Skip to main content
Legal

Privacy Policy

Last updated: 2026-04-30

GiftBoxes LLC (“we”, “us”) operates giftboxes.store. This policy explains what personal data we collect, why, and how we protect it. We comply with the UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law / PDPL).

What we collect

  • Account info — email, name, phone (optional), shipping + billing addresses you choose to save.
  • Order data — items you ordered, quantities, total, shipping method, payment status (we never store card numbers — Stripe handles those).
  • Quote requests — name, email, phone, company, requirements.
  • Configurator builds — selections, optional logo files you upload.
  • Cookies & analytics — only after you accept the cookie banner. See “Cookies” below.
  • Server logs — IP address, user agent, request paths. Held for 90 days for security + abuse-detection, then deleted.

How we use it

  • To process and ship your orders.
  • To respond to quote requests and customer support enquiries.
  • To send transactional emails (order confirmation, shipped notification, password reset). These are required for the service and aren’t marketing.
  • To send marketing email only if you opt in. You can unsubscribe at any time via the link in every marketing email.
  • To detect fraud, abuse, and protect the integrity of the service.
  • To comply with UAE legal obligations (tax records, accounting).

Who we share it with

We share data only with the providers we need to run the service:

  • Stripe — payment processing. Card details go directly to Stripe; we never see them.
  • AWS — hosting (RDS, ECS, S3, SES) in ap-south-1 (Mumbai).
  • Couriers — name, address, phone for delivery.
  • Google Analytics + Meta Pixel — only if you accept cookies. IP anonymization is enabled on GA4.

We do not sell or rent your data. We do not share data with third parties for their own marketing.

Cookies

We use a small number of cookies. They fall into two buckets:

  • Essential — session cookie to keep you signed in, cart cookie to remember what you added. These are always on; the site doesn’t work without them.
  • Analytics — Google Analytics + Meta Pixel. These only load after you accept via the cookie banner. You can change your mind via the same banner if you decline first.

Your rights (PDPL)

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (we retain order history for 5 years for tax law).
  • Object to processing or withdraw consent for marketing email.
  • Receive your data in a portable format.
  • Lodge a complaint with the UAE Data Office.

To exercise any of these, email hello@giftboxes.store with the subject “Data request”. We’ll respond within 30 days.

Security

We use HTTPS everywhere, store passwords as bcrypt hashes (never plaintext), rotate secrets regularly, and apply the principle of least privilege to all internal access. Card data is processed by Stripe under PCI-DSS Level 1 and never touches our infrastructure.

Retention

  • Order history — 5 years (UAE tax law).
  • Quote requests — 2 years for sales follow-up; you can request earlier deletion.
  • Server logs — 90 days.
  • Account data — until you delete the account, then up to 90 days for backups.

Children

Our service is not directed at children under 18. We don’t knowingly collect data from them.

Changes

We’ll update this policy as we add features. Material changes will be announced on the homepage and emailed to registered customers. The “Last updated” date at the top reflects the current version.

Contact

Privacy enquiries: hello@giftboxes.store. Postal address available on request via /contact.