Privacy Policy

Last updated: January 2026

1. Controller

The responsible party (Controller) for data processing on this website/application is:

Frank Business Insights
Rautistrasse 55, 8047 Zürich
Email: hello@bdayz.ch

2. What Data We Collect

We collect different types of data depending on how you use the App.

2.1. Data You Provide About Yourself (Account Data)

When you register, we collect:

  • Identity Data: Full Name, Date of Birth.
  • Contact Data: Email address (used as your username).
  • Profile Picture: You may optionally upload a profile photo, which is stored on our servers and visible to Users you connect with.
  • Preferences: Privacy settings (e.g., visibility of birth year) and gift preferences.
  • Security: Password (stored in encrypted/hashed format only).

2.2. Data You Provide About Others (Contacts and Events)

You may enter data about third parties (e.g., "Grandma," friends) or specific occasions into your private lists.

  • Manual Entries: Names, birthdates, dates and titles of custom events (e.g., Key Dates), and notes.
  • Your Responsibility: For this data, you act as the person responsible for its collection and sharing within your private or family circle (Household Activity). The App provides the technical platform to facilitate this private organization. We store this data solely to provide the calendar service to you and do not use it for marketing or contact these individuals ourselves.

2.3. Guest Data (Wishlists and Invites)

If you access a Wishlist as a guest (without an account) and mark an item as "Bought":

  • We collect the Display Name you enter (e.g., "Aunt Mary").
  • This is used solely to prevent duplicate gifts on that specific list.

If you use an invite link to provide your birthday details (e.g., "Ask a Friend"):

  • We collect your Name and Date of Birth to enforce the request and add it to the inviter's contact list.

2.4. Usage Data (System Logs)

For security and debugging, we or our hosting provider (Infomaniak) may automatically log:

  • IP address.
  • Date and time of access.
  • Browser type and operating system.

2.5. Data Sharing with Other Users (Circles)

The App includes a "Circles" feature that allows you to voluntarily share specific content (e.g., birthdays of contacts, custom events) with other Users in private groups.

  • User Control: No data is shared with other Users unless you explicitly add it to a Circle and invite those Users.
  • Visibility: By adding data to a Circle, you instruct us to make that specific data visible to the authorized members of that Circle.
  • Responsibility: You acknowledge that once you share data via a Circle, we cannot control how the recipients use or store that information locally.
  • Group Size: Circles are limited to 10 members to ensure data remains within a private, family-like context (consistent with the GDPR Household Exemption).
  • Explicit Consent Required: Before sharing a contact or event to a Circle, you must confirm via an in-app consent mechanism that you have authorization to share this data.

3. Purpose and Legal Basis

We process your data for the following purposes:

  1. Service Provision: To provide the calendar, event reminders, and wishlist features (Legal Basis: Performance of Contract).
  2. Communication: To send you password resets, email verifications, and reminders you requested (Legal Basis: Performance of Contract).
  3. Security: To prevent fraud and abuse (Legal Basis: Legitimate Interest).
  4. Analytics: To understand how you interact with our App so we can improve the functionality and user experience (Legal Basis: Legitimate Interest).
  5. Monetization: To process affiliate links included in wishlists (Legal Basis: Legitimate Interest).

4. How We Handle Deletion

This section explains what happens to your data when you delete your account. You may choose one of two options:

4.1. Complete Deletion

  • Your login credentials, email, personal profile, and all linked data are permanently deleted from our system.
  • Your entry is also removed from all friends' lists where you were linked.
  • This provides full "right to be forgotten" compliance.

4.2. Static Snapshot

  • Your login credentials, email, and personal profile settings are permanently deleted.
  • However, if you were connected to other Users (via the "Linked Contact" feature), your Name and Birthdate will be converted into a static text entry in their private lists.
  • Why? To ensure your friends do not lose the calendar entry for your birthday.
  • Result: The data is no longer linked to a live profile. It becomes a private note controlled by your friend (Household Exemption).
  • Right to Object: If you later wish for this static data to be removed from a friend's list, you must contact that friend directly, as they become the sole controller of that private data entry.

5. Affiliate Links and Tracking

Our App does not use third-party advertising cookies (like Google AdSense). However, we use Affiliate Marketing:

  • Links: If you click on a product link (e.g., Amazon) within a wishlist, that link may contain a tracking code/tag that identifies our App as the referrer.
  • No In-App Cookies: We do not drop affiliate cookies on your device. The cookie is set by the target merchant (e.g., Amazon) only after you click the link and leave our App.
  • Purpose: This allows us to earn a commission.

6. Data Sharing and Hosting

We prioritize Swiss data sovereignty.

6.1. Data Hosting

  • Hosting: All data is hosted on servers provided by Infomaniak Network SA in Geneva, Switzerland.
  • Email: Transactional emails are sent via Infomaniak's SMTP service.
  • No Sale of Data: We do not sell your personal data to third parties.

6.2. Calendar Subscriptions (Third-Party Sync)

If you use the calendar subscription link (ICS feed) to sync your data with a third-party calendar application:

  • The data you export is subject to that provider's own privacy policy and data handling practices (e.g., Apple, Google, Microsoft).
  • We are not responsible for how third-party calendar providers store, process, or secure your subscribed data.

7. Your Rights

Under the Swiss FADP and EU GDPR, you have the following rights:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate data.
  • Deletion: Request deletion of your account (subject to the Snapshot Rule described in Section 4).
  • Export: Receive your data in a portable format.

To exercise these rights, please contact us at hello@bdayz.ch.

8. Data Security

We implement technical measures to protect your data, including:

  • SSL/TLS Encryption for all data in transit.
  • Hashing of passwords (we cannot read your password).
  • Access Controls restricting database access to authorized technical administrators only.

9. Cookies

We use only Strictly Necessary Cookies required for the App to function (e.g., keeping you logged in). We do not use third-party analytics or marketing cookies that require a consent banner.

10. Changes to This Policy

We may update this policy from time to time. The latest version will always be available within the App.