Privacy Policy

Last updated: May 8, 2026

Birthday Hunter ("we," "us," "our," or the "Company") runs the Birthday Hunter mobile app and website (together, the "Service"). This page explains what we collect, why we collect it, who we share it with, and the choices you have. We wrote it in plain English wherever we could, and kept the legal language only where the law requires it.

Your choices

You can do all of the following at any time, no questions asked:

• Export your data. Download a JSON file with everything we have on you. Settings > Privacy > Export, or email us.
• Delete your account. Settings > Privacy > Delete account. We honor the request within 14 days, and rotate it out of backups within 90 days after that.
• Turn off marketing emails. Use the unsubscribe link in any email, or toggle it off in Settings > Notifications.
• Turn off personalization. Settings > Privacy > Personalization. You will see a generic feed instead of one tailored to your profile.
• Update or remove any answer. Anything you told us in onboarding can be edited or cleared from your profile.
• Ask a question. Email hello@birthdayhunter.com with “Privacy Request” in the subject. We respond inside the timelines required by law (typically 45 days).

1. What we collect, and why

Birthday Hunter is a first-party consumer app. We collect information directly from you and from how you use the Service. We do not buy data about you from data brokers.

We do not ask for government ID, Social Security numbers, exact salary, medical records, sexual orientation, religion, race, ethnicity, or political affiliation. We do not scan your contacts, calendar, photos, or microphone. We do not read SMS or track other apps on your device. We do not use your advertising identifier (IDFA or GAID) to build cross-app profiles.

2. How we use it

Everything in the table above gets used for first-party purposes inside our own product:

• To run the core product, including tracking your birthday, surfacing relevant deals, running the rewards-points program, and sending notifications you opted in to.
• To personalize your feed, by ranking which deals appear based on your declared answers and how you use the app.
• To match you to merchant offers. When a merchant runs a campaign (for example, “home cooks in the Midwest who celebrate birthdays with brunch”), we check whether you fit and show you the offer inside the app. The merchant does not see your individual profile.
• To improve the Service, by understanding which features work, fixing bugs, and improving performance.
• To prevent fraud and abuse, like fake accounts and points fraud.
• To meet our legal obligations, when the law requires it.

2.1 Things we will not do

• We will not sell your personal data.
• We will not share your individual profile with merchants. They only get aggregate counts above a 50-user floor.
• We will not use your data for advertising targeting outside the Birthday Hunter app.
• We will not disclose birthdays to insurers, data brokers, or any external party.

3. Who sees what

3.1 Service providers we rely on

A small number of vetted vendors help us run the Service. They process data on our behalf under written confidentiality and security obligations, and they are not allowed to use your data for their own purposes.

• Supabase, our database and authentication provider. This is where your account record and the answers you share are stored.
• Firebase Analytics, Crashlytics, and Performance (Google) for aggregate event analytics, crash reports, and app performance.
• Microsoft Clarity for anonymized session recordings and heatmaps. Clarity is configured so any text you type and any personal identifier on screen is automatically masked. We see taps and scrolls, never your name, email, or what you type.
• Google Analytics 4 for aggregate analytics on the marketing website.
• RevenueCat for subscription status. They receive a subscription identifier, not your card.
• AdMob and our ad partners deliver in-app ads and the rewarded offerwall. They see your anonymous device identifier and the ad request context so they can serve a relevant ad. They do not receive your email, birthday, or your onboarding answers.

3.2 Merchants

When a merchant runs a campaign, we match users to their criteria and show their offer inside the app. Merchants receive aggregate reporting only: segment counts and campaign performance totals. We apply a 50-user privacy floor so reports never identify any individual. Merchants never receive your name, email, phone, birthday, IP address, device identifier, or your raw answers.

3.3 Merchant-site pixels and custom audiences

Some of our merchant partners install a Birthday Hunter pixel on their own websites so they can measure whether the offers we send drive sales, and so they can reach Birthday Hunter audiences again on their own sites or ad accounts. When you redeem an offer and click through to a merchant's site, the pixel can record that you arrived from Birthday Hunter and which offer you used. We share only the minimum needed to attribute the visit. We never share your name, email, phone, birthday, or onboarding answers with the merchant or its ad platform. You can opt out of this in Settings > Privacy > Personalization.

Merchants may also upload customer email lists to build custom audiences. We hash those emails and match them against our user base to build the audience. Hashed emails for people who are not Birthday Hunter users at upload time are retained so we can recognize you if you sign up later — at which point you would be added to that merchant's audience automatically. We never receive plaintext emails for people who are not on the platform, and we never email or contact those addresses on the merchant's behalf.

3.4 Off-platform retargeting (where enabled)

Where we have explicitly enabled it, we may show you Birthday Hunter reminders on other apps and sites you visit, so people who started a redemption can come back and finish it. This is gated by a feature setting and is off by default in many regions. You can opt out in Settings > Privacy > Personalization or by using your device's advertising controls.

3.5 Legal and safety disclosures

We may disclose information when we believe in good faith that it is required to comply with a valid legal process, enforce our Terms, protect Birthday Hunter or our users, or respond to fraud and security issues.

3.6 Business transfers

If Birthday Hunter is involved in a merger, acquisition, financing, or sale of assets, user information may transfer to the successor. If that happens we will notify you, and the successor will be bound to this Privacy Policy or an equivalent one for data collected before the transfer.

4. Cookies and similar technologies (website)

On birthdayhunter.com we use cookies and local storage to keep you logged in, remember your preferences, prevent duplicate submissions, and run aggregate analytics (Google Analytics 4 and Microsoft Clarity, with text masking turned on). You can clear or block cookies in your browser. Doing so may log you out and break some features.

5. How long we keep it

• Account data (email, phone, birthday, display name): kept while your account is active. When you delete your account, we delete or anonymize it within 14 days, and rotate it out of backups within 90 days after that.
• Onboarding answers: kept while your account is active. You can edit or clear any answer in your profile.
• How you used the app (views, searches, sessions): kept for 24 months and then aged out automatically, unless we need it to investigate fraud or abuse.
• Aggregate, de-identified data: kept indefinitely because it cannot be linked back to you.
• Data held by our processors: governed by each processor's retention policy. Where we have configuration control, we set it to the minimum that still lets us operate.

6. Your privacy rights

You have the following rights wherever you live. Some laws (California, Virginia, Colorado, the EU, and others) add specific rights described below.

6.1 Rights for everyone

• Access. Request a copy of the personal information we hold about you.
• Correction. Update or fix anything you told us, directly in the app or by emailing us.
• Deletion. Delete your account and personal data. We honor it within 14 days (plus up to 90 days for backup rotation).
• Portability. Get a machine-readable export (JSON) of your data.
• Opt out of targeted advertising. We do not engage in cross-site or cross-app advertising targeting, but we honor and confirm this request formally. You can also turn off personalized ranking and get a generic feed.
• Opt out of “sale” or “sharing”. We do not sell or share personal information as those terms are defined by law, so there is nothing to opt out of, but we honor and confirm such requests.
• Non-discrimination. We will not deny service, charge a different price, or give you a worse experience because you exercised a privacy right.

To exercise any right, email hello@birthdayhunter.com with “Privacy Request” in the subject, or use Settings > Privacy in the app. We verify requests using your logged-in account and, if needed, a confirmation link to your account email. We respond within the timelines required by law (typically 45 days, extendable once by another 45 with notice under CCPA/CPRA and similar statutes). If we deny a request, we will explain why and how to appeal.

6.2 California residents (CCPA / CPRA)

In the last 12 months we collected the categories of personal information listed in Section 1, for the business purposes listed in Section 2. Under the CCPA categories, we collect:

• Identifiers (email, phone, device identifier)
• Customer records (name, password hash)
• Characteristics of protected classifications: age and birthday, and marital status if you choose to share it. We do not use these for discriminatory purposes.
• Commercial information (subscription status, deal redemptions)
• Internet or network activity (in-app usage, in-app search)
• Geolocation: approximate, from your ZIP code (not precise GPS unless you explicitly allow it)
• Inferences drawn from the above (category and brand affinities)

Right to know. You have the right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties we share it with. See Sections 1, 2, and 3, and email us to request the specific pieces.

No sale or sharing. In the last 12 months we have not sold or shared (for cross-context behavioral advertising) personal information, and we have no current plans to do so. We do not knowingly sell or share personal information of consumers under 16.

Sensitive personal information. The only categories of sensitive personal information we collect are account credentials (password hash) and, if you provide it, approximate location. We use these only to operate the Service. You can ask us to limit our use of sensitive personal information, and we will honor and confirm such requests.

Notice of financial incentive (rewards program). Our rewards-points program lets you earn points for completing profile questions, referring friends, and engaging with offers. Because we ask for profile information as part of this program, it may be considered a financial incentive under the CCPA. The value of your data to us comes from improving deal matching. We calculate the reasonable value using the cost to collect and process the data (hosting, engineering, moderation), offset by the rewards issued. Joining is voluntary, free, and you can withdraw at any time by emailing us. You keep points already earned unless they were earned through abuse.

Authorized agents. You may designate an authorized agent to make a CCPA request on your behalf. We will require written proof of the agent's authority and will verify the request directly with you.

6.3 Virginia, Colorado, Connecticut, and other U.S. state residents

If you live in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas, Oregon, or another U.S. state with a comprehensive privacy law, you have rights substantially similar to the California rights above: access, correction, deletion, portability, and opt-out of targeted advertising, sale, or certain profiling that produces legal or similarly significant effects. We do not engage in the profiling or sale that would require the last opt-out, but we honor and confirm such requests.

You can appeal any decision we make on a rights request by replying to our response email. If you are not satisfied with the outcome of your appeal, you can contact your state attorney general.

6.4 EEA, UK, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, the GDPR and equivalent laws apply. In that case:

• Controller. Birthday Hunter is the data controller for personal data processed through the Service.
• Legal bases. We rely on (a) contract performance to run your account and deliver the Service you signed up for; (b) legitimate interests to measure and improve the Service, prevent fraud, and secure our systems (balanced against your rights); (c) consent for optional marketing emails, push notifications, and any precise location use, which you can withdraw at any time; (d) legal obligation where the law requires us to retain or disclose data.
• Your GDPR rights. Access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent.
• Automated decision-making. We use algorithmic ranking to personalize the deal feed. This is not legally significant decision-making in the sense of GDPR Article 22, and you can ask us to turn personalization off and receive a non-personalized feed.
• International transfers. Your data is processed in the United States and other countries where our processors operate. Where required, we rely on Standard Contractual Clauses and supplementary measures to safeguard transfers.
• Right to lodge a complaint. You can complain to your local data protection authority.

7. How we keep it safe

We use industry-standard measures: TLS in transit, encryption at rest for our primary database, hashed passwords, least-privilege internal access, audit logging, and vendor security reviews. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. If you think your account has been compromised, contact us right away.

8. Children's privacy

Birthday Hunter is for users 13 or older. We do not knowingly collect personal information from children under 13. Accounts for users aged 13 to 17 are placed in a restricted mode:

• They are not included in merchant audience-intelligence queries.
• We minimize data shared with third-party analytics, and we do not share personal information with third parties for any targeted-advertising purpose.
• Some features (such as the rewarded offerwall) are disabled or restricted.

If you are a parent or guardian and you think a child under 13 has created an account, contact us and we will delete the account and the data associated with it.

9. International users

Birthday Hunter is operated from the United States. If you use the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our processors operate. See Section 6.4 for the safeguards that apply to EEA, UK, and Swiss users.

10. Links to merchant sites

The Service contains links to merchant websites and offers. Once you leave our app or site, the merchant's privacy policy applies. We are not responsible for their practices, and we recommend reading their policy before sharing personal information with them.

11. Do Not Track and Global Privacy Control

Our website responds to the Global Privacy Control (GPC) signal from supported browsers as a valid request to opt out of any “sale” or “sharing” of personal information under applicable state law. Because we do not sell or share as those terms are defined, the GPC signal is treated as a confirmed opt-out on record. We do not currently respond to “Do Not Track” browser headers because there is no industry consensus on how to do so.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify you by email (to the address on your account) and by an in-app banner at least 30 days before it takes effect, unless a shorter period is required by law. The “Last updated” date at the top always reflects the most recent revision. Continuing to use the Service after the effective date counts as accepting the updated policy.

13. Contact us

If you have questions, concerns, or privacy requests, contact us at:

• Email: hello@birthdayhunter.com (put “Privacy Request” in the subject for data-rights requests).
• Mail: Birthday Hunter, 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801, USA