List of WishesSign In

Privacy Policy

Last updated: March 2026

1. Introduction

List of Wishes ("we", "our", or "us") operates the website at https://listofwishes.com and the List of Wishes browser extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a password (stored securely using bcrypt hashing). We never store your password in plain text.

Wishlist Data

We store the wishlists you create, including item names, URLs, prices, images, and notes. This data is necessary to provide the core functionality of our Service.

Browser Extension

The List of Wishes browser extension collects product information (title, URL, image, and price) from the web page you are currently viewing, only when you actively click the extension to add an item to your wishlist. The extension does not track your browsing history, collect data in the background, or transmit any information without your explicit action.

Usage Data

We may collect basic usage analytics such as page views and feature usage to improve our Service. We do not sell or share this data with third parties for advertising purposes.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To manage your account and wishlists
  • To send you transactional emails (e.g., friend requests, password resets, gift notifications)
  • To facilitate wishlist sharing, gift claiming, and Secret Santa features
  • To process payments for premium subscriptions via Stripe
  • To respond to your support requests

4. Third-Party Services

We use the following third-party services:

  • Stripe — for processing premium subscription payments. Stripe's privacy policy applies to payment data.
  • Resend — for sending transactional emails. We only share your email address with Resend for this purpose.
  • MongoDB — for securely storing your data.

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.

5. Data Security

We take reasonable measures to protect your personal information, including:

  • Passwords are hashed using bcrypt before storage
  • All data is transmitted over HTTPS encryption
  • Authentication uses secure JWT tokens
  • Access to production systems is restricted

6. Your Rights

You have the right to:

  • Access, update, or correct your personal information via your account settings
  • Delete your account and associated data by contacting us
  • Export your wishlist data
  • Opt out of non-essential emails

7. Cookies

We use minimal cookies and local storage for authentication (keeping you signed in) and user preferences (language, currency, theme). We do not use tracking cookies or third-party advertising cookies.

8. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].