Privacy Policy

Our Commitment to Privacy

At secretsanta.email, we are committed to protecting your privacy. This service is designed to be minimally invasive and we collect only the information necessary to provide the Secret Santa drawing service.

Information We Collect

How We Use Your Information

We use the information we collect solely to:

• Conduct the Secret Santa draw
• Process payments via Stripe
• Send participant assignment emails
• Send the organizer a test email and confirmation email
• Allowing the organizer to view the assignments within the retention window
• Prevent fraud and ensure service security

We do not use draw information for marketing, profiling, or analytics.

Data Retention

We retain your information only as long as necessary to provide the service and comply with legal obligations:

• Draw data: All draw-related information—including participant emails, names, pairings, organizer email, and delivery logs—is retained only for 7 days. After this period, all such information is permanently deleted and cannot be recovered. This limited retention period is essential to our privacy-focused approach. Because of this, we may be unable to assist with issues reported after the data has been deleted.
• Payment records: Stripe retains payer information as required by law and for fraud prevention. We do not control Stripe’s retention timeline.
• Technical logs: Security logs may be stored for a limited period to detect abuse or service misuse, but these logs do not contain draw contents or participant data.

Legal basis for processing

We process personal information based on

• Contractual necessity: to provide the Secret Santa service
• Legitimate interests: to prevent fraud and ensure service security
• Legal obligations: to comply with applicable laws and regulations

Data Sharing

We share information only with:

• Service providers: Trusted partners who help us operate the service (email delivery, payment processing, cloud hosting)
• Legal requirements: When required by law or to protect our rights and safety
• Business transfer: In the event of a merger, sale, or transfer of our business

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Your Rights

You have the right to:

• Access: Request a copy of the personal information we have about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your personal information

To exercise these rights, please contact us at privacy@secretsanta.email.

You can also delete your data at the link provided after creating a draw.

Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Secure payment processing through Stripe

International Transfers

Your information may be processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

Email: privacy@secretsanta.email