Privacy Policy

How we collect, use, and protect your personal information on Gifly

GDPR Compliant • Last updated: September 10, 2025

Quick Navigation

1. Overview2. Data Collection3. Legal Basis4. Data Usage5. Data Sharing6. Data Retention7. Your Rights8. Cookies9. Security10. International11. Children12. Contact

1. Privacy Overview

Welcome to Gifly ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website https://gifly.app and use our services.

Key Privacy Principles

Data Minimization: We collect only what's necessary for our services
Transparency: Clear information about data collection and use
Security: Robust measures to protect your personal data
Control: You decide how your data is used and can opt out anytime

Data Controller Information

Company: Gifly

Website: https://gifly.app

Data Protection Contact: privacy@gifly.app

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address - for account creation and communication
  • Username - your chosen display name
  • Password - stored encrypted for security
  • Profile information - optional bio, avatar, etc.
  • Authentication data - from Google OAuth if used

Content Information

When you upload or interact with content:

  • Uploaded GIFs - files, metadata, and descriptions you provide
  • Comments and interactions - likes, shares, and comments on content
  • Search queries - to improve search results and recommendations
  • Usage patterns - which content you view and interact with

Technical Information

Automatically collected when you use our service:

  • IP address - for security and location-based features
  • Device information - browser type, OS, screen resolution
  • Usage analytics - pages visited, time spent, click patterns
  • Cookies and trackers - for functionality and preferences
  • Error logs - to diagnose and fix technical issues

Anonymous Upload Information

For anonymous uploads, we collect:

  • Name and email - for content attribution and contact
  • Upload metadata - file information and upload timestamp
  • Moderation data - review status and approval decisions

4. How We Use Your Information

Core Services

  • • Provide access to GIF browsing and search
  • • Enable GIF uploading and management
  • • Process user authentication and accounts
  • • Deliver personalized content recommendations
  • • Enable social features (likes, comments, shares)

Service Improvement

  • • Analyze usage patterns and trends
  • • Improve search algorithms and results
  • • Fix bugs and technical issues
  • • Develop new features and enhancements
  • • Optimize website performance

Safety & Security

  • • Prevent fraud and abuse
  • • Moderate content for compliance
  • • Protect against spam and malware
  • • Investigate security incidents
  • • Enforce our terms of service

Communication

  • • Send service updates and notifications
  • • Provide customer support
  • • Deliver marketing communications (with consent)
  • • Share important policy changes
  • • Respond to legal requests

Automated Decision-Making: We use automated systems for content moderation, spam detection, and personalized recommendations. You have the right to object to automated decision-making that significantly affects you.

5. Information Sharing & Third Parties

We may share your information with third parties only in the following circumstances:

Service Providers

We work with trusted third-party service providers:

  • Cloudflare R2: File storage and content delivery
  • Vercel: Website hosting and performance
  • Google Analytics: Anonymous usage analytics
  • Google AdSense: Advertisement serving
  • GIPHY API: Third-party GIF content integration

Legal Requirements

We may disclose information when required by law:

  • • Valid legal process, subpoenas, or court orders
  • • DMCA takedown requests and copyright claims
  • • Law enforcement investigations
  • • Protection of rights, property, or safety
  • • Prevention of fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will provide notice and ensure continued protection under equivalent privacy policies.

No Sale of Personal Data: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Retention

We retain your information for different periods depending on the type of data and its purpose:

Account Data

  • Active accounts: Until account deletion
  • Deleted accounts: 30 days (backup retention)
  • Email addresses: 90 days post-deletion
  • Authentication logs: 1 year

Content Data

  • User GIFs: Until content or account deletion
  • Comments/Interactions: Until user deletion
  • Search history: 6 months
  • Anonymous uploads: Indefinitely (no personal link)

Technical Data

  • IP addresses: 30 days
  • Analytics data: 26 months (Google standard)
  • Error logs: 90 days
  • Security logs: 1 year

Legal Requirements

  • DMCA records: 3 years minimum
  • Legal hold: Until resolution
  • Tax records: As required by law
  • Compliance data: Varies by jurisdiction

Automated Deletion: We have automated systems in place to delete data according to these retention schedules. Some backups may take up to 90 days to be completely purged.

7. Your Privacy Rights

Under GDPR and other privacy laws, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you, including:

  • • Account information and profile data
  • • Upload history and content
  • • Interaction logs and preferences

Right to Rectification

Correct or update inaccurate personal information:

  • • Update profile information
  • • Correct account details
  • • Modify content metadata

Right to Erasure

Request deletion of your personal data when:

  • • No longer necessary for original purpose
  • • You withdraw consent
  • • Data processed unlawfully

Right to Data Portability

Receive your data in a structured format:

  • • JSON export of account data
  • • Download links for uploaded content
  • • Machine-readable format

How to Exercise Your Rights

Email Request:

Send detailed requests to privacy@gifly.app

Account Settings:

Manage basic preferences in your profile settings

Response Time:

We respond to valid requests within 30 days

Identity Verification:

May be required for security purposes

8. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience and analyze site usage:

Essential Cookies

Required for basic site functionality:

  • • Authentication and session management
  • • Security and CSRF protection
  • • Load balancing and performance
  • • Cookie consent preferences

These cannot be disabled.

Analytics Cookies

Help us understand site usage:

  • • Google Analytics (anonymized)
  • • Page views and user journeys
  • • Performance monitoring
  • • Feature usage statistics

Can be opted out via settings.

Advertising Cookies

For personalized advertisements:

  • • Google AdSense personalization
  • • Frequency capping
  • • Ad performance measurement
  • • Interest-based targeting

Consent required for EU users.

Preference Cookies

Remember your choices:

  • • Language and region settings
  • • Theme and display preferences
  • • Search filters and sorting
  • • Content personalization

Improve user experience.

Cookie Management

Browser Settings:

Configure cookie acceptance in your browser preferences

Opt-Out Tools:

Use Google's Analytics Opt-out

Ad Preferences:

Manage at Google Ads Settings

Do Not Track:

We respect browser DNT signals where possible

9. Data Security

We implement comprehensive security measures to protect your personal information:

Technical Security

  • Encryption: HTTPS/TLS for all communications
  • Password Security: Bcrypt hashing with salt
  • Database Security: Encrypted at rest and in transit
  • Access Controls: Role-based permissions
  • Regular Updates: Security patches and monitoring

Operational Security

  • Staff Training: Security awareness and protocols
  • Limited Access: Need-to-know basis for data access
  • Incident Response: Rapid response to security events
  • Regular Audits: Security assessments and reviews
  • Vendor Security: Due diligence on third parties

Data Breach Policy: In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by GDPR, including details of the breach and steps taken to address it.

10. International Data Transfers

Gifly operates globally, and your data may be transferred to and processed in countries outside your residence, including the United States.

Transfer Safeguards

EU-US Data Privacy Framework:

Our US service providers participate in Privacy Shield successor programs

Standard Contractual Clauses:

EU-approved contracts with adequate protection guarantees

Adequacy Decisions:

Transfers to countries with EU-recognized adequate protection

Data Minimization:

Only necessary data is transferred for specific purposes

Service Provider Locations

  • Vercel (Hosting): United States - Privacy Shield certified
  • Cloudflare R2 (Storage): Global network with EU data centers
  • Google Services: Global - GDPR compliant with adequacy decisions

11. Children's Privacy

Age Restrictions

Gifly is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 without parental consent.

  • EU Users: Must be 16+ or have parental consent
  • US Users: Must be 13+ (COPPA compliance)
  • Other Regions: Local age requirements apply

Parental Controls

If you believe your child has provided personal information without consent:

  • • Contact us immediately at privacy@gifly.app
  • • We will investigate and delete the account if verified
  • • No penalty will be imposed on the child or family

12. Contact & Data Protection

Privacy Inquiries

Email: privacy@gifly.app

Subject Line: Include "Privacy Request" or "GDPR Request"

Response Time: Within 72 hours for acknowledgment

General Support

Email: support@gifly.app

Website: https://gifly.app

Terms: Terms of Service

Supervisory Authority

EU residents have the right to lodge a complaint with their local data protection authority if they believe their privacy rights have been violated. You can find contact information for EU data protection authorities at EDPB Member Authorities.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via:

  • • Email notification to registered users
  • • Prominent notice on our website
  • • Updated "Last Modified" date at the top of this policy

Effective Date: September 10, 2025
Last Updated: September 10, 2025
This privacy policy was created with transparency and user rights as our primary focus.

Terms of ServiceCookie PolicyContact UsBack to Gifly