Envy Privacy Policy

Last updated: March 21, 2026

Welcome to Envy. This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our wishlist management application, accessible via our website, mobile application, and browser extension (hereinafter "the Service").

By using Envy, you agree to the practices described in this policy.

1. Data Controller

The data controller for personal data collected via Envy is the publisher of the Envy application.

For any questions regarding the protection of your data, you can contact us via the integrated support chat in the application or by email.

2. Personal Data Collected

2.1 Account Data

When creating your account and using the Service, we collect the following data:

Display Name (pseudonym)
Email Address
Profile Picture (optional)
Date of Birth (optional)
Biography (optional)
Last Login Date

2.2 Authentication Data

Session Token (JWT)
Authentication data via third-party providers (OAuth), if applicable

2.3 Wishlist-Related Data

Name, description, and type of the list (wishlist, Christmas, birthday, birth, wedding, housewarming, baptism)
URLs of added products
Images, titles, and prices of products
Personalized descriptions
Archiving and collaboration status
Order of wishes in the lists

2.4 Interaction Data

Subscriptions to other users' lists
Wish reservations (which user reserved which wish)
Votes on wishes
Notifications (read/unread)

2.5 Notification Preferences

Email, push, and in-app notification settings for the following events: list subscription, wish reservation, list archiving

2.6 Navigation Data

Language preferences (stored locally in your browser)

3. Purposes of Processing

Your personal data is processed for the following purposes:

Purpose	Legal Basis
Creation and management of your account	Performance of contract
Management of wishlists and interactions	Performance of contract
Sending notifications (email, push, in-app)	Consent / Legitimate interest
Enrichment of product data (extracting information from URLs)	Legitimate interest
Customer support via integrated chat	Legitimate interest
Improvement of the Service	Legitimate interest
Insertion of affiliate links in product URLs	Legitimate interest

4. Data Sharing with Third Parties

We use the following subcontractors and third-party services to ensure the operation of the Service:

Service	Role	Data Shared
Supabase	Hosting, database, authentication, file storage	All account and usage data
Resend	Sending transactional emails	Email address, notification content
Crisp	Support chat and customer service	Conversation data, user identifier
OpenAI	Product data extraction via artificial intelligence	URLs and content of product pages
Amazon Product Advertising API	Retrieval of Amazon product information	Amazon product URLs

Affiliate Links

Envy participates in affiliate programs. The URLs of products added to your lists may be automatically enriched with affiliate identifiers for the following merchants:

Amazon (via Amazon Associates)
Darty, Fnac, Rakuten, Alibaba, Cultura, Rue du Commerce (via the Awin network)

This means that if you or another user makes a purchase via a link from Envy, we may receive a commission. No personal data is shared with these affiliate programs beyond what is transmitted by your browser when clicking the link.

5. Retention Period

Your personal data is kept as long as your account is active. In the event of the deletion of your account, your data is permanently deleted from our systems.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration, including:

Encryption of communications via HTTPS/TLS
Secure authentication via JWT tokens
Password storage in hashed form
Restricted access to server-side data

7. Your Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

Right of access: gain confirmation that your data is being processed and receive a copy of it
Right to rectification: correct inaccurate or incomplete personal data
Right to erasure: request the deletion of your personal data (you can delete your account directly from the application)
Right to restriction of processing: request the restriction of the processing of your data
Right to portability: receive your data in a structured, machine-readable format
Right to object: object to the processing of your data based on legitimate interest
Right to withdraw your consent at any time, when processing is based on consent

To exercise your rights, contact us via the integrated support chat in the application.

In the event of a dispute, you can file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr.

8. Cookies and Local Storage

Envy uses your browser's local storage (localStorage) to:

Keep your language preferences
Manage your authentication session

We do not use advertising tracking cookies. The support chat widget (Crisp) may use its own cookies for conversation tracking.

9. International Data Transfers

Some of our subcontractors may process your data outside the European Union. In this case, we ensure that appropriate safeguards are in place (standard contractual clauses, adequacy decision of the European Commission, or any other mechanism recognized by the GDPR).

10. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time. In the event of a substantial modification, we will inform you via a notification in the application or by email. The date of the last update is indicated at the top of this document.

11. Contact

For any questions regarding this Privacy Policy or your personal data, you can contact us:

Via the support chat integrated into the Envy application
By email at the address indicated in the application

This privacy policy is drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).