Privacy Policy

Last updated: April 17, 2026

Birthday Hunter ("we," "us," "our," or the "Company") operates the Birthday Hunter mobile app and website (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. We wrote it in plain English wherever we could. Where the law requires specific language, we include it.

By using the Service, you agree to this Privacy Policy. If you do not agree, please stop using the Service and contact us to delete your account.

1. Information We Collect

Birthday Hunter is a first-party consumer app. We collect data directly from you and from your use of the Service. We do not buy data about you from data brokers or other outside sources.

1.1 Account and Authentication Data

When you create an account, we collect:

• Email address (required)
• Password (stored only as a one-way hash — we never see or store the plaintext)
• Phone number (optional, for login and notifications)
• Birthday (month, day, and year — required, because birthday tracking is the core feature)
• Display name and an optional avatar image

1.2 Profile Preferences You Share

During onboarding and inside the app, we ask short questions so we can tailor recommendations to you. The questions cover topics that help us match deals to your interests. Some are asked once; others may be re-asked periodically so your profile stays current. Answering is optional in most cases and you can update or remove any answer at any time from your profile.

Topics we may ask about:

• Interests and hobbies; shopping style and where you shop
• Dining frequency and dietary preferences
• Household composition and life stage
• Approximate income band (never exact numbers)
• Gift budget, celebration style, and your role as a gift-giver
• ZIP / postal code (approximate location, not precise GPS)
• Education and general employment category
• Media and entertainment preferences
• Travel, fitness, and lifestyle habits
• Life events you're willing to share (e.g., new baby, new home)

We do not require government ID, Social Security numbers, exact salary, medical records, sexual orientation, religion, race/ethnicity, or political affiliation to use the Service, and we do not ask for them.

1.3 Behavioral Signals

As you use the app, we record signals about how you interact with it. These help us learn what you like so we can recommend better deals:

• Deal views and how long you dwell on them
• Deal saves, unsaves, and redemptions
• Search queries you type and how often you search
• Category and brand affinity scores we derive from your activity
• Session counts, session duration, and patterns of when you're active (hour of day, day of week)
• Which app features you use
• Notification opens and shares
• Whether you prefer online vs. in-store offers

1.4 Device and Technical Data

• App version, build number, and platform (iOS / Android / Web)
• Device manufacturer, model, and OS version
• An anonymous device identifier — a random UUID generated and stored on your device. It is not the advertising identifier (IDFA/GAID) and we do not link it to cross-app advertising profiles.
• IP address and basic log data (for security and fraud prevention)

1.5 Location

We use your ZIP / postal code (from your declared answer) for regional deal matching. We do not collect precise GPS location unless you explicitly grant “while using” location permission for a specific feature, and even then we use it only for that feature and do not log a location trail.

1.6 Payment Information

If you purchase a premium subscription, billing is handled by Apple App Store, Google Play, or our subscription processor (RevenueCat). We receive a subscription status and a transaction identifier — we do not see or store your payment card number.

1.7 Things We Do NOT Collect

• We do not scan your contacts, calendar, photos, or microphone.
• We do not read SMS or track other apps on your device.
• We do not collect biometric data.
• We do not use your advertising identifier (IDFA / GAID) to build cross-app profiles.
• We do not buy supplementary data about you from data brokers.

2. How We Use Your Information

We use your information strictly for first-party purposes inside our own product:

• Run the core product — track your birthday, surface relevant deals, run the rewards-points program, send notifications you've opted in to.
• Personalize recommendations — rank which deals, brands, and offers appear for you based on your declared answers and behavioral signals.
• Match you to merchant offers — when a merchant targets an audience segment (e.g., “home cooks in the Midwest who celebrate birthdays with brunch”), we determine whether you match and show you the offer. Merchants do not see your individual profile. They see aggregated counts only, and only when a segment is large enough (typically 50+ users) to protect individual privacy.
• Measure and improve the Service — understand which features work, fix bugs, improve performance.
• Security and fraud prevention — detect abuse, fake accounts, points fraud.
• Legal compliance — meet our obligations under applicable law.

2.1 What We Do NOT Do

• We do not sell your data to third parties. Not now, not under any current plan.
• We do not share individual user profiles with merchants. Merchants only receive aggregated segment counts above a minimum threshold; they cannot re-identify an individual from what we share.
• We do not use your data for advertising targeting outside the Birthday Hunter app — no tracking across other apps or websites, no exports to ad brokers.
• We do not sell, license, or disclose birthday dates to insurers, data brokers, or any external party.

3. Who We Share Information With

3.1 Service Providers (Processors)

We use a small number of vetted vendors to run the Service. They process data on our behalf under contractual confidentiality and security obligations. They are not allowed to use your data for their own purposes.

• Supabase — our primary database and authentication provider. This is where your account record and declared data live. Supabase acts as a processor under our direction; it does not independently share your data.
• Firebase Analytics (Google) — aggregated event analytics and user properties for product analytics.
• Firebase Crashlytics (Google) — crash and error reports so we can fix bugs.
• Firebase Performance (Google) — app performance metrics (load time, latency).
• Microsoft Clarity — session recordings and heatmaps of app and website sessions. Clarity is configured so that all text you type and any personal identifiers on screen are automatically masked. We see anonymized interaction patterns (taps, scrolls, page transitions), never your name, email, typed messages, or the content of any field you fill in.
• Google Analytics 4 (GA4) — web analytics on the marketing website (birthdayhunter.com).
• RevenueCat — subscription management. Receives a subscription identifier and entitlement status.
• AdMob and OGAds — deliver in-app ads and the rewarded offerwall. These platforms see your anonymous device identifier and the ad request context so they can serve relevant ads inside the offerwall. They do not receive your email, birthday, or declared-data answers.

Each of these providers publishes its own privacy policy. We keep this list up to date; if we add a new processor, we will update this section before new data types are routed to them.

3.2 Merchants

When merchants run audience campaigns on Birthday Hunter, they select targeting criteria (e.g., interests, region, household type). We match users to their criteria and surface their offers inside the app. Merchants receive aggregated reporting only — segment counts and campaign performance totals. Merchants never receive your name, email, phone number, birthday, IP address, device identifier, or raw answers.

3.3 Legal and Safety Disclosures

We may disclose information when we believe in good faith it is required to:

• Comply with a valid legal process (subpoena, court order, government request)
• Enforce our Terms of Service
• Protect the rights, property, or safety of Birthday Hunter, our users, or the public
• Detect, prevent, or respond to fraud, security, or technical issues

3.4 Business Transfers

If Birthday Hunter is involved in a merger, acquisition, financing, or sale of assets, user information may transfer to the successor entity. If that happens, we will notify you and the successor will be bound to this Privacy Policy (or an equivalent one) as to data collected before the transfer.

4. Cookies and Similar Technologies (Website)

On our website (birthdayhunter.com), we use cookies and local storage to run the site. Examples:

• A session cookie — keeps you logged in.
• device_anonymous_id — the random UUID we use to attribute web activity to your account without exposing you to cross-site tracking.
• reported_deals, verified_only_filter, claimed_* — remember preferences and prevent duplicate submissions.
• Google Analytics (GA4) cookies — aggregate web analytics.
• Microsoft Clarity cookies — session recording and heatmaps (with text masking enabled).

You can clear or block cookies in your browser settings. Doing so may log you out and break some site features.

5. Data Retention

• Account data (email, phone, birthday, display name): retained while your account is active. When you delete your account, we delete or anonymize account data within 30 days. Backups that contain your data are rotated within 90 days and deleted on that cycle.
• Declared-data answers: retained while your account is active. You can update or clear any answer at any time from your profile.
• Behavioral signals (views, searches, session patterns): retained for 24 monthsand then aged out automatically, unless needed to investigate fraud or abuse.
• Aggregated / de-identified data: may be retained indefinitely because it cannot be linked back to you.
• Analytics data held by third-party processors (Firebase, GA4, Clarity, etc.): governed by each processor's retention policy. We do not keep a separate copy of that raw data; where we have configuration control, we set retention to the minimum that still lets us operate.

6. Your Privacy Rights

You have the following rights regardless of where you live. Some laws (California, Virginia, Colorado, and the EU, among others) give you additional specific rights described below.

6.1 Rights Available to All Users

• Right to access — request a copy of the personal information we hold about you.
• Right to correct — update or fix any declared-data answer directly in the app, or email us.
• Right to delete — request deletion of your account and personal data. We honor deletion requests within 30 days (plus up to 90 days for backup rotation).
• Right to data portability — request a machine-readable export (JSON) of your declared data and behavioral signals.
• Right to opt out of targeted advertising — although we do not engage in cross-site or cross-app advertising targeting, we honor this request formally. You may also opt out of in-app personalized ranking and receive a generic feed instead.
• Right to opt out of “sale” or “sharing” of personal information— we do not sell or share personal information as those terms are defined by applicable law. This means there is nothing to opt out of, but we honor and confirm such requests.
• Right to non-discrimination — we will not deny service, charge different prices, or provide a lower-quality experience because you exercised a privacy right.

To exercise any right, email hello@birthdayhunter.com with “Privacy Request” in the subject line, or use the in-app controls in Settings > Privacy. We verify requests using your logged-in account and, if needed, a confirmation link to your account email. We respond within the timelines required by applicable law (typically 45 days; extendable once by another 45 days with notice under CCPA/CPRA and similar statutes). If we deny a request, we will explain why and how to appeal.

6.2 California Residents (CCPA / CPRA)

In the last 12 months, we collected the categories of personal information listed in Section 1 for the business purposes listed in Section 2. Specifically, under the CCPA categories we collect:

• Identifiers (email, phone, device identifier)
• Customer records (name, password hash)
• Characteristics of protected classifications — we collect age/birthday and marital status (you provide these voluntarily). We do not use these for discriminatory purposes.
• Commercial information (subscription status, deal redemptions)
• Internet / network activity (app and site usage, search history within the app)
• Geolocation — approximate, from ZIP code (not precise GPS unless you explicitly allow it)
• Inferences drawn from the above (category affinities, brand affinities)

Notice of Right to Know: You have the right to know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it. See Sections 1, 2, and 3 above, and email us to request the specific pieces.

No sale or sharing of personal information: In the preceding 12 months we have not sold or shared (for cross-context behavioral advertising) personal information, and we have no current plans to do so. We also do not knowingly sell or share personal information of consumers under 16.

Sensitive personal information: The only categories of sensitive personal information we collect are account credentials (password hash) and, if you provide it, approximate location. We use these only to operate the Service and do not use them to infer characteristics about you. You have the right to limit our use of sensitive personal information; because we already limit it to operating the Service, no additional restriction is practically available, but we will honor and confirm such requests.

Notice of Financial Incentive (rewards program): Birthday Hunter's rewards-points program lets you earn points for completing profile questions, referring friends, and engaging with offers. Because we ask for profile information as part of this program, it may be considered a “financial incentive” under the CCPA. The value of your data to us comes from improving deal matching; we calculate the reasonable value using the expense to collect and process that data (hosting, engineering, moderation) offset by the rewards issued. Joining is voluntary, participation is free to join, and you can withdraw at any time by emailing us — you keep points already earned unless they were earned through abuse.

Authorized agent requests: You may designate an authorized agent to make a CCPA request on your behalf. We will require written proof of the agent's authority and will verify the request directly with you.

6.3 Virginia, Colorado, Connecticut, and Other U.S. State Residents

If you live in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas, Oregon, or another U.S. state with a comprehensive privacy law, you have rights substantially similar to the California rights listed above — access, correction, deletion, portability, and opt-out of targeted advertising, sale, or certain profiling that produces legal or similarly significant effects. We do not engage in the profiling or sale that would require the last opt-out, but we honor and confirm such requests.

You may appeal any decision we make on a rights request by replying to our response email. If you are not satisfied with the outcome of your appeal, you may contact your state attorney general.

6.4 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, the General Data Protection Regulation and equivalent laws apply. In that case:

• Controller: Birthday Hunter is the data controller for personal data processed through the Service.
• Legal bases: We rely on (a) contract performance to run your account and deliver the Service you signed up for; (b) legitimate interests to measure and improve the Service, prevent fraud, and secure our systems (balanced against your rights); (c) consent for optional marketing emails, push notifications, and any precise location use — you may withdraw consent at any time; (d) legal obligation where the law requires us to retain or disclose data.
• Your GDPR rights: access, rectification, erasure (“right to be forgotten”), restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent.
• Automated decision-making: We use algorithmic ranking to personalize the deal feed. This is not legally or similarly significant decision-making in the sense of GDPR Article 22, but you can ask us to disable personalization and receive a non-personalized feed.
• International transfers: Your data may be processed in the United States and other countries where our processors operate. Where required, we rely on Standard Contractual Clauses and supplementary measures to safeguard transfers.
• Right to lodge a complaint: You have the right to complain to your local data protection authority.

7. Data Security

We use industry-standard measures to protect your data: TLS in transit, encryption at rest for our primary database, hashed passwords, least-privilege internal access, audit logging, and vendor security reviews. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. If you believe your account has been compromised, contact us immediately.

8. Children's Privacy

Birthday Hunter is intended for users age 13 or older. We do not knowingly collect personal information from children under 13. Accounts for users aged 13–17 are placed in a restricted mode:

• They are not included in merchant audience-intelligence queries.
• We minimize data shared with third-party analytics processors, and we do not share personal information with third parties for any targeted-advertising purpose.
• Certain features (e.g., the rewarded offerwall) are disabled or restricted.

If you are a parent or guardian and believe a child under 13 has created an account, contact us and we will delete the account and associated data.

9. International Users

Birthday Hunter is operated from the United States. If you use the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States and other countries where our processors operate. See Section 6.4 for safeguards applicable to EEA/UK/Swiss users.

10. Third-Party Links and Merchant Sites

The Service contains links to merchant websites and offers. Once you leave our app or site, their privacy policies apply. We are not responsible for their practices and recommend reviewing their policies before providing any personal information.

11. Do Not Track and Global Privacy Control

Our website responds to the Global Privacy Control (GPC) signal from supported browsers as a valid request to opt out of any “sale” or “sharing” of personal information under applicable state law. Because we do not sell or share as those terms are defined, the GPC signal is treated as a confirmed opt-out on record. We do not currently respond to “Do Not Track” browser headers because there is no industry consensus on how to do so.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change, we will provide notice by email (to the address on your account) and by an in-app banner at least 30 days before the change takes effect, unless a shorter period is required by law. The “Last updated” date at the top of this page always reflects the most recent revision. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions, concerns, or privacy requests, contact us at:

• Email: hello@birthdayhunter.com — put “Privacy Request” in the subject line for data-rights requests.
• Mailing address: Birthday Hunter, 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801, USA