Privacy Policy

How Santa Circle handles your data

No Selling

Ever

Encrypted

In transit & at rest

Auto-Delete

After events

What Data We Collect
Only what's needed to run Secret Santa events

For Event Hosts:

  • • Email address (for account login)
  • • Event details (name, date, budget)
  • • Event codes (randomly generated)

For Participants:

  • • Name and email (for one specific event)
  • • Wishlist items (shared with your Secret Santa only)
  • • Access tokens (for secure wishlist editing)

We do NOT collect:

Payment info, browsing history, device fingerprints, or any tracking beyond basic analytics

How We Use Your Data

Event Hosts: Your email is used for authentication and to manage your Secret Santa events. We use it to send important event updates if needed.

Participants: Your email is ONLY used within the event you joined. The event host can see it, but it's never shown to other participants. Your wishlist is only visible to the person assigned as your Secret Santa.

We never: Sell, rent, or share your data with third parties for marketing. Your information stays with Santa Circle.

Security Measures
  • • All data encrypted in transit (HTTPS) and at rest
  • • Secure token-based access for participant wishlist editing
  • • Rate limiting on all public endpoints to prevent abuse
  • • Row-level security policies in our database
  • • Regular security audits and updates
Data Retention & Deletion

Active Events: Your data is retained while the event is active and for the duration specified by the event host (event expiry date).

After Event Expiry: Participant access is automatically revoked after the event expiry date. Hosts can still view archived events for record-keeping.

Deletion Requests: Event hosts can archive events at any time. Participants can request deletion by contacting the event host. Host accounts and all associated events can be deleted on request.

Auto-Cleanup: Expired tokens and old audit logs are automatically cleaned up to minimize data storage.

Your Rights

You have the right to:

  • • Access your data at any time
  • • Update your wishlist until the event is locked
  • • Request deletion of your data
  • • Export your event data (hosts only)
Questions?

If you have questions about how we handle your data, or want to exercise your privacy rights, contact us at: legal@tefydigital.com

Last updated: December 2024