Privacy Policy

Wish Realizer ("we", "us", "the Service"), operating at wishrealizer.io, is the controller of the personal data described in this Privacy Policy. We are committed to processing your data lawfully, fairly, and transparently.

a) Anonymous Users:

• ·Hashed IP address (SHA-256, irreversible) — for rate limiting and abuse prevention.
• ·Wish content you submit — for AI processing and aggregate analytics.
• ·Language preference and browser locale.
• ·Anonymous session identifier (UUID stored in your browser's localStorage).

b) Authenticated Users (via Google Sign-In):

• ·Email address, full name, and profile picture (provided by Google).
• ·Wish history, refinements, and interactions (acquire clicks, dismissals).
• ·Inferred preferences (brand affinity, price tier, category interests) — used to improve recommendation quality for you specifically.
• ·Subscription and Founder status.

c) Automatically Collected:

• ·Server logs (timestamps, request paths, response codes) — retained for 30 days for operational security.
• ·Cookies essential for authentication (session token, language preference).

We do not collect sensitive personal data (race, religion, health, political opinions) and we do not sell personal data to third parties.

We process your data on the following bases:

• ·Legitimate interest — operating, securing, and improving the Service.
• ·Contractual necessity — fulfilling our obligations under the Terms.
• ·Consent — for optional features such as preference learning (you may opt out).
• ·Legal obligation — when required by applicable law.

• ·Generate AI-powered recommendations and execution plans.
• ·Authenticate your account and maintain your Wish Vault.
• ·Improve recommendation quality through invisible preference learning.
• ·Prevent abuse and enforce ethical use policies.
• ·Communicate service-related notices (security, billing for VIP users).

We share limited data only with the following categories of processors, under contractual data protection commitments:

• ·Google Sign-In — authentication only (we receive your email, name, profile picture).
• ·Large language model providers — your wish text is sent to AI model providers for processing. No personal identifiers are attached. Providers may temporarily process the text per their own privacy policies.
• ·Affiliate networks — when you click a product link, you are redirected to the partner retailer (Amazon, Impact, Awin, etc.). These networks may set cookies in your browser per their own policies. We do not share your name or email with them; only the click event is tracked.
• ·Hosting and infrastructure providers — for storing and serving the application securely.
• ·Stripe — for processing VIP subscription payments (when applicable). Stripe is PCI-DSS compliant; we never see your full card number.

We do not share your wish content, preferences, or identity with advertisers.

We use cookies and localStorage strictly for:

• ·Session authentication (session_token cookie, httpOnly, secure).
• ·Language preference and dismissed banners (localStorage).
• ·Anonymous session identifier (localStorage).

We do not use third-party advertising cookies or trackers on Wish Realizer pages. Affiliate partner sites may set their own cookies upon redirect.

• ·Anonymous wishes: 90 days, then permanently deleted.
• ·Authenticated user data: retained while your account is active and 90 days after account deletion (for legal and operational purposes).
• ·Server logs: 30 days.
• ·Subscription records: 7 years (for tax and accounting compliance).

You have the right to:

• ·Access your personal data and obtain a copy.
• ·Rectify inaccurate data.
• ·Delete your account and associated data ("right to be forgotten").
• ·Restrict or object to certain processing activities.
• ·Data portability — receive your data in a portable format.
• ·Withdraw consent at any time (without affecting prior lawful processing).
• ·Lodge a complaint with a supervisory authority (ANPD in Brazil, ICO in the United Kingdom, your local DPA in the EU).

To exercise any of these rights, contact us at contact@wishrealizer.io. We will respond within 15 days (LGPD) or 30 days (GDPR), whichever is shorter.

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data promptly.

Your data may be processed in countries outside your country of residence (United Kingdom, United States, European Union). All such transfers are protected by adequate safeguards, including Standard Contractual Clauses (where applicable) and the principles of equivalent protection.

We implement industry-standard technical and organizational measures, including:

• ·Encryption in transit (TLS 1.3).
• ·httpOnly secure session cookies.
• ·Hashed (SHA-256) IP addresses, never raw IPs in storage.
• ·Restricted access to production data on a need-to-know basis.
• ·Regular security audits.

Despite these measures, no system is 100% secure. You should use strong, unique passwords for your Google account and report any suspected unauthorized access immediately.

We may update this Privacy Policy from time to time. Significant changes will be notified through the Service or by email. The "Last updated" date at the top of this policy indicates the most recent revision.

For privacy-related questions, requests, or to exercise your rights: contact@wishrealizer.io