient a Giftogram Product.
• Transaction Data: We may collect a Recipient’s bank account information, PayPal or other payment services account information and information related to transactions on prepaid cards if related to the redemption of a Giftogram Product. We use third-party payment services to process payments on our behalf; we do not collect or retain your payment service or bank account information.
• Taxpayer Identification Numbers: In certain cases, we may collect Social Security Numbers (SSNs) or taxpayer identification numbers from recipients solely for regulatory or tax reporting purposes (e.g., IRS Form W-9 compliance).
• Demographic Data: Depending on the Giftogram Product, we may collect a Recipient’s home address, including country of residence, to comply with applicable laws.
• Site Usage Data. We automatically collect various types of Site Usage Data related to a Recipient’s use of our Site when a Recipient. Site Usage Data includes date and time of access to the Site and the Site pages and other content the Recipient accesses or downloads. It also includes device related information such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices used to access our Site. We collect and use Site Usage Data for system administration purposes, to improve the Site and to offer Users better Services and Giftogram Products.

Visitors to the Site:

We receive and automatically collect data about visitors to our Site when a visitor interacts with our Services. Data that a visitor may provide us includes name, email address and other contact information. The data we automatically collect is the type of Site Usage Data described above that we collect about Business Purchaser and Recipient interactions with our Services.

COOKIES AND TRACKING TECHNOLOGIES

Giftogram uses cookies (small text files that a website saves on your computer or device when you visit a website) and other tracking tools to automatically collect information about how you use our Site and otherwise interact with our Services. The information collected might relate to you, your preferences or your device, and is mostly used to make the Site work as you expect it to and to provide a more personalized web experience.

Most web browsers are set to accept cookies by default. However, you can choose not to allow certain types of cookies, which may impact your experience of the Site and our Services.

For more information about how we use cookies and similar tracking devices, please review our Cookie Policy.

GOOGLE ANALYTICS

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies to help us analyze how users interact with the Site, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor and any referring website. The information generated by Google Analytics is transmitted to and stored by Google and is subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click here.

INFORMATION OBTAINED FROM THIRD PARTIES

Giftogram may obtain personal data about you from third parties or publicly available sources. Such information may include:

• Personal Data Provided by a Business Purchaser. We may receive personal data about a Recipient from a Business Purchaser to let the Recipient know about the Giftogram Product he or she has been rewarded and to enable us to customize its presentation. This information may include the Recipient’s name, date of birth, email address and phone number.
• Marketing Databases. We use information obtained from marketing databases and other data enrichment companies to improve our advertising and marketing efforts.
• Publicly Available Information. We may use publicly available information about you that we obtain from websites, search engines and other public sources. We use this information to provide our Services.
• Other Sources. We may receive personal data about you from other sources. These include government entities, advertising networks, data brokers, operating systems and platforms, mailing list providers, social networks, and advertising and marketing partners.

If a Business Purchaser or other third party provides us personal data about others, such as Recipients, we will only use that information for the specific reason for which it was provided to us or as otherwise permitted by law. Giftogram treats personal data we obtain from third parties in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices.

OTHER DATA

Aggregated Data: We collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data can be derived from your personal data but is not considered personal data in law because this data will not directly or indirectly reveal your identity. For example, we may aggregate your Site Usage Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data that will be used in accordance with this Privacy Policy.

Special Data Categories. We do not collect any of the following types of personal data about you: your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, gender preference, political opinions, trade union membership, information about your health, and genetic and biometric data. Nor do we collect any information about criminal convictions and offenses.

AUTOMATED PROCESSING, FRAUD REVIEW, AND AI

Giftogram uses automated systems to help detect fraud, prevent misuse of our platform, and improve service delivery. This may include automated review of transaction patterns, account behavior, and order activity. These systems inform human review and do not produce final decisions solely by automated means without human oversight.

We do not use personal data of customers or recipients to train public AI models. We do not engage in profiling that produces legal or similarly significant effects concerning individuals.

HOW GIFTOGRAM USES YOUR PERSONAL DATA

Giftogram does not sell your personal data in the sense of receiving cash for the information. However, the definition of the term “sale” in some states is broad enough to include transactions that would constitute a “sale” under state law. For example, if you are a resident of Colorado or Connecticut, our use of cookies and tracking technologies constitutes a “sale” of personal data to third-party advertisers. California law may find that a sale has occurred if legal consideration other than money is exchanged. See discussion below heading “Additional Rights Available to Residents of Certain U.S. States”.

In certain circumstances we share certain personal data for a business or other lawful purpose. The following describes some of the more common circumstances where Giftogram uses your personal data:

• Legal and Security Purposes. We share your personal data with regulators, law enforcement agencies, public authorities and other governmental authorities to comply with law and legal process, to respond to governmental inquiries and lawful requests by public authorities (including to meet national security or law enforcement requirements), and to protect life, property, or the security of Giftogram or our customers.
• Analytics. We share personal data derived from Site usage with analytics and search engine providers that assist us in the improvement of our Site, subject to our Cookies Policy. Our Site uses Google Analytics. The way Google collects and processes data when delivering Google Analytics is described here: www.google.com/policies/privacy/partners/.
• Professional or Technical Support. We may share personal data, as well as aggregated, anonymous, or nonidentifiable data, with our affiliates, co‑development partners, resellers, suppliers, and distributors, and with vendors acting on our behalf, to service our customers and perform any contract we enter with you. If we share your personal data with affiliates, co‑development partners, or with vendors acting on our behalf, we do so under binding agreements that require the third party to use and protect the personal data in accordance with the principles described in this Privacy Policy. These third parties are authorized to use your personal data only as necessary to provide services to us.
• Sale of Giftogram. Your personal data may be disclosed to and ultimately transferred to a buyer or other successor of Giftogram if Giftogram or its business were to be sold, such as by way of a merger, stock purchase, asset sale, or other transaction resulting in the transfer of Giftogram’s business to new owners. Any potential buyer conducting the due diligence associated with a transaction of this type would be required to execute a confidentiality or similar agreement requiring the buyer to not disclose or otherwise use the personal data we have collected about you in violation of that agreement or this Privacy Policy.
• Bankruptcy. If any bankruptcy or reorganization proceeding were to be brought by or against us, such information may be considered an asset of ours and may be sold or transferred to third parties. Should such a sale or transfer occur, we would use reasonable efforts to try to require that the transferee use personal data provided through our Services in a manner that is consistent with this Privacy Policy.
  
  

HOW GIFTOGRAM PROTECTS YOUR PERSONAL DATA

Your personal data is stored on our service provider’s servers in the United States. You understand and agree that we may collect, use, disclose, and otherwise process the personal data you provide as described in this Privacy Policy, even if you are from an area outside the United States.

The security of your personal data is important to us. We protect your personal data through technical and administrative measures designed to mitigate the risk of unlawful or unauthorized access, destruction, loss, alteration, disclosure or use of your data. To protect your account, we encourage you to choose your password carefully and enable two-factor authentication (2FA) for signing in. You can learn more about enhancing your account security in your account settings.

We may grant Business Purchasers credentials to access to our Application Programming Interface (the “Giftogram API”) to enable the Business Purchaser to display content from our Site on its user interface. Access to our Giftogram API is granted in our sole discretion. Any Business Purchaser granted such access must keep its Giftogram API Credentials secure and may not share those credentials with any third party.

GIFTOGRAM’S RETENTION OF YOUR PERSONAL DATA

The following factors typically affect the retention period:

We keep your personal data for as long as is necessary to provide the Services to you. This includes maintaining and improving the performance of our Services, keeping our Services secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.

If we process personal data on the basis of consent (including consent to the extended storage), we store the data for as long as necessary in order to process it according to your consent or until you withdraw your consent.

Giftogram will retain and use personal data to the extent necessary to comply with our legal obligations.

DATA PRIVACY RIGHTS

If you are a resident of certain U.S. or international jurisdictions, you may have rights applicable to your personal data, including residents of U.S. states with applicable privacy laws in effect, as well as residents of international jurisdictions including Australia, Brazil, Canada, the European Economic Area (EEA), Japan, New Zealand, South Africa, Switzerland, and the United Kingdom (UK). This list may be updated as new laws take effect.

These rights may include the right to access, delete, or correct your personal data, the right to object to certain processing, and other rights under the laws specific to your country or state of residence. Contact us at any time to inquire regarding your privacy rights.

HOW TO EXERCISE YOUR RIGHTS AND CHOICES

Managing your Personal Data. If you would like to manage, change, limit, or delete your personal data, you can do so via your Giftogram account settings. Alternatively, you can exercise any of the rights above, subject to applicable law by contacting us in any of the ways described below under the heading “How to Contact Us." Once you contact us to exercise any of your rights, we will confirm receipt of your request. Limiting use of, or deleting, your personal data may impact features and uses that rely on that information.

Communication Choices. You can opt out of receiving marketing emails by using the unsubscribe link in our marketing emails or through your account settings. If you have opted in to SMS communications, you may opt out at any time by replying STOP to any SMS message or contacting us as described below. Certain communications from Giftogram are service-related or legally required and will continue even if you opt out of marketing emails or SMS messages.

INTERNATIONAL DATA TRANSFER

If you are located outside the United States, in particular if you are located in Canada, Brazil, the EU, the EEA, New Zealand, the Republic of South Africa, Switzerland, the UK or another country with similar data privacy laws, please note that we and our servers are located in the United States. Any information you provide to us may be transferred to and processed in the United States or other countries where we do business. Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States or other countries, we rely on appropriate legal transfer mechanisms, which may include Standard Contractual Clauses (SCCs) as approved by the European Commission or other lawful transfer mechanisms recognized under applicable law. We require our sub-processors and service providers receiving EEA/UK personal data to maintain equivalent protections under binding data processing agreements.

By engaging with and providing personal data and other data that we may legitimately collect, process, use or transfer in connection with your relationship with us, you unambiguously and unconditionally consent to your information being collected, processed, used, and transferred as disclosed in this Privacy Policy.

INTERNATIONAL DATA PRIVACY RIGHTS

If you are a resident of a country outside the United States, such as but not limited to Canada, a country within the EU or EEA, the law in your country of residence may grant you certain rights with respect to your personal data, in particular the right to access, correct, and delete the personal data we hold about you. We will retain your personal data for the length of time you engage with our Services, as described in the retention section of this Privacy Policy under the heading “Giftogram’s Retention of Your Personal Data”, or until yourequest deletion of such personal data. We are considered the Data Controller (or equivalent distinction) with regard to your personal data. You can find our contact information here.

In certain circumstances, you have the following data protection rights:

• The right to access, update, or delete the personal data we have on you.
• The right of rectification. You have the right to have your personal data rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your personal data.
• The right of restriction. You have the right to request that we restrict the processing of your personal data.
• The right to data portability. You have the right to be provided with a copy of the personal data we have on you in a structured, machine-readable and commonly used format.
• The right to withdraw consent. You have the right to withdraw your consent at any time where we relied on your consent to process your personal data.

In order make a request regarding your personal data, please contact us as described in this Privacy Policy. You can find our contact information here.

If you have a comment, question, or complaint about how we are handling your personal data, we hope that you contact us to allow us to resolve the matter. In addition, if you are located in the EEA, you may submit a complaint regarding the processing of your personal data to a regulatory authority.

LEGAL BASIS FOR PROCESSING IN THE EU AND SIMILAR JURISDICTIONS

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it.

• It is necessary for the performance of a contract with you;
• You have given us consent to do so (in applicable jurisdictions);
• The processing is in our legitimate interest as the Controller (applicable only to processing activities where Giftogram acts as the data controller for its own purposes, such as fraud prevention, platform security, and direct marketing), when that legitimate interest is not overridden by your rights;
• We must comply with the law.

Where Giftogram processes personal data as a data processor on behalf of a Business Purchaser, the Business Purchaser (as data controller) is responsible for identifying and documenting the applicable legal basis for that processing.

Where certain sensitive personal data is processed based on your explicit consent, you may have the right to withdraw such consent at any time. To do so, please contact us as described in this Privacy Policy. If there is a different legal basis that would permit us to continue processing your personal data after withdrawing consent, we will notify you of that legal basis at the time of your request.

STATE PRIVACY RIGHTS AND ADDITIONAL DISCLOSURES

Depending on the state in which you reside, in particular if you reside in California, Colorado, Connecticut, Utah or Virginia, you may have certain privacy rights regarding your personal data. If you are a California resident, please see our “Notice to California Residents” section below. For other state residents, your privacy rights may include (if applicable):

• The right to confirm whether or not we are processing your personal data and to access such personal data and the categories of personal data we are processing or have processed.
• The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means.
• The right, at our option, to obtain a list of specific third parties, other than natural persons, to which we have disclosed your personal data or any personal data.
• The right to obtain a list of categories of third parties to which we have disclosed your personal data.
• The right to delete personal data that we collected from and/or about you, subject to certain exceptions.
• The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions.
• The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising; (2) the “sale” of your personal data (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
• The right to withdraw your consent to our processing your personal data if we are required by applicable law to obtain your consent to do so.
• The right not to receive discriminatory treatment by us for the exercise of your privacy rights.

We do not sell your personal data in the sense of receiving cash for the information. However the definition of the term “sale” in some states is broad enough to include transactions that would constitute a “sale” under state law. For instance, if you are a resident of Colorado or Connecticut, our use of cookies and tracking technologies constitutes a sale of personal data to third-party advertisers. We also use cookies and other tracking technologies to display advertisements about our products to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under applicable privacy laws. We do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.

To exercise your rights, please submit a request by contacting us in any of the ways described below under the heading “How to Contact Us”. If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting a request on behalf of another individual, please use the same contact methods described above. If we refuse to take action regarding your request, you may appeal our decision by replying to the email you received from us in response to your request. If you would like to opt out of targeted advertising, you may alter your cookie preferences.

NOTICE TO CALIFORNIA RESIDENTS

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern.

Notice at Collection of Personal Information.

We currently collect and, in the 12 months prior to the Last Updated Date of this Privacy Policy, have collected the categories of personal information described in this Privacy Policy under the heading “Collection of Personal Data”.

We collect personal information directly from California residents and from advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and data brokers. We do not collect all categories of personal information from each source.

In addition to the purposes stated above in the section “How Giftogram uses Your Personal Data”, we currently collect and have collected the above categories of personal information for the following business or commercial purposes:

• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
• Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes.
• Debugging to identify and repair errors that impair existing intended functionality.
• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.
• Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us, provided that your Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with us
• Providing advertising and marketing services, except for cross-context behavioral advertising, to you provided that, for the purpose of advertising and marketing, our service providers and/or contractors shall not combine the personal information of opted-out consumers that the service provider or contractor receives from us, or on our behalf with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with you.
• Undertaking internal research for technological development and demonstration.
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
• Advancing our commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction

Sale, Sharing, and Disclosure of Personal Information

The CCPA defines “sale” as the transfer of personal information for monetary or other valuable consideration. Although we do not “sell” personal information as that term is commonly understood (for money), we engage in online activities that may constitute a sale or the sharing of personal information under California law if it is determined that we have receive “other valuable consideration” for the personal information.

The following table identifies the categories of personal information that we shared with third parties in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the categories of third parties to whom we shared personal information:

We sold or shared personal information to third parties for the following business or commercial purposes:

• Targeted advertising

The following table identifies the categories of personal information that we disclosed for a business purpose in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the categories of recipients to whom we disclosed personal information:

We disclosed personal information for the following business or commercial purposes:

• Reward delivery, cloud storage, customer support, marketing, and payment processing

Retention of Personal Information

We retain your personal information for as long as necessary to fulfill the purposes for which we collect it as described above under the heading “Giftogram’s Retention of Your Personal Data”.

Your Rights

If you are a California resident, you have the following rights with respect to your personal information:

• The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected personal information, the business or commercial purpose for collecting, selling or sharing personal information (if applicable), the categories of third parties to whom we disclose personal information (if applicable), and the specific pieces of personal information we collected about you.
• The right to delete personal information that we collected from you, subject to certain exceptions.
• The right to correct inaccurate personal information that we maintain about you.
• If we sell or share personal information, the right to opt out of the sale or sharing.
• If we use or disclose sensitive personal information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure.
• The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

How to Submit a Request to Know, Delete, and/or Correct

You may submit a request to know, delete, and/or correct by contacting us as described below in this Privacy Policy.

If you submit a request to delete online, you may be asked to confirm separately that you want your personal information deleted.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.

Our Process for Verifying a Request to Know, Delete, and/or Correct

We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. Our verification process may differ depending on whether you maintain a password-protected account with us.

If you maintain a password-protected account, we may verify your identity through existing authentication practices available through your account. Prior to disclosing or deleting the personal information, we will ask you to re-authenticate yourself with respect to that account.

If you do not maintain a password-protected account, or if you are an account holder but we suspect fraudulent or malicious activity with your account, we will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the personal information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

Right to Opt-Out of Sale or Sharing of Personal Information

If you are a California resident, you have the right to direct us to stop selling or sharing your personal information. You may submit a request to opt out of sales or sharing by contacting us as described below in this Privacy Policy.

Right to Limit Use and Disclosure of Sensitive Personal Information

California residents have the right to limit our use or disclosure of their sensitive personal information for purposes other than those allowed by the CCPA and its regulations. You may submit a request to limit our use or disclosure of your sensitive personal information by contacting us as described below in this Privacy Policy.

Shine the Light Law

We do not disclose personal information obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

HOW TO CONTACT US

If you have any questions, do not hesitate to contact us in any one or more of the following ways:

• Giftogram Support Team: Visit our Help Center at knowledge.giftogram.com or email support@giftogram.com
• Chat Support: Available on our Site at www.giftogram.com
• Data Deletion / Privacy Requests: Email our Data Protection Officer at dpo@giftogram.com
• General Privacy Inquiries: privacy@giftogram.com
• Security Inquiries: security@giftogram.com
• Written Correspondence: 77 East Halsey Road, Parsippany, NJ 07054