GDPR • CCPA • INTERNATIONAL COMPLIANT

Privacy Policy

At Giftstorm, we don't just comply with privacy laws—we exceed them. This document explains how we collect, use, and protect your data with military-grade encryption and transparency.

Effective: January 15, 2024
Version: 3.2
Jurisdiction: International
GDPR Ready
CCPA Compliant
LGPD Brazil
AES-256 Encryption
1

Overview & Scope

This Privacy Policy applies to Giftstorm Global Ltd. ("we," "our," or "us") and explains how we handle your personal information in compliance with global privacy standards.

Our Privacy Promise

We believe privacy is a fundamental human right. Since 2018, we've built Giftstorm with privacy-by-design principles. Unlike traditional payment processors, we:

  • Never store your cryptocurrency private keys
  • Require zero KYC for transactions under $10,000
  • Use AI to minimize data collection while maximizing security
  • Apply the strictest privacy standard (GDPR) globally
  • Automatically delete transaction data after 180 days
2

Data We Collect

We practice data minimization—collecting only what's absolutely necessary for your transaction.

Transaction Data

Data Type Purpose Retention Encryption
Email Address Delivery of gift card codes 180 days AES-256
Transaction Hash Blockchain verification 7 years* Immutable
Wallet Address Payment processing 30 days One-way hash

* Required by financial regulations for audit purposes

What We NEVER Collect

Because we're not a bank, we don't need (or want) your personal life:

  • Social Security Numbers or national IDs
  • Home addresses (unless required for shipping)
  • Phone numbers
  • Biometric data
  • Political/religious views
  • Private keys (these stay in YOUR wallet)
4

Military-Grade Data Protection

Our Security Stack

We protect your data better than most banks:

Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit (same as banks)
  • End-to-end encryption for gift card codes

Infrastructure

  • Servers in SOC 2 Type II compliant data centers
  • Zero-knowledge proofs where possible
  • Automated penetration testing weekly
5

Your Privacy Rights (GDPR/CCPA)

Complete Control Over Your Data

You have the right to:

Right Description Response Time
Access Get a copy of all data we have about you ≤ 30 days
Deletion Request we delete your personal data ≤ 30 days
Correction Correct inaccurate data ≤ 14 days
Opt-Out Opt-out of data sales (we don't sell data) Immediate

Contact Our Data Protection Officer

Questions about this policy? Want to exercise your privacy rights? Our DPO responds within 24 hours, guaranteed.

Email DPO