Privacy policy

Last updated: April 1, 2026

This Privacy Policy describes how Travelgift B.V.(“Travelgift”, “we”, “our”, or “us”) collects, uses, and shares your personal information when you use our website, purchase or redeem gift cards, or otherwise interact with us. By using Travelgift you confirm you have read and understood this policy.

1. Data controller

Travelgift B.V. is the data controller for personal information processed under this policy. Our registered address is Amsterdam, Netherlands. You can reach our privacy team at privacy@travelgift.com.

2. What we collect

  • Account data— name, email address, hashed password, and OAuth identifiers when you sign in with Google or Apple.
  • Order data— gift card amount, currency, recipient name & email, optional personal message, and purchase timestamps.
  • Payment data— handled by Stripe. We never store full card numbers.
  • Device & usage data— IP address, browser, operating system, referrer, pages visited, performance signals.
  • Marketing data— email capture from our funnel and newsletter, responses to quizzes, and unsubscribe state.

3. How we use it

  • To deliver gift cards and process payments (contract, Art. 6(1)(b) GDPR).
  • To run fraud prevention and keep the service secure (legitimate interest).
  • To send transactional emails (order confirmation, delivery, password reset).
  • To send marketing communications where you have given consent or are an existing customer.
  • To comply with legal obligations (accounting, tax, law-enforcement requests).

4. Who we share it with

We only share data with processors we rely on to run Travelgift. Each processor is bound by a Data Processing Agreement and may only use data on our instructions.

  • Stripe— payments.
  • Resend— transactional & marketing email delivery.
  • Cloudflare R2— storage of gift-card PDFs and uploaded assets.
  • Plausible— privacy-first analytics (no cookies, no personal profiles).
  • Meta— conversion tracking where you have consented to marketing cookies.

We do not sell or rent your personal information.

5. International transfers

Some processors are located outside the EEA/UK. When we transfer personal data internationally, we rely on Standard Contractual Clauses (SCCs) and additional safeguards where required.

6. Retention

We keep personal data only as long as necessary for the purposes described above and to comply with our legal obligations. Account records are typically kept for the duration of your relationship with Travelgift plus 7 years to meet accounting obligations. Marketing data is kept until you unsubscribe or 3 years of inactivity, whichever is sooner.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, as well as to object to direct marketing. Contact privacy@travelgift.com to exercise any of these rights. You may also complain to your local supervisory authority.

8. Children

Travelgift is not directed to children under 16. We do not knowingly collect data from minors. If you believe we have, please contact us and we will delete it.

9. Security

We use industry-standard safeguards: TLS everywhere, encrypted data at rest, scoped access controls, audit logging, and third-party penetration testing.

10. Changes to this policy

We may update this Privacy Policy as our services evolve. Material changes will be announced via email or on this page 30 days before they take effect.

11. Contact

Questions or concerns? Email privacy@travelgift.com.