Privacy Policy

Account information — When you register, we collect your email address and an optional display name. Authentication is handled through Supabase, and passwords are stored using industry-standard hashing; we never have access to your plaintext password.

Wish content — Any text you submit as a wish (up to 500 characters), along with visual customization choices such as star color, shape, trail, and animation settings, is stored as part of your account data.

Payment information — When you purchase premium wish credits, payment is processed by Stripe. We receive a transaction reference, the product purchased, and confirmation of successful payment. We do not receive or store your full credit card number, CVV, or billing address.

Usage data — We may collect non-identifying usage analytics such as page views, feature engagement, browser type, and approximate geographic region to improve product performance and prioritize development.

We use the information collected to authenticate your identity, display your wishes in the galaxy, process and fulfill purchases, deliver account notifications, enforce our Terms of Service, and protect the security and integrity of the platform.

Aggregate, de-identified analytics may be used for product improvement, performance monitoring, and business decisions. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

One Wish uses essential cookies required for authentication session management. These cookies do not track you across other websites and are strictly necessary for the service to function.

We may use privacy-respecting analytics tools that do not rely on cross-site tracking cookies. You can configure your browser to block cookies, though this may prevent you from signing in or using certain features.

We rely on the following third-party providers to operate the service: Supabase (authentication and database hosting), Stripe (payment processing), and Vercel (application hosting). Each provider maintains its own privacy policy and processes data according to its terms.

We select providers that maintain appropriate security practices and data processing standards. However, we encourage you to review the privacy policies of these services independently.

We do not share your personal information except in the following circumstances: (a) with service providers who assist in operating the platform under confidentiality obligations; (b) if required by law, regulation, legal process, or governmental request; (c) to protect the rights, safety, or property of One Wish, our users, or the public; or (d) in connection with a merger, acquisition, or sale of assets, with notice provided to affected users.

Wish content you publish is visible to all visitors of the galaxy by design. Do not include sensitive personal information in your wishes.

Free wishes expire and are removed according to the product lifecycle (30 days). Account records, purchase history, and premium wishes are retained for as long as your account is active or as needed for legal, fraud-prevention, and accounting obligations.

You may request deletion of your account and associated data by contacting onewishsupport@gmail.com. We will process deletion requests within 30 days, subject to any legal retention requirements.

We implement technical and organizational safeguards including encrypted connections (TLS), secure password hashing, role-based access controls, and managed cloud infrastructure. We regularly review our security practices.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Our service providers may process data in jurisdictions outside your country of residence, including the United States. By using One Wish, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your home jurisdiction.

We ensure that any cross-border data transfers are conducted with appropriate safeguards consistent with applicable data protection regulations.

One Wish is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has provided personal information to us, please contact onewishsupport@gmail.com and we will promptly delete the information.

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, restrict or object to certain processing, or withdraw consent. You can update your display name in your account settings at any time.

To exercise any of these rights, contact onewishsupport@gmail.com with the email address associated with your account. We will verify your identity and respond within the timeframe required by applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised.

If we make material changes, we will notify registered users by email or by a prominent notice within the service. Continued use of One Wish after changes take effect constitutes acceptance of the updated policy.