Privacy Policy
Effective Date: July 7, 2026 | Version: 2.2.0
Anchor Digital LLC ("Company," "we," "us," or "our") operates the Charis platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you sign up, we collect your name, email address, and authentication credentials. You can sign in with Google, with Apple, or with an email address and password (via Firebase Authentication).
- Gift Content: Names, dates, relationship details, custom messages, interests, personal facts, and other details you provide when creating gifts — including information about the recipient and any other people you mention.
- Recipient Email (optional): We only collect a recipient's email address if you choose the scheduled "email it to them" delivery option and provide it. By default you share the gift yourself, and we never collect the recipient's email.
- Uploaded Photos: Photos you upload for gift features — for example the photo reveal, a story or celebration slideshow, a personalized portrait, or a guest photo wall. Depending on the feature, an uploaded photo may be sent to our image-generation vendor to create your gift content (see Section 2). We do not perform facial recognition, biometric identification, or model training on these photos, and we do not build a face database from them. They are stored only to create and deliver your gift to its recipient.
- Gift Card Codes: If you choose to attach a gift card you obtained elsewhere, we store the code (and any PIN and the answer to the secret question you set) so your recipient can unlock it. These values are stored in our access-controlled database, transmitted over encrypted connections, and never shown to the recipient until they answer your secret question. We do not sell gift cards.
- Payment Information: Payment details are collected and processed directly by Stripe. We do not store your full credit card number, CVC, or other sensitive payment details on our servers.
- Feedback & Support: Any messages, ratings, or feedback you submit through the app, including support requests (your message, category, reply email, and the page or gift link you reference).
- Support-chat transcripts: If you use the automated help assistant on our site, we store the conversation (your questions and its replies). Email addresses and gift-card-code-like strings are masked before storage, and we store a one-way hashed form of your IP address for abuse prevention rather than the raw address.
1.2 Information Collected Automatically
- Usage Data: We keep first-party counts of activity (for example, how many gifts have been created or opened) to run and understand the Service. We do not use Google Analytics, Firebase Analytics, or any third-party advertising or behavioral-analytics tracker.
- Device Information: Standard request information such as browser type, operating system, and device type may be logged by our hosting provider.
- Bot / abuse protection: We use Google reCAPTCHA (via Firebase App Check) to verify that requests come from a genuine browser rather than automated abuse. This sends a device/attestation signal to Google and is subject to Google's privacy terms.
- IP Address: Collected automatically by our hosting provider (Firebase/Google Cloud) for security and fraud prevention. Our support-chat assistant stores only a one-way hashed form of your IP address, not the raw address.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide & Improve the Service: To create and deliver personalized digital gifts, process payments, and continuously improve user experience.
- Content Generation: Your gift details (recipient name, occasion, relationship, etc.) and any photo you upload are sent to Google’s generative AI APIs to generate text, trivia, images, and song lyrics and to assemble your photo puzzle. Song lyrics and style descriptors (not photos) are sent to ElevenLabs to produce the song audio. We do not authorize these vendors to use your data to train their models.
- Communication: To respond to your inquiries, send service-related notices, and provide customer support.
- Scheduled delivery (optional): If you choose to schedule your gift, we email the gift link — either to you as a reminder, or, if you opt in and provide it, to the recipient’s email address at the time you set. We do not send anything to a recipient unless you choose the "email it to them" option and provide their address.
- Product measurement: To understand aggregate activity (using first-party counters, not third-party analytics trackers) so we can improve our features and design.
- Security: To detect, prevent, and address fraud, abuse, or technical issues.
- Legal Compliance: To comply with applicable laws and legal obligations.
3. Third-Party Services & Data Sharing
We share information with the following categories of third-party service providers, solely to deliver and improve the Service:
| Provider | Purpose | Data Shared |
|---|
| Firebase / Google Cloud (US) | Hosting, auth, database, storage, bot protection (reCAPTCHA / App Check) | Account data, gift data, uploaded photos, request/device signals |
| Stripe (US) | Payment processing | Email, payment details |
| Google generative AI APIs | Trivia & text generation | Recipient name, occasion, relationship, message context |
| Google generative AI APIs | Lyric & image generation | Song lyrics/theme, image prompts, uploaded photo (transient processing) |
| ElevenLabs (US) | Custom song (music) generation | Song lyrics & style descriptors (no photos) |
| Resend (US) | Transactional & scheduled email delivery | Your (and, only for scheduled recipient delivery, the recipient's) email address, gift link |
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4. Data Retention
We retain different categories of data for different periods:
- Account data: Retained while your account is active. We do not currently offer a self-serve account-deletion button; to delete your account, email us and we will delete your account data within 30 days of a verified request.
- Gift content (text + assembled gifts): A gift's viewing window starts when the recipient first opens it and varies by tier and product (for example, 30 days, one year, or an unlimited keepsake window). Heavy assets (photos, songs, images) are automatically deleted within 30 days after a gift's viewing window expires; the small gift record may be retained longer for order history, statistics, and support. A gift that is never opened has no viewing window and is not automatically purged — its assets remain until you delete the gift or ask us to.
- Uploaded original photos: Stored only to create and deliver the gift. Originals are automatically deleted within 30 days after the gift's viewing window expires, or sooner upon request. As above, photos in a never-opened gift are retained until you delete the gift or request deletion.
- Payment records: Retained as required by tax and accounting laws (typically 7 years), with sensitive card data held only by Stripe.
- Support requests: Support tickets you submit (message, category, reply email, referenced links) are retained so we can handle and follow up on your request. Email support@charis.gifts to request deletion.
- Support-chat conversations: Conversations with the automated helper on our site are stored for up to 90 days so we can improve its answers and review any disputes, after which they are automatically deleted. Email addresses and gift-card-code-like strings are masked before storage. To ask for a conversation to be deleted sooner, email support@charis.gifts.
- AI vendor caches: Subject to each vendor’s data processing agreement. Google’s default retention for generative AI API data when accessed via paid endpoints is no training and short-term operational caching only.
4a. How We Handle Uploaded Photos
- Photos you upload are used solely to create your gift content (for example a photo reveal, slideshow, portrait, or guest wall) and deliver it to the recipient you specify.
- We do not use uploaded photos to train AI models, build face databases, or perform biometric identification.
- We do not sell, license, or share uploaded photos with anyone other than the image-generation vendor processing them on our behalf (to create your gift) and the recipient you choose.
- Once a gift has been opened, originals are automatically deleted from our storage within 30 days after the gift's viewing window expires. A gift that is never opened is not automatically purged; its photos remain until you delete the gift or request deletion.
- You may request earlier deletion at any time using the in-app Feedback option or by emailing support@charis.gifts.
4b. Recipient Privacy & Consent
When you create a gift that includes another person’s name, photo, or personal details, you represent that you have obtained any permissions required by applicable law to do so. If you depict a minor, you represent that you are the parent or legal guardian, or have parental/guardian consent.
A person depicted in a gift may contact us via the Feedback option to request deletion of content depicting them. We will action verified requests within 7 days.
5. Data Security
We implement industry-standard security measures to protect your information, including:
- Encrypted connections (HTTPS/TLS) for all data transmission
- Firebase Security Rules and admin-only server access to restrict unauthorized database access
- Server-side validation and rate limiting on sensitive operations
- Bot/abuse protection via reCAPTCHA (App Check), and storage of API keys and other secrets in a managed secret store
- Gift card codes held in our access-controlled database (never exposed to the recipient until they pass your secret question), with a rate-limited unlock check
However, no method of electronic storage or transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
6. Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data and account. We do not currently provide a self-serve delete button, so deletion is handled through a request to us (see below).
- Portability: Request a machine-readable copy of your data.
- Objection / Opt-out: Object to certain processing of your data, including “sale” or “sharing” for cross-context behavioral advertising. We do not sell or share personal information for advertising purposes.
- Non-discrimination: We will not discriminate against you for exercising your rights.
To exercise any of these rights, contact us using the in-app Feedback option or email support@charis.gifts. We will verify your identity and respond within 30 days (extendable by an additional 60 days for complex requests, with notice).
Cross-border transfers: Charis is operated from the United States. By using the Service, you understand that your data is transferred to and processed in the U.S. via Google Cloud (with Standard Contractual Clauses applicable to EEA/UK transfers).
Data breach notification: If a breach affecting your personal data occurs, we will notify affected users and applicable regulators without undue delay and, where required by law, within 72 hours of becoming aware (GDPR) or as required under your local notification statute.
7. Cookies & Tracking Technologies
Charis uses only essential cookies and local browser storage. We do not run third-party advertising or behavioral-analytics trackers, and there is no cross-site tracking. Specifically:
- Authentication: To keep you signed in and manage your session (Firebase Authentication).
- Affiliate Tracking: When you arrive through an affiliate link, we store the referral locally in your browser so a resulting purchase can be attributed to that partner.
- Bot protection: Google reCAPTCHA (via Firebase App Check) may set a token to verify that requests come from a genuine browser.
Because we do not use behavioral-analytics or advertising trackers, we do not display a tracking-cookie consent banner. You can still control cookies and site storage through your browser preferences, but disabling them may affect sign-in and other functionality of the Service.
8. Children's Privacy
Charis is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will promptly delete such data. If you believe we have inadvertently collected data from a child, please contact us immediately.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Effective Date" above. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
10. Contact Us
Anchor Digital LLC — Birmingham, Alabama. If you have any questions about this Privacy Policy, your data, or your rights (including deletion requests), contact us at support@charis.gifts, use the in-app Feedback option, or visit our About page.