Privacy Policy

Last updated: November 8, 2025

1. Data Collection

We collect information you provide directly when using wish.now:

  • Account information: email address, name, and phone number
  • Wish content: titles, descriptions, categories, locations, and budgets
  • Protocol and AI usage: which payment protocol and AI assistant you use
  • Trust and moderation data: trust scores, moderation history

2. How We Use Your Data

Your data is used for:

  • Platform operation: processing wishes, matching with providers, facilitating payments
  • Safety and security: fraud prevention, content moderation, abuse detection
  • Analytics: improving platform performance and user experience
  • Legal compliance: meeting regulatory obligations

3. Payment Data

wish.now supports two payment protocols:

  • Google AP2: payment mandates are processed through Google Pay. We store mandate references but not payment credentials.
  • Stripe ACP: checkout sessions are handled by Stripe. Card details never touch our servers.

All financial calculations are performed server-side. We never trust client-side amounts.

4. Data Storage and Security

  • Data is stored in Supabase PostgreSQL with Row-Level Security on all tables
  • API requests are protected by ECDSA signatures and nonce-based replay prevention
  • All connections use HTTPS/TLS encryption
  • Rate limiting prevents abuse (100 requests/minute per user)

5. AI Processing

wish.now uses AI for:

  • Content moderation: Claude AI analyzes wish content for safety (4-layer system)
  • Protocol detection: automatic selection of optimal payment protocol
  • Natural language extraction: parsing voice input into structured wish data

Voice input uses the browser-native Web Speech API. Audio is processed locally in your browser and is never sent to our servers.

6. Data Sharing

We do not sell your personal data. We share data only with:

  • Payment processors: Google Pay and Stripe, to process transactions
  • Service providers: matched providers see wish details (not your account data)
  • Legal authorities: when required by law or to protect safety

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential data processing

8. Cookies and Tracking

We use httpOnly session cookies for authentication. We do not use third-party tracking cookies or advertising pixels.

9. Children's Privacy

wish.now is not intended for users under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

For privacy inquiries:

Related Policies

Terms of Service Acceptable Use Policy Community Guidelines