Skip to content

Legal center

Privacy Policy

What data we use, why, with whom, and your rights.

Effective date
July 13, 2026
Version
2026-07-13
Who it applies to
Merchants, buyers, recipients, visitors, and contacts

In short

  • We use data needed to operate, secure, bill, and improve.
  • Merchant-submitted recipient data is processed under instructions.
  • We do not sell personal data; contact hola@crossup.ai.

1. Scope, controller, and roles

APPS 4 SELLERS CORP controls account, commercial, security, support, billing, and site data. It processes buyer/recipient data under Merchant instructions, while Merchant determines essential purpose and means.

2. Data and sources

We may handle professional identity/contact; account, role, store, settings, catalog, subscription, invoice/payment references, support, IP/device/session/security, usage, performance, consent, and integrations.

Gift data may include names, email/phone, message, delivery, order, amount, currency, status, balance, and redemption from you, Merchant, Tiendanube, integrations, providers, and use. Do not submit sensitive data in free text.

3. Purposes and legal bases

Purposes include contract, authentication, configuration, gift issuance/delivery/reconciliation, billing, support, fraud/security, legal compliance, changes, measurement, improvement, and defense. Typical bases are contract, law, proportionate legitimate interest, and consent for optional marketing where required.

4. Buyers, recipients, and payments

Gift data serves the requested operation, notices, balance/status, fraud, support, and instructions. Merchant provides notice and legal basis; receiving a gift is not marketing enrollment.

Full card data stays with payment providers and must not be sent to support. References, status, amount, currency, receipts, and necessary tax data may remain.

5. Cookies, analytics, and communications

Necessary storage supports session, security, preferences, and locale. Minimized analytics/observability measure errors and performance; non-essential technology waits for consent where required.

Transactional messages are necessary. Promotions include opt-out without blocking operational notices.

6. Providers and integrations

We share only as needed with hosting/database, ecommerce, jobs, storage, auth, payments, invoicing, communications, support, analytics, security, and advisers, or for law, rights, and safeguarded reorganizations. We do not sell or rent data. Selected integrations may be independent controllers.

7. Transfers and retention

Argentina/Brazil transfers use adequacy, approved clauses, corporate rules, or another lawful mechanism plus safeguards. Retention covers service, contract, security, disputes, accounting, and law; uninstall triggers DPA return/deletion, with isolated rotating backups. Irreversibly anonymous metrics may remain.

8. Rights and requests

Depending on jurisdiction, rights include information, access, confirmation, correction, update, portability, anonymization, blocking, deletion, objection, restriction, consent withdrawal, and automated review, plus AAIP/ANPD complaints.

Email hola@crossup.ai with country, relationship, and request. We verify proportionately and respond on time; Merchant-origin data is referred and assisted. No discrimination.

9. Security, incidents, children, and automation

Safeguards include need-to-know access, transit encryption, secrets, logs, backups, tenant isolation, vendor review, and incident response. No transmission is perfect; required notices are made.

Gifty is an adult business service, not child-directed. No solely automated legal-effect decisions are currently made; future use will disclose general logic, impact, and rights.

10. Changes and contact

New versions are posted and material changes notified. Questions and rights: hola@crossup.ai — APPS 4 SELLERS CORP, 470 Ansin Blvd, Suite K, Hallandale Beach, FL 33009, USA.