My Wishlists

Rechtliches

Privacy policy

This is an unofficial English translation provided for convenience. The legally binding version is the German one.

View the German version

1. Introduction

With this privacy policy we inform you about the processing of personal data when using My Wishlists (my-wishlists.com). We treat your data confidentially and in accordance with statutory data-protection regulations and this policy.

2. Controller

The controller within the meaning of the GDPR is:

Stargate Innovationhub

Albert-Schweitzer-Allee 9

65203 Wiesbaden

Deutschland

Email: hello@my-wishlists.com

Further details can be found in the legal notice.

3. Collection and storage of personal data

3.1 When visiting the website

When you access our website, technically necessary server log data may be generated (e.g. a shortened IP address, time of access, requested URL, browser type). This data serves secure operation and error analysis. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operation).

3.2 On registration and use

When you register and use My Wishlists, we process:

  • Name and email address (account)
  • Password exclusively as a cryptographic hash (Argon2)
  • List content you enter (titles, descriptions, links, prices, image URLs)
  • Reservations by guests: optionally name, email and message; technically a secret token in the cookie for cancellation

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures).

3.3 Link import

When you import a product link, our server calls the given URL to read metadata (e.g. title, image, price). Security limits apply (http/https only, abuse protection). Product images are usually only linked, not stored permanently with us.

4. Sharing of data

Data is shared with third parties only if you have consented, if it is necessary to perform the contract, if there is a legal obligation, or if we have a legitimate interest that does not override your rights.

Wishlists are reachable via a secret link. Anyone who knows the link can see the list (and possibly reserve). Share the link only with people you trust.

5. Affiliate links

If a wish contains a link to an online shop, it may be marked as an affiliate link (e.g. Amazon Associates). If you or a guest buys through such a link, we may receive a commission from the retailer. There are no additional costs for you.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in financing the free offering). On my-wishlists.com we set no marketing cookies of our own for this; the respective shop may use its own cookies after the click — see its privacy notices.

6. Services and processors used

6.1 Supabase (database)

We store application data in a PostgreSQL database at Supabase. The data centres for EU projects are located in the European Union (e.g. AWS eu-central-1, Frankfurt). Legal basis: Art. 6 (1) (b) GDPR.

Provider: Supabase, Inc. — privacy policy

6.2 Vercel (hosting)

The website is hosted at Vercel Inc. Technical access data may be processed in the process. Legal basis: Art. 6 (1) (f) GDPR (operation of the website).

Vercel's privacy policy

6.3 Resend (email delivery)

For optional emails (e.g. magic-link sign-in, reservation confirmation with cancel link) we use Resend. The email address and message content are transmitted. Legal basis: Art. 6 (1) (b) GDPR.

Resend's privacy policy

Data processing agreements

Where required, data processing agreements pursuant to Art. 28 GDPR are in place with the providers named. The providers' public DPA information is available on their websites.

7. Cookies

This site uses only technically necessary cookies (login & reservation). No tracking cookies are set.

  • Session cookie for sign-in (NextAuth)
  • Cookie for your own reservations (cancellation via browser)
  • Notice cookie once the cookie banner has been acknowledged

We use no analytics, marketing or tracking cookies. Legal basis for technically necessary cookies: Art. 6 (1) (f) GDPR.

8. Your rights

In particular, you have the following rights towards us:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent given (Art. 7 (3) GDPR)

To exercise them, contact: hello@my-wishlists.com. To delete your account, an email to us is sufficient; associated lists and data are then removed, unless statutory retention obligations apply.

9. Right to complain

You have the right to lodge a complaint with a data-protection supervisory authority. The authority responsible for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
https://datenschutz.hessen.de

10. Data security

We use technical and organisational measures, including TLS encryption, secure password hashes (Argon2), rate limiting against abuse, and access control to lists for signed-in owners only.

11. Retention period

  • Account data and lists: until you delete your account
  • Reservations: as long as the associated list exists
  • Server logs at the hosting provider: per its policies, usually short

12. Changes to this privacy policy

We adapt this policy when the legal situation or the service changes. The current version is always available at this URL.

Last updated: June 2026

Back to top