Legal

Privacy Policy

Last updated: 15 March 2026

1. Who we are

Birthday Experiences ("we", "our", "us") operates the Birthday Experiences platform, accessible at birthdayexperiences.com. We are the data controller for personal data collected through this platform. If you have any questions about this policy, contact us at privacy@birthdayexperiences.com.

2. What data we collect

We collect the following categories of data:

  • Account data: Name, email address, phone number, and password (stored as a secure hash) when you register.
  • Profile data: Date of birth, bio, interests, and any other information you add to your birthday profile.
  • Payment data: We do not store raw card numbers. Payments are processed by Stripe. We store transaction references, amounts, and payout records.
  • Gift and wishlist data: Customisation data entered when sending gifts (recipient name, message, sender name), wishlist items, and contribution amounts.
  • Usage data: Pages visited, features used, device type, browser, and IP address collected automatically for security and analytics.
  • Communications: Messages you send to other users on the platform, and any support requests you submit to us.

3. How we use your data

  • To create and manage your account and birthday profile.
  • To process payments and payouts via Stripe.
  • To send transactional emails such as payment confirmations, gift delivery notifications, and event updates.
  • To display your profile to guests you share your link with.
  • To improve the platform through aggregated, anonymised analytics.
  • To comply with legal obligations, including fraud prevention and tax reporting.

4. Legal basis for processing

We process your data on the following legal bases under UK GDPR:

  • Contract: Processing necessary to deliver the services you signed up for.
  • Legitimate interests: Platform security, fraud prevention, and product improvement.
  • Legal obligation: Compliance with financial regulations and law enforcement requests where required.
  • Consent: Marketing communications, where you have opted in.

5. Data sharing

We do not sell your personal data. We share data only with:

  • Stripe: For payment processing and Connect onboarding.
  • Cloud infrastructure providers: Servers that host the platform under strict data processing agreements.
  • Email delivery services: Used solely to send transactional emails on our behalf.
  • Legal authorities: Where required by law or to protect the rights and safety of our users.

6. Data retention

We retain your account data for as long as your account is active. If you close your account, we delete your personal data within 90 days, except where we are required to retain it for legal or financial compliance purposes (typically 7 years for transaction records).

7. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (right to erasure).
  • Object to or restrict certain types of processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at privacy@birthdayexperiences.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may prevent you from signing in.

9. Security

We use industry-standard security measures including HTTPS encryption, hashed password storage, and access controls. No system is completely secure, and we encourage you to use a strong, unique password and to keep your account credentials private.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice in the platform. The "last updated" date at the top of this page reflects the most recent revision.

About usTerms & conditions