FAQLeader board
Sign inCreate wishlist
Privacy Policy
Privacy Policy

Last Updated: 7 August 2025

1. Introduction
Welcome to Big Wish (“Big Wish,” “we,” “our,” or “us”), a digital gifting platform accessible at https://bigwish.com and through any associated mobile applications (collectively, the “Platform”). The Platform is owned and operated by BIG WISH LTD, a private limited liability company incorporated under the laws of the Republic of Cyprus, with company registration number HE 452670 and registered office at Archiepiskopou Makariou III, 140, RAPTOPOULOS BUILDING, 3021, Limassol, Cyprus.
This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information when you use our website https://bigwish.com (“Platform”), including as a creator, fan, or visitor.
By using Big Wish, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue using the Platform.
2. Who We Are

Data Controller:

BIG WISH LTD

Archiepiskopou Makariou III, 140 RAPTOPOULOS BUILDING, 3021, Limassol, Cyprus

Email: office@bigwish.com

We are the data controller responsible for the collection and processing of your personal data on the Platform in accordance with the General Data Protection Regulation (GDPR) and applicable Cyprus law.

3. Categories of Data We Collect

We collect personal data directly from you, automatically from your use of the Platform, and from third parties. We do not intentionally collect special categories of personal data within the meaning of Article 9 of the GDPR (such as information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health data, or data concerning a natural person’s sex life or sexual orientation). If you voluntarily provide such information through any part of the Platform, it will be processed only to the extent necessary for the specific service and in compliance with applicable law.

3.1 Data You Provide to Us

When you use Big Wish, we may collect the following personal data:

  • Identification and contact information: Full name, email address, phone number (if provided)
  • Account details: Username, password, display name, profile image, banner image, wishlist content
  • Payout & verification: Legal name, national ID/passport (for verification), connected payment account details
  • Communication data: Messages sent to support, feedback, and form submissions

3.2 Automatically Collected Data

When you visit or use the Platform, we may automatically collect:

  • Technical data:
    IP address, browser type and version, operating system, device type, model, language, screen resolution
  • Usage data:
    Pages visited and time spent, clicks and interactions, referral URL, date and time of access, error and debug logs
  • Cookies and tracking technologies:
    • Session cookies (expire after the session)
    • Persistent cookies (remain on device)
    • Tracking cookies (used for analytics and marketing)

3.3 Data We Receive from Third Parties

We may receive additional data about you from:

  • Social media platforms (e.g. Instagram, TikTok, Facebook):
    Public profile data, interactions with our content (e.g. likes, shares, mentions), and referral info
  • Analytics and marketing tools (e.g. Google Analytics, Meta Pixel):
    Usage statistics, traffic sources, demographic insights, and campaign performance
  • Advertising and affiliate partners:
    Information about your interactions with ads, referrals, and conversions
  • Payment or verification providers:
    Identity verification status and linked payment details
4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance user experience, analyze traffic, and support advertising.

The types of cookies we use include:

  • Essential cookies: necessary for Platform operation and security.
  • Preference cookies: save user settings such as language preferences and login state.
  • Analytics cookies: measure usage, such as time spent on pages and user interactions.
  • Marketing cookies: track user behavior to enable retargeting ads.

Technologies we use include:

  • Google Analytics, which provides data on site usage and behavior.
  • Facebook Pixel, used for ad targeting and conversion tracking.

You can manage your cookie preferences through your browser settings or via our cookie banner.

5. Purpose and Legal Basis for Data Processing

We process your personal data only when we have a valid legal basis under Article 6 of the GDPR:

  • Account registration and login: processed on the basis of performance of a contract.
  • Providing services and features: processed based on performance of a contract.
  • Payment processing: processed based on performance of a contract and/or legal obligation.
  • Responding to inquiries: processed based on legitimate interest or consent.
  • Sending notifications: processed based on legitimate interest or consent.
  • Analytics and site optimization: processed based on legitimate interest.
  • Marketing and advertising: processed based on consent.
  • Fraud prevention and security: processed based on legitimate interest and/or legal obligation.

We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects.

6. How We Use Your Data

We use your data to:

  • Register and manage user accounts (Creators and Fans)
  • Enable Creators to build and share wishlists, and facilitate interactions between Creators and Fans
  • Enable Fans to contribute to gifts via secure payment systems and process payouts
  • Process transactions, verify identity where required, and maintain accurate payment records
  • Communicate with you regarding account updates, offers, events, surveys, or changes to our policies and procedures
  • Respond to user inquiries, feedback, and support requests
  • Send you promotional messages, targeted content, and ads via email, social media, and other channels (only if you consent)
  • Collect feedback, record your preferences, and analyze usage to improve user experience and develop new features
  • Administer and operate our business, including record-keeping, troubleshooting, complaint resolution, and relationship management
  • Work with trusted third-party service providers (e.g., hosting, analytics, marketing, payment processing, security) to deliver our services efficiently
  • Monitor our systems, networks, and user activity for security, auditing, and fraud prevention purposes
  • Enforce our Terms and Conditions, prevent abuse, and detect suspicious activities (including using third-party alerts)
  • Comply with legal obligations, resolve disputes, and respond to requests from regulators or law enforcement
  • Manage corporate transactions such as mergers, acquisitions, or reorganizations
7. Third Parties and Data Sharing

We share your data with carefully selected third parties only when necessary to provide our services or comply with legal obligations.

For example:

  • Stripe and Centrobill for payment processing and payouts.
  • Google Analytics for website analytics.
  • Meta Platforms (Facebook) for advertising and pixel tracking.
  • Email service providers for sending system notifications.
  • Cloud hosting providers (such as DigitalOcean) for server infrastructure and data storage.

All our service providers are required to implement appropriate data protection measures and act solely under our instructions.

8. International Data Transfers and Applicable Laws

Big Wish is a global platform used by individuals worldwide. While we primarily comply with the European Union's General Data Protection Regulation (GDPR), we also respect applicable privacy laws in other jurisdictions.

Personal data may be transferred and processed in countries outside your own, including the European Economic Area (EEA) and others. Where such transfers occur, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure your data is protected in accordance with international standards.

9. Privacy Rights by Region

9.1 European Union (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the GDPR, including the right to access, correct, erase, restrict processing, data portability, object to processing, and withdraw consent. More information about your rights is provided in Section 11.

9.2 California, USA (CCPA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information is collected about you and how it is used or shared
  • The right to request deletion of your personal information, subject to certain exceptions
  • The right to opt-out of the sale of your personal information (Note: We do not sell personal information)
  • The right to non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, please contact us at office@bigwish.com.

9.3 Brazil (LGPD)

Residents of Brazil have rights under the Lei Geral de Proteção de Dados (LGPD), which include the right to confirm the existence of data processing, access data, correct incomplete or outdated data, anonymize, block or delete unnecessary data, and revoke consent.

You can exercise these rights by contacting us via the contact information provided.

9.4 Other Jurisdictions

If you are located in other regions, your personal data protection rights may vary depending on local laws. We strive to respect these rights and encourage you to contact us if you have questions or requests related to your personal data.

10. Data Storage and Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable laws and regulations. Specifically:

  • Active accounts - Personal data is stored for as long as your account remains active so that we can provide you with access to the Platform and its features.
  • User-initiated deletion - If you request deletion of your account or specific data, we will erase the relevant personal data within a reasonable timeframe, unless retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).
  • Legal obligations - Certain data (such as financial and transaction records) must be retained for statutory periods under applicable accounting, tax, or anti-fraud laws, even after account deletion.

We perform regular backups to protect against accidental loss or corruption of data. These backups are retained for a limited period and are securely stored with restricted access. Data stored in backups will be deleted when the backup is overwritten or otherwise reaches the end of its retention cycle.

11. Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You have the right to correct any inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): You can request deletion of your personal data.
  • Restriction of processing: You may ask us to temporarily limit how we use your data.
  • Data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Object to processing: You can object to the processing of your data based on our legitimate interests.
  • Withdraw consent: You can revoke your consent at any time, for example, for marketing communications.
  • Opt out of communications: You may unsubscribe from marketing or platform-related emails.

To exercise any of these rights, email us at: office@bigwish.com

We will respond to your request in accordance with applicable laws and within the legally mandated timeframe (typically within 30 days). You may also lodge a complaint with the Cyprus Data Protection Commissioner at www.dataprotection.gov.cy.

12. Children's Privacy

Big Wish is intended for individuals aged 18 years and older, or the age at which you have full legal capacity under your local laws (which in some jurisdictions may be 16 years).

We do not offer our services to children under 13 years of age under any circumstances. If we become aware that we have collected personal data from anyone under 13, we will delete such data without delay.

13. Data Security

We apply industry-standard technical and organizational measures, including:

  • TLS/SSL encryption (for data in transit)
  • Encrypted storage
  • Multi-level user access control
  • Regular data backups
  • Internal access logs and monitoring

Although no system is 100% secure, we take all reasonable steps to protect your information.

Data Breach Policy: We maintain an incident response plan to address personal data breaches. In the event of a breach affecting personal data, we will promptly assess the risk, take appropriate mitigation measures, and notify affected individuals and the relevant supervisory authority in accordance with Articles 33 and 34 of the GDPR.

14. Social Login and Integrations

We offer account registration and login via social platforms such as:

  • Google
  • Facebook
  • Instagram

If you use these services, we receive your public profile data and email address, as allowed by each platform.

Future third-party integrations may be introduced and will be covered by updated privacy terms.

15. Updates to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be published on this page and, if significant, communicated via email or in-app notification.

16. Contact Us

If you have questions or requests regarding your personal data, contact:

Big Wish Ltd
Archiepiskopou Makariou III, 140
RAPTOPOULOS BUILDING, 3021, Limassol, Cyprus
Email: office@bigwish.com