Beta · Free to try · No ads
← Back home
Privacy policy

How we handle your information.

Last updated: March 3, 2026

This Privacy Policy describes how The Wishing Well ("we", "us", "our") collects, uses, and shares information when you use our website and services, including the Wishing Well app available at https://www.wellwishes.ai (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Who we are & how to contact us

The Service is operated by The Wishing Well.

If you have questions about this policy or your data, you can contact us at privacy@wellwishes.ai.

2. Who can use The Wishing Well

The Wishing Well is intended for adults aged 18 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

3. Information we collect

We collect information in three main ways: information you provide, information collected automatically, and information from third-party providers.

3.1 Information you provide directly

  • Account information: email address, password (stored securely via our authentication provider, not in plain text), and optional display name.
  • Well and wish content: well details (occasion, title, tone, privacy settings, recipient name/email) and wish content (video recordings, text messages, contributor display name, and optional contributor email).
  • Support and feedback: messages you send us via feedback forms, support requests, or email, and any contact details you include.

3.2 Information collected automatically

  • Usage and device information: IP address, browser type and version, operating system and device type (mobile / tablet / desktop), screen resolution and viewport size, pages visited and paths (for example /auth, /create-a-well, /contribute/...), timestamps, referring URLs, and basic interaction events.
  • Cookies and similar technologies: authentication cookies and tokens to keep you signed in, analytics cookies for Mixpanel to understand how the Service is used, and preference cookies to remember basic settings. You can control cookies through your browser settings, but disabling certain cookies may impact how the Service functions.

3.3 Information from third-party providers

If you choose to sign in using a third-party provider, we receive limited information from them, such as your email address and a unique identifier used to link your provider account to your Wishing Well account. These providers include, for example, Google, Apple, and Facebook (Meta).

4. How we use your information

  • To provide and maintain the Service: create and manage your account; let you create wells and contribute wishes; display wells and wishes to recipients and contributors according to the privacy settings you choose.
  • To enable authentication and security: authenticate users via email/password or OAuth providers (Google, Apple, Facebook); detect and prevent fraud, abuse, and security incidents; and protect the integrity of wells and wishes.
  • To process payments: when you choose to make donations or purchase premium features, we use Stripe to process payments. We do not store full payment card details; those are handled by Stripe.
  • To communicate with you: send transactional emails (for example confirmations, invites, notifications); respond to support and feedback; and send important service-related updates.
  • To improve and analyze the Service: understand how people use the app and flows (for example well creation, invite sharing, wish contribution); measure usage by device type and screen size; and monitor performance, reliability, and error rates.

We process this information based on your consent (for example certain analytics), performance of a contract (providing the Service you requested), and our legitimate interests (for example security and improving the Service).

5. How we share your information

We do not sell your personal information. We may share information with:

5.1 Service providers

We use trusted third-party providers to operate key parts of the Service, for example:

  • Supabase for authentication, database, and API hosting.
  • Cloudinary for storage and processing of video uploads.
  • Stripe for payment processing for donations and premium features.
  • Pusher / Supabase Realtime for real-time updates (for example new wishes arriving).
  • Mixpanel for product analytics and usage insights.
  • Email providers (for example Resend) for sending transactional emails.
  • Hosting provider (for example Vercel) for hosting the web application.

These providers process your data on our behalf and under data protection agreements where applicable. They are not permitted to use your information for their own marketing purposes based solely on our disclosures.

5.2 Other users, depending on your settings

The purpose of The Wishing Well is to share wishes with recipients and contributors you invite. Depending on your privacy settings:

  • Wells may be visible only to you as the creator, to the recipient, to contributors, or to the public.
  • Wishes (video and text) may be visible only to the recipient, to well contributors, or to anyone who can view the well.

5.3 Legal and safety

We may disclose information if we believe in good faith that it is reasonably necessary to comply with a legal obligation, court order, or lawful request; to protect the safety, rights, or property of you, other users, or the public; or to detect, prevent, or address fraud or security issues.

6. International data transfers

Our Service and many of our third-party providers are based in the United States and/or other countries. Your information may be transferred to and processed in countries that may not have the same data protection laws as your home country. Where required by law, we take steps to ensure that appropriate safeguards are in place, such as standard contractual clauses or other lawful transfer mechanisms.

7. Data retention

We retain your information for as long as is reasonably necessary to provide the Service, comply with legal, tax, or accounting obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we may delete it or anonymize it so that it can no longer be linked to you.

If you delete your account or request deletion, we will remove or anonymize personal data associated with your account, subject to any data we must retain for legal or security reasons.

8. Your rights and choices

Depending on where you live, you may have some or all of the following rights:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion: request that we delete some or all of your personal information.
  • Restriction: request that we limit how we use your information in certain cases.
  • Objection: object to certain types of processing, such as some analytics or marketing uses.
  • Portability: request a machine-readable copy of information you provided.

You can also update certain information via your account or by contacting us, opt out of non-essential emails using unsubscribe links where provided, and control cookies via your browser settings (although disabling some cookies may affect the functionality of the Service).

To exercise any of these rights, please contact us at privacy@wellwishes.ai. We may ask you to verify your identity before responding to your request.

9. Third-party services and links

Our Service may contain links to other websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies before providing them with personal information.

Third-party providers used for authentication (such as Google, Apple, and Facebook) and analytics (such as Mixpanel) may also collect and use information according to their own privacy policies.

10. Security

We use reasonable technical and organizational measures to protect your information, including encrypted connections (HTTPS) between your browser and our servers, access controls for administrative interfaces, and the use of reputable, security-focused third-party providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we may also notify you by email or prominent notice in the app. Your continued use of the Service after changes become effective means you accept the revised policy.

12. How to contact us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal information, you can contact us at privacy@wellwishes.ai.

You can also reach the main site at wellwishes.ai.