Get Things
Sign in

Privacy Policy

Last updated: April 10, 2026

1. Overview

This Privacy Policy explains how Get Things (the "Service") collects, uses, and protects your personal information. We are committed to safeguarding your privacy and handling your data transparently. By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored securely as a hash — we never store plain text passwords)

Guest Information

When a guest claims or pledges toward a wishlist item, we collect:

  • Name (required)
  • Email address (optional)

Automatically Collected Information

We use essential cookies to manage your authentication session. These are strictly necessary for the Service to function and cannot be disabled. We do not use analytics cookies, tracking pixels, or any third-party advertising or behavioral tracking technologies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your session
  • Display your name on claims so that wishlist owners and other visitors can see who has claimed or contributed to an item
  • Communicate with you about your account if necessary (e.g., security notices)

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We do not share your data with advertisers or data brokers.

We may disclose your information only in the following limited circumstances:

  • With other users: Your claim name is visible to other visitors of a shared wishlist. Your email address, if provided during a claim, may also be visible depending on the wishlist settings.
  • Service providers: We use Supabase as our infrastructure provider for database hosting and authentication. Your data is processed and stored by Supabase in accordance with their privacy policy.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process, or to protect the rights, safety, or property of our users or the public.

5. Public Wishlists

Wishlists are designed to be shared via unique links. Anyone with the link can view the wishlist contents, including item names, descriptions, prices, images, and product links. Claim information (who claimed which item and contribution amounts) may also be visible to visitors. Please be mindful of what you include in wishlists you intend to share publicly.

6. Cookies

We use only essential authentication cookies to maintain your logged-in session. These cookies are strictly necessary for the Service to function. We do not use any third-party cookies, analytics cookies, or advertising cookies. No cookie consent banner is required because we only use strictly necessary cookies as permitted under applicable privacy regulations.

7. Third-Party Services

The Service relies on Supabase for database hosting and user authentication. Supabase processes data on our behalf and is contractually obligated to protect your information. We do not integrate with any other third-party services that process personal data. Product links within wishlist items may direct you to third-party websites, which have their own privacy policies.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all associated data — including your profile, wishlists, items, and claims — is permanently and irreversibly deleted. Guest claim data is retained for as long as the associated wishlist exists. When a wishlist owner deletes their account or a specific wishlist, all related claims are also deleted.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and all associated data
  • Portability: Request your data in a portable format
  • Objection: Object to specific processing of your data

To exercise any of these rights, please contact us at privacy@getthings.app. We will respond to requests within 30 days.

10. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us.

11. Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure password hashing, and row-level security policies on our database to ensure users can only access their own data. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

12. International Data Transfers

Your data may be processed and stored in locations outside your country of residence, including in the United States or European Union, depending on our infrastructure provider's data center locations. By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place to protect your data regardless of where it is processed.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact

If you have questions or concerns about this Privacy Policy or your personal data, please contact us at privacy@getthings.app.