Privacy Policy

Effective: 20 April 2026 · Last updated: 20 April 2026 · Version: 3.0 · View history

1. Who we are

Budling Technologies, Inc. ("Budling," "we," "us," "our") is a Delaware corporation with its principal place of business in the United States. We operate budling.com and related services (the "Service").

Under US privacy laws, we act as a business (California), a controller (Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, and similar states), and an operator (Children's Online Privacy Protection Act). Under UK and EU GDPR, we act as a controller for your direct information and as a processor for information you provide about your child — see Section 8.

You can contact our Privacy Officer at privacy@budling.com, or by mail to the address in Section 21.

2. Information we collect

Information you provide directly

• Account information: your name, email address, and a password (stored as a bcrypt/argon2 hash — never in plain text)
• Registry information: your child's first name, approximate age or date of birth (optional), planned event date, selected gift categories, and wishlist items
• Photos and videos you upload: media you choose to add to your registry, plus any photos or videos contributors attach to a gift
• Contribution information: when someone contributes to your registry, we collect their name, email, contribution amount, and any note, photo or video they choose to attach
• Bank and payout information: provided directly to Stripe, not to Budling, when you configure payouts
• Payment information: collected entirely by Stripe. Budling never receives, sees, or stores your card number, CVV, or bank account credentials
• Communications: messages sent to support, replies to our emails, and feedback you choose to submit

Information we collect automatically

• Device and browser information: IP address, browser type, operating system, device identifiers, screen dimensions, and time zone
• Usage information: pages visited, features used, actions taken, timestamps, and referral source
• Cookies and similar technologies: as described in Section 16

Information we do not collect

• Social Security numbers, driver's license numbers, or other government identifiers (Stripe may collect these separately for identity verification on payouts above certain thresholds; they are not transmitted to Budling)
• Precise geolocation
• Racial or ethnic origin, religious beliefs, health information, sexual orientation, or political opinions
• Biometric identifiers or genetic data
• Contents of communications between you and contributors outside of our platform

3. How we use your information

We use information only for the specific purposes listed below:

• Providing the Service: creating and maintaining registries, processing contributions through Stripe, delivering notifications, displaying wishlist items, and storing the notes, photos and videos contributors attach to gifts
• Account security: authenticating logins, detecting fraud, preventing account takeovers, and enforcing our Terms of Service
• Customer support: responding to your questions and resolving issues
• Service improvement: aggregated, pseudonymized analytics to identify bugs, measure feature adoption, and guide product decisions — never tied to individual identities in any reports
• Fraud and financial compliance: detecting suspicious activity, preventing chargebacks and money laundering, and maintaining records required by financial regulations
• Communications you've opted into: product updates, feature announcements, and educational content — only with your consent, with a one-click unsubscribe in every email
• Legal compliance: tax records, responses to valid legal process, and protecting rights or safety when required

4. Legal bases for processing

For users whose processing is governed by the EU GDPR, UK GDPR, or similar laws, we rely on the following legal bases:

• Performance of a contract — providing the Service you signed up for (account setup, registry operation, payment processing)
• Legitimate interests — fraud prevention, security, product improvement, and direct Service communications, balanced against your rights. You can object at any time
• Consent — marketing communications, non-essential cookies, and any processing requiring affirmative consent. You can withdraw consent at any time
• Legal obligation — tax records, anti-money-laundering compliance, and responses to lawful legal process

5. Who we share data with

We share your information only with the categories of recipients below, and only to the extent necessary:

• Stripe, Inc. — our payment processor. Stripe acts as our service provider (CCPA) / processor (GDPR) for payment execution, and as a separate business/controller for fraud prevention, identity verification, and its own regulatory compliance. Stripe's privacy practices are governed by Stripe's privacy policy
• Infrastructure and hosting providers — cloud hosting, database providers, email delivery services (for transactional email), and security tools, all operating under written data processing agreements that limit their use of your data to providing services to us
• Analytics provider — a privacy-respecting provider that does not create advertising profiles or share data with ad networks. We share only pseudonymized usage information, not your identity
• Affiliate networks (Amazon Associates, Etsy via Awin) — when you click through to a retailer from a registry, the retailer sets its own cookie for purchase attribution. We do not share your name, email, or registry contents with these retailers. California users: see Section 13 for CCPA-specific disclosures about this relationship
• 529 plan administrators (UGift, Ascensus, and similar) — if you use the optional UGift integration, the savings contribution flow takes place entirely on the 529 plan administrator's platform. Budling does not receive, hold, or transmit 529 contributions — we provide a link-out only
• Professional advisors — accountants, auditors, and lawyers bound by confidentiality obligations
• Corporate transactions — if Budling is involved in a merger, acquisition, financing, or sale of substantially all assets, your information may be transferred. We will notify you by email at least 30 days in advance, and you may export or delete your data before any transfer completes
• Legal process — when required by valid subpoena, court order, or other legal process, or to protect our rights, property, or users' safety. Where legally permitted, we will notify you before disclosing your information and challenge overbroad requests

6. Payments and the agent-of-the-payee role

Understanding the payment flow helps clarify how your data moves.

When a contributor sends a gift to your registry, the payment is processed by Stripe using Stripe Connect. Budling acts as your agent (the registry parent's agent) for the limited purpose of receiving contributions on your behalf. Funds are held in a Stripe-managed account associated with your registry and released to your linked bank account when you request a payout.

Data implications of this structure:

• We do not store card numbers. The contributor's card details go directly from their browser to Stripe through a secure embedded form. We receive only a token representing the successful payment, plus basic non-sensitive metadata (name, email, amount)
• We do not have custody of the funds. Money is held by Stripe's regulated payment infrastructure, not in a Budling operating account. This is important both for security and for regulatory clarity
• Your payout bank account goes directly to Stripe. When you link a bank account for payouts, you provide that information to Stripe through their hosted interface. Budling never receives the account number
• Unclaimed contributions: if a registry is abandoned or a parent never onboards for payouts, contributions are automatically refunded to the original payment source after 120 days. Budling does not have the ability to redirect or retain those funds

All contributions on Budling are processed by Stripe — we don't support direct peer-to-peer transfers like Venmo or PayPal.

7. Notes, photos and videos

This section describes how we handle the personal content contributors attach to gifts, and the photos parents add to their registry.

Notes from contributors

When someone contributes to your registry, they can leave a short note alongside the gift. Notes are visible only to you on your dashboard, paired with each contribution.

• Stored at rest: notes are encrypted at rest in our database
• Access by the registry owner: the registered parent or guardian can read notes from the dashboard as soon as a contribution is paid
• Export: you can export your contributions, including notes, from your dashboard at any time

Photos and videos

Contributors may attach a photo or short video to their gift, and parents can upload registry cover photos. All of this media is private by default and visible only to the registry owner.

• Media is never used by Budling for marketing, advertising, or testimonials — binding commitment, not discretionary
• Media is never shared with third parties, including analytics providers
• Media is not used as training data for any machine-learning system
• You can delete any media from your dashboard at any time; cached copies are purged within 30 days
• Most EXIF metadata (including GPS coordinates) is stripped from photos at upload time

8. Children's data and COPPA

This is the section that matters most to most of our users. We've designed Budling specifically to comply with the Children's Online Privacy Protection Act (COPPA), the California Age-Appropriate Design Code, and the general principles of privacy-by-design for minors.

Our core framing

Budling is a parent-directed platform. All interactions with our Service are performed by adult parents or legal guardians on behalf of their children. We do not have child user accounts. Children do not sign in, browse, or directly interact with Budling in any way.

Information about a child is provided exclusively by the parent, who acts as our authorized source of truth for that information and who retains full control over what is collected, what is displayed, and what is deleted.

What we process about children

• First name (required to create a registry)
• Approximate age or date of birth (optional; used for age-appropriate suggestions and countdown displays)
• Photos that the parent chooses to upload
• Notes, photos and videos attached to a gift by contributors

What we don't collect or use about children

Privacy-by-default settings

• New registries default to "link-only" visibility. The registry is not findable through our public search, not listed in the find-a-registry directory, and carries noindex and nofollow meta tags preventing search engine indexing
• The public directory is opt-in, not opt-out. Parents must take an affirmative action to list a registry publicly, and we require a re-confirmation every 12 months
• Public listings show first names only. Even when opted in, a registry displays only the child's first name, approximate age, and event type. No last name, no full birth date, no location beyond a general region if the parent chooses to provide one
• Photos in public view are blurred or replaced with illustrated avatars unless the parent takes a separate affirmative action to display them

Parent controls

The parent can, at any time:

• Review all information Budling holds about their child through the dashboard
• Export a complete archive of their child's data
• Delete specific items or the entire registry, which removes the associated data from our active systems within 30 days
• Request deletion of backup copies, which complete within 90 days
• Withdraw consent for specific processing activities, such as the public directory listing

See Section 9 for the consent mechanism we use for children's data processing.

9. Verifiable parental consent

Because our processing of children's information begins only when a parent creates a registry, we obtain verifiable parental consent at the point of account creation using a COPPA-compliant method.

Our consent mechanism

We verify parental identity using a combination approach accepted by the FTC:

1. Email verification: the parent must confirm their email address through a unique link before the registry becomes active
2. Payment card verification: before any contribution is processed, we confirm the parent is reachable at a real billing address via a nominal transaction verification through Stripe. For registries that will never receive contributions (if any), we use an alternative step 3 below
3. Affirmative consent statement: before creating the registry, the parent must affirmatively confirm they are the parent or legal guardian, are 18 or older, and consent to Budling processing information about their child as described in this policy

For users in jurisdictions that require stricter consent mechanisms or who request it, we also offer:

• Signed consent form returned by mail or digital signature service
• Video call with a trained staff member for identity confirmation
• Government-issued ID match through a compliant identity verification provider

Parental access and review

At any time, a parent can:

• Review everything we hold about their child by logging in to the dashboard
• Request a full data export by emailing privacy@budling.com
• Delete information or the entire registry
• Revoke consent, at which point we will delete the child's information within 30 days (subject to financial-compliance retention for completed transactions)

If you believe a registry has been created without parental consent, or contains information about a child without proper authorization, contact privacy@budling.com and we will investigate within 5 business days.

10. How long we keep data

We retain personal information only as long as necessary for the purposes described in this policy, applicable legal requirements, or the time needed to resolve disputes. Specific retention periods:

11. How we protect your data

Technical safeguards

• Encryption in transit: all connections to budling.com use HTTPS with modern TLS protocols (TLS 1.2 minimum, TLS 1.3 preferred)
• Encryption at rest: sensitive data including contributor notes, account credentials, and bank account references is encrypted using AES-256
• Password handling: passwords are stored using slow-hash algorithms (bcrypt or argon2) with per-user salts. Plaintext passwords are never stored, transmitted, or logged
• Payment security: card data is handled entirely by Stripe, which is certified to PCI DSS Level 1. Budling's integration qualifies for PCI DSS SAQ-A compliance because we never receive or store card data
• Key management: encryption keys are managed through a dedicated key management service with rotation, audit logging, and access controls

Administrative safeguards

• Access controls: access to production data is restricted to a limited set of authorized personnel, requires multi-factor authentication, and is logged
• Security reviews: we conduct regular internal security reviews and will engage independent penetration testing on at least an annual cadence as Budling reaches appropriate scale
• Employee training: all staff with access to personal information receive privacy and security training at onboarding and annually thereafter
• Vendor due diligence: we evaluate the security practices of every vendor before granting access to personal information and require written data processing agreements

Responsible disclosure

Security researchers can report vulnerabilities to security@budling.com. We commit to:

• Responding to initial reports within 5 business days
• Working in good faith to remediate verified vulnerabilities
• Not pursuing legal action against researchers acting in good faith, in accordance with our security disclosure policy
• Acknowledging researchers publicly (with permission) when their work improves user safety

No security measure is perfect. Despite our efforts, we cannot guarantee absolute security. If a breach occurs, we will follow the procedure in Section 17.

12. Your privacy rights

Depending on where you live, you have some or all of the following rights regarding your personal information. We honor these rights for all users regardless of location, as a matter of policy.

How to exercise your rights

• Most rights can be exercised directly from your dashboard (Account → Privacy and data)
• Alternatively, email privacy@budling.com from the email address associated with your account
• We verify your identity by confirming control of your account email and, for sensitive requests, an additional verification step such as a recent transaction detail
• We respond within 45 days. In complex cases, we may extend by up to an additional 45 days with written notice explaining the delay
• For authorized agents acting on someone's behalf, we require written authorization and independent identity verification of the consumer
• If we deny a request, you can appeal by replying to our denial email. Appeals are handled by a different person, and we will provide the final determination within 45 days
• There is no fee for these requests except in cases of clearly excessive or repetitive requests, in which case we will explain the basis for any fee before proceeding

13. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the rights described above plus the additional disclosures here.

Categories of personal information collected (preceding 12 months)

• Identifiers: name, email, IP address, account ID
• Customer records: name, payment information via Stripe (we receive only a token)
• Commercial information: registry contents, contribution history
• Internet or network activity: browsing and usage patterns on budling.com
• Inferences: age category preferences derived from registry configuration
• Sensitive personal information: account login credentials only, used exclusively to authenticate you

Categories of personal information disclosed for a business purpose

• Identifiers and payment tokens to Stripe for payment processing
• Identifiers and usage data to infrastructure providers for hosting and delivery
• Pseudonymized identifiers to our analytics provider for product improvement

"Sale" and "Sharing" under CCPA

California law defines "sale" and "sharing" broadly. These terms can include non-monetary disclosures of personal information for cross-context behavioral advertising.

• We do not sell personal information for money.
• We do not engage in cross-context behavioral advertising.
• Affiliate cookies (Amazon, Etsy): when you click an affiliate link, the retailer sets a cookie for attribution. In an abundance of caution, we treat this arrangement as potentially classified as "sharing" under CCPA. You can opt out by (a) disabling third-party cookies in your browser, (b) using a browser that sends a Global Privacy Control (GPC) signal, (c) using our cookie preference center, or (d) emailing privacy@budling.com
• We do not knowingly sell or share the personal information of consumers under 16 without affirmative authorization, as required by CCPA § 1798.120(c)

Sensitive personal information (CPRA)

The only "sensitive personal information" we collect is your account login credentials, used solely to authenticate you. We do not use sensitive personal information beyond the purposes permitted by CCPA § 1798.121(a), so the right to limit use does not apply. If you provide sensitive information to Stripe for identity verification (for example, for payouts above certain thresholds), that information is handled under Stripe's own privacy practices.

Shine the Light

California Civil Code § 1798.83 ("Shine the Light") permits California residents to request information about disclosures of personal information to third parties for those third parties' direct marketing. We do not disclose personal information to third parties for their direct marketing purposes.

14. Other state privacy laws

Residents of the following states have substantially similar rights to those described above, which we honor for all users:

• Virginia (Virginia Consumer Data Protection Act)
• Colorado (Colorado Privacy Act)
• Connecticut (Connecticut Data Privacy Act)
• Utah (Utah Consumer Privacy Act)
• Texas (Texas Data Privacy and Security Act)
• Florida (Florida Digital Bill of Rights)
• Oregon (Oregon Consumer Privacy Act)
• Montana, Delaware, Iowa, Indiana, New Jersey, New Hampshire, Tennessee, and other states with comprehensive privacy laws

To exercise your rights under any of these laws, use the same methods as described for California residents: your dashboard or privacy@budling.com. We do not engage in targeted advertising or profile-based automated decisions that produce legal or similarly significant effects, so opt-outs for those activities are unnecessary — but we will respect them preemptively for any user who submits them.

Residents of applicable states retain the right to appeal our denial of a rights request by replying to our denial response. If your appeal is denied, you have the right to contact your state attorney general's office.

15. International users

Budling is a United States-based service and our infrastructure is hosted in the United States. If you access Budling from outside the United States, your personal information will be transferred to, stored, and processed in the United States.

For users in the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate legal mechanisms for cross-border transfer, including:

• Standard Contractual Clauses with service providers that process data on our behalf
• Where applicable, our certification under the EU-US Data Privacy Framework and the UK Extension (we will disclose certification status publicly once completed)

You may contact privacy@budling.com for details on the specific transfer mechanism applicable to your data, or to request a copy of the relevant Standard Contractual Clauses.

EEA and UK users retain the right to lodge a complaint with their local supervisory authority.

16. Cookies and tracking

Essential cookies

Used to keep you logged in, remember your preferences, secure your session, and protect against cross-site request forgery. These cannot be disabled without breaking the Service.

Analytics cookies

We use a privacy-respecting analytics provider that does not build advertising profiles or share data with ad networks. You can disable analytics cookies through our cookie preference center or your browser settings.

Affiliate cookies

When you click through to Amazon or Etsy from a registry suggestion, the retailer sets its own cookie for purchase attribution. We receive a commission if you purchase through these links, which helps keep core Budling features free. To opt out, disable third-party cookies, send a GPC signal, or use our cookie preference center.

What we do not use

• No advertising pixels (Meta/Facebook, TikTok, Google Ads, LinkedIn, Pinterest, or similar)
• No cross-site behavioral tracking
• No session replay or heatmap tools on pages containing personal information
• No fingerprinting for tracking purposes (we use basic device fingerprinting only for fraud prevention)

17. Data breach notification

If we experience a data breach that is reasonably likely to result in harm to you, we will:

• Notify affected users without unreasonable delay, and in any event within the timeframes required by applicable law (generally 72 hours under GDPR; varies by state under US law but typically 30-60 days)
• Describe the nature of the breach, the categories of information involved, the approximate number of affected users, and the steps we are taking in response
• Provide practical advice on protective steps you can take, and where applicable offer identity-monitoring services at our expense
• Notify relevant regulators, state attorneys general, and credit reporting agencies where required by law
• Publish a public summary of the incident and lessons learned

18. Automated decision-making

Budling does not make decisions about you using solely automated processing that produces legal or similarly significant effects. We use automated systems for:

• Fraud and spam detection: flagging unusual transactions or account activity for human review. No account is closed or transaction blocked based solely on automated output — a human reviews material decisions
• Content moderation: flagging potentially inappropriate content in notes, photos or videos for human review
• Service personalization: suggesting age-appropriate registry categories and products based on the age you provide

You have the right to request human review of any automated decision that affects you, and to contest such decisions.

19. Do Not Track and Global Privacy Control

Most browsers include a "Do Not Track" signal. Because there is no industry consensus on how to respond to DNT signals, our Service does not currently respond to them.

However, we do honor the Global Privacy Control (GPC) signal sent by compatible browsers as a valid opt-out of sale and sharing under applicable state privacy laws. When we receive a GPC signal from your browser, we automatically opt the associated session out of affiliate cookie participation and any similar activities that might be classified as a sale or sharing.

20. Changes to this policy

We may update this policy from time to time to reflect changes to the Service, our practices, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top
• Notify registered users by email at least 30 days before the change takes effect, unless applicable law requires a shorter timeline
• For significant changes that materially reduce your rights, require your affirmative consent before continued use of the Service, and provide an opportunity to export or delete your data first
• Maintain an archive of previous versions with change logs

21. Contact us