Secret SantaSecret SantaThe Secret Santa application on https://www.santasecret.app is run by a private individual with no commercial purpose. This Privacy Policy explains how we collect, use, and protect your personal data. We collect only first name, last name, and email address, which you voluntarily provide when registering. These data are used solely to operate the Secret Santa service and to send related notifications. We do not collect any other personal data or use tracking beyond what is strictly necessary for the game. This notice is written in clear and plain language as required by the GDPR.
We only collect the following information:
These data are provided voluntarily by you and are strictly limited to what is necessary for the service (GDPR data minimization). We do not collect extraneous information.
Your personal data are processed only for the purpose of organizing and managing the Secret Santa game among users and for sending related communications. The legal basis is the user’s consent and the legitimate interest in providing the requested service. We do not use your data for any other purpose, such as advertising or profiling.
In order to perform the Secret Santa drawing, participants will see only the first and last names of the other group members. We never disclose emails or other personal information to other participants. Apart from the internal group function described above, we do not share your data with any third parties, except as required by law.
We retain personal data only as long as necessary for the stated purposes (GDPR principle). Specifically, we keep your data for up to 12 months after registration, or until you delete your account or the group is deleted, whichever happens first. After that, all personal data are permanently erased. If you exercise your right to deletion, we will remove your data without undue delay.
Under GDPR you have rights over your data. You can:
You can update or delete your Name, Surname, and Email at any time via your account profile. Alternatively, you can contact the data controller to request data deletion or correction. We will respond to any such request without undue delay in accordance with GDPR law.
The application’s servers are located in Europe and all processing complies with EU data protection laws. For sending transactional emails, we use Resend.com. Resend is certified under the EU-US Data Privacy Framework and provides a compliant Data Processing Addendum. This ensures that Resend handles data according to GDPR standards. Resend acts only as a processor for email delivery and does not use the data for other purposes. We do not transfer data outside approved frameworks (Resend’s service adheres to EU-US privacy rules). No other third-party services (e.g. advertising or analytics) are used.
We may update this policy if the service or legal requirements change. Any significant updates will be posted here.
For questions about this Privacy Policy or to exercise your data protection rights, please contact us at support [at] santasecret [dot] app.