Skip to main content

Privacy Policy

Last updated: March 19, 2026

1. Introduction

abatalova ("we", "us", "our") operates Limawish (the "Service"), accessible at limawish.com and through our mobile application. This Privacy Policy describes how we collect, use, and share your personal information when you use the Service.

By using Limawish, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information you provide

  • Account information:Email address, name, and profile picture (via Google sign‑in or email authentication).
  • Wishlist content: Board titles, wish titles, product URLs, prices, notes, tags, and images you add.
  • Recipient information: Names, birth dates, and gender of people you plan to give gifts to.
  • Guest reservation email: If you reserve a gift on a public wishlist without an account, we collect your email address.
  • Notes and preferences: Personal notes about gift recipients, budget preferences, and currency settings.

2.2 Information collected automatically

  • Session cookies: Essential cookies for authentication (session token, CSRF token). We do not use tracking or advertising cookies.
  • Local preferences:Language and display preferences stored in your browser's localStorage (not transmitted to our servers).
  • Server logs: Our hosting provider (Vercel) may collect IP addresses, browser type, and access timestamps in standard server logs.

2.3 Information from third parties

  • Google: If you sign in with Google, we receive your name, email, and profile picture from your Google account.

3. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Authenticate your identity and manage your account.
  • Send transactional emails: sign‑in links, reservation confirmations, and notifications.
  • Generate AI‑powered gift suggestions using information you provide about recipients (see Section 5).
  • Display public wishlists to people you share links with.

4. Cookies and Tracking

We use strictly necessary cookies only:

  • Session cookie — keeps you signed in (HttpOnly, Secure, SameSite=Lax).
  • CSRF token— protects against cross‑site request forgery.

We do notuse analytics cookies, advertising cookies, social media tracking pixels, or any third‑party tracking technologies.

5. Third‑Party Services

We share data with the following service providers:

  • Google (Authentication):Processes your sign‑in via OAuth 2.0. Subject to Google's Privacy Policy.
  • Email service provider (Gmail): Delivers transactional emails. Receives recipient email addresses and email content.
  • Anthropic (AI Gift Suggestions):When you use the gift suggestion feature, we send recipient information (name, age, gender, wishlist content, gift history, and notes) to Anthropic's Claude API. This data is processed according to Anthropic's Privacy Policy. You can avoid this by not using the gift suggestion feature.
  • Neon (Database Hosting): Stores all application data. Located in AWS eu-central-1 (Frankfurt).
  • Vercel (Hosting): Hosts the web application. Processes server logs including IP addresses.

6. Data Retention

  • Account data is retained as long as your account exists.
  • If you delete your account, all associated data (wishlists, gift history, recipient information, reservations) is permanently deleted.
  • One‑time authentication codes (OTP) expire after 10 minutes and are deleted automatically.
  • Guest reservation emails are retained until the reservation is cancelled or the wishlist is deleted.

7. Your Rights

7.1 All users

  • Access: You can view your personal data in your account settings.
  • Deletion: You can delete your account and all associated data from the settings page.
  • Data export: You can request a copy of your data by contacting us at info@limawish.com.

7.2 European Economic Area (GDPR)

If you are in the EEA, you have the right to:

  • Access your personal data.
  • Rectify inaccurate personal data.
  • Request erasure of your personal data ("right to be forgotten").
  • Request restriction of processing or object to processing.
  • Data portability (receive your data in a structured format).
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with your local data protection authority.

Legal bases for processing: Contract performance (providing the Service), legitimate interest (notifications, security), and consent (AI gift suggestions).

7.3 California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and why.
  • Request deletion of your personal information.
  • Opt‑out of the sale of personal information.
  • Non‑discrimination for exercising your rights.

We do not sell your personal information.

8. Data Security

We implement appropriate technical measures to protect your data:

  • All connections use HTTPS/TLS encryption in transit.
  • Session cookies are HttpOnly, Secure, and SameSite=Lax.
  • Database connections use SSL/TLS encryption.
  • Authentication tokens are generated using cryptographically secure random number generators.
  • OAuth tokens are stored server‑side, never exposed to the browser.

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at info@limawish.com.

10. International Data Transfers

Your data may be processed in the Netherlands, Germany, and the United States where our hosting and service providers operate. We ensure appropriate safeguards are in place for international transfers in accordance with GDPR requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

  • Email: info@limawish.com
  • Address: Almere, the Netherlands

For EU residents: You may also contact your local data protection authority (Autoriteit Persoonsgegevens).