We respect your privacy and are committed to protecting your personal data.
Last updated: April 21, 2026
WishMyList ("we," "us," or "our") operates the gift registry platform at wishmylist.com. Contact: privacy@wishmylist.com
Information you provide: account details (name, email, hashed password), list content and photos, RSVP and message board data, payment details (processed by Stripe — we never store card numbers).
Automatically collected: IP address, browser type, device info, pages visited, and session cookies.
We do not sell your personal data to third parties.
We use essential session cookies for login and CSRF protection. Analytics cookies (if enabled) are anonymized. You can disable cookies in your browser settings.
To exercise your rights, visit Account Settings or email privacy@wishmylist.com. We respond within 30 days.
California residents may request to know, delete, or opt-out of the sale of personal information. We do not sell personal information. Submit CCPA requests to privacy@wishmylist.com or via our Data Deletion page.
Your data is retained while your account is active. Upon account deletion, personal data is removed within 30 days (except financial records retained up to 7 years as required by law).
We use SSL/TLS encryption, bcrypt password hashing, prepared SQL statements, and regular security audits. No internet transmission is 100% secure — use a strong unique password.
WishMyList is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has submitted data, contact us to remove it.
We may update this policy. Material changes will be communicated via email or site notice at least 14 days in advance.
WishMyList
Privacy: privacy@wishmylist.com
Support: support@wishmylist.com
Data Deletion: wishmylist.com/data-deletion