← Back to app

Privacy Policy

Effective date: 2026-01-06

Privacy Policy — Wishlist & Wishlist Extension

1) What this service is

Wishlist is a web app for creating and sharing wishlists, with an optional browser extension that helps capture items while browsing.

2) Information we collect

A) Information you provide in the Wishlist web app

  • Account identifiers such as email address and username.
  • Wishlist content you create, like item titles, notes, links, and images you add.

B) Information the Extension collects when you use it

The extension reads the active tab’s URL/title only when the user opens the popup and chooses to add an item.

  • Optional variant fields: colour/style/version.
  • Any item details you confirm in the extension popup.

C) Authentication and security information

  • Tokens stored locally in Chrome storage.
  • Session and login metadata needed to keep you signed in and protect your account.

D) Server and security logs

  • IP address.
  • Timestamps.
  • Requested URLs.
  • User agent.

3) How we use information

  • Provide and maintain the Wishlist service and extension.
  • Sync items between your browser and your account.
  • Support account access, authentication, and security.

4) Legal basis for processing (UK GDPR)

  • Contract: to provide accounts and the wishlist service.
  • Legitimate interests: to secure the service and prevent abuse (via limited logs).

5) How information is shared

No selling data; no advertising.

  • With service providers only as needed to operate the service (for example, domain/DNS or infrastructure tools).
  • If required by law.

If you choose to make a supporter contribution, payments are handled by a payment provider and we do not store card details.

6) Data storage and retention

  • Account data (email, username, wishlist content): kept until you delete your account.
  • Reverse proxy access logs: retained up to 35 days.
  • Reverse proxy error logs: retained up to 90 days.
  • Tokens stored in the browser: stored locally until you remove the extension, clear browser storage, or revoke access.

Some technical logs may be rotated automatically as part of normal operations.

7) Security

We use HTTPS for our hosted service.

We take reasonable measures to protect your data in transit and at rest, including access controls, rate limiting to deter abuse, and secure handling of passwords and authentication tokens.

8) Your rights and choices

  • Access, correct, or delete your account data.
  • Export your data (portability) and object to or request restriction of processing.
  • Remove items, revoke access, or delete your account.
  • Disable or remove the extension if you do not want it to collect data.

You also have the right to complain to the UK Information Commissioner’s Office (ICO).

9) Children’s privacy

The service is not directed to children, and we do not knowingly collect personal information from children.

10) Changes to this policy

We may update this policy from time to time; we will post changes on this page with a new effective date.

11) Contact

Data controller: Andy Cockerill (operator of Wishlist)

Email: cockerill.andrew@gmail.com