Privacy Policy

The Data Controller for personal data collected through this site is Roberto Tumini, reachable at robertotmn@gmail.com.

We collect and process the following personal data:

• Registered users: name, email address and password (stored in encrypted form) — necessary for account creation and management.
• Wish lists: baby's name, expected due date, gender and description — necessary for the service to function.
• Guest reservations: giver's name (required), giver's email address (optional) and an optional message — necessary to coordinate gift reservations.
• Technical cookie: a session cookie containing a JWT token, necessary to maintain user authentication.

• Performance of a contract (Art. 6(1)(b) GDPR): account data, list content and sending of email notifications.
• Legitimate interest of the Controller (Art. 6(1)(f) GDPR): guest data, collected to enable the gift reservation functionality.

Personal data may be disclosed to the following third parties acting as Data Processors:

• Google LLC — email sending service via Gmail SMTP, for forwarding reservation notifications; and traffic analytics service via Google Analytics 4 (GA4), to understand how the site is used (active only upon user consent).
• Hetzner Online GmbH — dedicated servers located in the European Union hosting the application and database. No data is transferred outside the EEA through this provider.

The application and database are hosted on servers physically located in the European Union; therefore no third-country transfers occur regarding the hosting infrastructure. Google LLC (Gmail SMTP and Google Analytics 4) may process data outside the EEA; such transfers are covered by Standard Contractual Clauses (SCCs) approved by the European Commission under Art. 46 GDPR.

• Account data: retained until the user deletes their account.
• Guest reservation data: retained until the associated list is deleted.

As a data subject, you have the right to (Arts. 15–22 GDPR):

• access your personal data;
• request rectification if inaccurate;
• request erasure ("right to be forgotten");
• request restriction of processing;
• receive your data in a portable format;
• object to processing based on legitimate interest;
• lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

To exercise your rights, contact us at robertotmn@gmail.com.

This site uses a technical cookie necessary for authentication (JWT token) and, upon explicit user consent, analytics cookies provided by Google Analytics 4 (GA4) to understand how the site is used. Analytics cookies are activated only after consent via the cookie banner; without consent, no data is sent to Google. No profiling cookies or third-party advertising cookies are used.

You can delete your account and all associated data directly from the Security page in your profile — no need to contact us. Deletion is immediate and irreversible: all your personal data, lists and reservations will be permanently removed. Alternatively, send a request to robertotmn@gmail.com with subject "Data deletion request"; we will respond within 30 days.