Privacy Policy

Last updated: 1 April 2026  |  Effective: 1 April 2026

Data Controller: Egift.com LLC (a product of Ayde Group LLC), Albuquerque, New Mexico, USA
Privacy Officer: [email protected]
General Enquiries: [email protected] | +1-262-665-0499
Regulatory Authority: Federal Trade Commission (FTC) — ftc.gov

1. Who We Are

Egift.com LLC ("Egift.com", "we", "us", "our") is a digital gift card marketplace registered in the State of New Mexico, USA, operating as a product of Ayde Group LLC, with principal offices in Albuquerque, New Mexico. We operate the website egift.com and related digital services.

We are the data controller in respect of the personal data you provide to us when using our services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under applicable U.S. federal and state privacy laws. For users in the EU/EEA, we also maintain compliance with the General Data Protection Regulation (GDPR) where applicable.

2. Personal Data We Collect

2.1 Data You Provide Directly

  • Account Registration: First name, last name, email address, password (hashed), date of birth (optional).
  • Purchases: Recipient name, recipient email address, personalised message, gift card selection and denomination.
  • Payment: Billing name and address, card type and last four digits. Full card details are processed exclusively by Stripe and are never stored on our servers.
  • Communications: Messages you send to our support team, reports submitted, survey responses, and feedback.
  • Business Accounts: Company name, VAT registration number, authorised representative name and contact details.

2.2 Data Collected Automatically

  • Usage Data: Pages visited, clicks, search queries, time spent, referral URLs, and feature interactions.
  • Device & Technical Data: IP address, browser type and version, operating system, screen resolution, device identifiers.
  • Transaction Data: Order history, order IDs, purchase amounts, delivery timestamps, and redemption events.
  • Cookies & Trackers: See Section 7 (Cookies) for a detailed breakdown.

2.3 Data from Third Parties

  • Social Sign-In: If you register via Google or Apple, we receive your name and email address from the respective provider.
  • Fraud Prevention: We may receive risk signals from fraud prevention providers to protect against unauthorised transactions.
  • Partners: If you are referred by an affiliate or partner, we may receive limited data about the referral event.

3. How We Use Your Personal Data

  • To provide our services: Process your orders, deliver gift card codes, send order confirmations and receipts, and manage your account.
  • Customer support: Respond to your queries, investigate complaints, and resolve disputes.
  • Security and fraud prevention: Detect, investigate, and prevent fraudulent transactions and suspicious activity.
  • Marketing communications: Send you promotional emails, deal alerts, and product updates — only with your consent, and you can unsubscribe at any time.
  • Product improvement: Analyse usage data to improve our website, features, and user experience.
  • Legal obligations: Comply with applicable laws including tax obligations, anti-money laundering requirements, and court orders.
  • Personalisation: Remember your preferences, recommend relevant gift cards, and tailor your experience.

4. Legal Bases for Processing (GDPR Article 6)

  • Contract performance (Art. 6(1)(b)): Processing necessary to deliver the services you have ordered — order processing, account management, delivery of codes.
  • Legitimate interests (Art. 6(1)(f)): Fraud prevention, security monitoring, analytics, and service improvement, where your interests and rights do not override ours.
  • Consent (Art. 6(1)(a)): Marketing communications, optional analytics cookies, and personalised advertising. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): Tax record keeping, AML/KYC compliance, and responding to lawful law enforcement requests.

5. Sharing Your Personal Data

We do not sell your personal data. We share it only in the following limited circumstances:

  • Payment processors: Stripe, Inc. — to process card payments securely (PCI-DSS Level 1 compliant).
  • Email delivery: Postmark / SendGrid — to send transactional and marketing emails on our behalf.
  • Cloud infrastructure: Amazon Web Services (AWS) — for hosting and data storage (US and global regions).
  • Analytics: Google Analytics 4 (anonymised IP, consent-based) — to understand website usage.
  • Fraud prevention: Sift Science — to detect and prevent fraudulent activity.
  • Gift card issuers: Retailer-specific information (code delivery recipient email) is shared with the relevant gift card issuer to activate your code.
  • Legal authorities: When required by law, court order, or to protect the rights and safety of our users.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate safeguards.

All third-party processors are bound by Data Processing Agreements (DPAs) in compliance with applicable privacy laws.

6. International Data Transfers

Egift.com is headquartered in Albuquerque, New Mexico, USA, and primarily processes personal data within the United States. Where data is transferred internationally (e.g., for EU/EEA users or to international processors), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for EU/EEA user data where applicable
  • Adequacy decisions and equivalent data protection frameworks where recognised
  • Contractual obligations requiring third-party processors to maintain equivalent data protection standards

You may request information about applicable transfer safeguards by contacting our Privacy Officer at [email protected].

7. Cookies

We use cookies and similar tracking technologies on our website. For a complete breakdown of cookie types, specific cookies we use, and to manage your preferences, please see our Cookie Settings page.

In summary, we use:

  • Essential cookies: Required for the website to function (authentication, shopping cart, security tokens). Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our site (consent required).
  • Marketing cookies: Used to show you relevant advertisements on other platforms (consent required).
  • Preference cookies: Remember your settings such as language and currency preferences (consent required).

8. Data Retention

  • Account data: Retained for the lifetime of your account and 3 years after account closure, unless a longer retention period is required by law.
  • Transaction records: Retained for 7 years to comply with U.S. federal tax law and applicable state tax regulations.
  • Marketing consent records: Retained for 3 years from the date of last interaction.
  • Support communications: Retained for 2 years from the date of resolution.
  • Security logs: Retained for 12 months for fraud investigation purposes.

After applicable retention periods, data is securely deleted or anonymised in accordance with our data deletion procedures.

9. Your Privacy Rights

You have the following privacy rights, which we honor for all users regardless of location (and as required by GDPR for EU/EEA users):

Right of Access (Art. 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Art. 16)

Have inaccurate or incomplete data corrected.

Right to Erasure (Art. 17)

Request deletion of your data ("right to be forgotten").

Right to Restriction (Art. 18)

Restrict how we process your data in certain circumstances.

Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, submit a request to [email protected] or via the Account Settings → Privacy section of your account. We will respond within 30 days. U.S. users may also contact the FTC at ftc.gov; EU/EEA users may lodge a complaint with their local data protection authority.

10. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that we have collected data from a child under 16 without appropriate consent, we will delete it immediately. If you believe we may have inadvertently collected data about a child, please contact [email protected].

11. Data Security

We implement industry-standard technical and organisational security measures to protect your personal data, including:

  • 256-bit TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Role-based access controls and principle of least privilege
  • Regular penetration testing and security audits by independent third parties
  • SOC 2 Type II compliance for our infrastructure providers
  • Multi-factor authentication for all employee access to production systems
  • A formal incident response plan with timely breach notification as required by applicable law

Despite these measures, no internet transmission is 100% secure. In the unlikely event of a data breach affecting your rights and freedoms, we will notify you and the appropriate regulatory authority as required by applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (to your registered address) and by displaying a prominent notice on our website at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of our services after the effective date constitutes your acknowledgement of the updated policy.

13. Contact & Privacy Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

  • Privacy Officer: [email protected]
  • Privacy Team: [email protected]
  • Post: Privacy Officer, Egift.com LLC (Ayde Group LLC), Albuquerque, New Mexico, USA
  • Phone: +1-262-665-0499 (Mon–Fri, 09:00–18:00 MT)

Regulatory Authority (U.S.): Federal Trade Commission. Web: ftc.gov. EU/EEA users may contact their local data protection authority.