Buy Me This

Privacy Policy

Last updated: 28 June 2026

Buy Me This (“we”, “us”) is a private gift-capture app. This policy explains what personal data we collect, why, and your rights under UK GDPR and the Data Protection Act 2018.

Who we are

The service is operated by AG Cyber (the “data controller”). For any privacy question or to exercise your rights, contact steve@ag-cyber.uk.

What we collect

Account data: your email address, an optional display name, and a securely hashed password.
Content you create: the people you add (names, relationships, notes, birthdays/anniversaries), gift items (titles, notes, prices, links, retailers), photos you upload, and private fields such as where you've hidden a bought gift.
Operational data: minimal logs and sync/event records used to run the service, keep it secure, and fix problems, plus your storage usage. We do not use advertising trackers or third-party analytics SDKs.

Other people's information

You may record details about other people (for example a friend's name or birthday). You're responsible for adding only information you're entitled to keep. This data is private to your account and is never shown to those people or anyone else.

Why we use it (lawful basis)

To provide the service (your account and the content you create): performance of a contract with you.
To keep the service secure and working (operational logging, abuse prevention, storage limits): our legitimate interests.
Where we ever rely on consent, you can withdraw it at any time.

Who processes your data

We host the service on Cloudflare (application, database, image storage) and send transactional email (verification, password reset) via Resend. These providers act as our processors and may process data on infrastructure outside the UK; where they do, appropriate safeguards apply. We do not sell your data or share it for marketing.

How long we keep it

We keep your data while your account is active. When you delete an item, person, or your whole account, the associated data is removed; routine backups and logs age out shortly afterwards.

Your rights

Under UK GDPR you have the right to access, correct, delete, export (portability), restrict, or object to our processing of your personal data, and to withdraw consent. In the app, go to Settings → Your data to export everything we hold about you as a file, or to permanently delete your account and all its data. You can also email steve@ag-cyber.uk for help exercising any of these rights.

Security

Data is encrypted in transit (HTTPS). Passwords are stored only as salted hashes, never in plain text. Your images and content are access-controlled and private to your account.

Children

Buy Me This is not intended for children under 16.

Changes

We may update this policy as the app evolves; we'll change the “last updated” date above and, for significant changes, let you know in the app.

Complaints

If you're unhappy with how we've handled your data you can contact us, or complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.