Privacy Policy

Wrapped is operated by Ziora Labs LTD, a Nigerian-registered company. For EU and UK users, we comply with the GDPR (EU) and UK GDPR; for California users, with the CCPA / CPRA. Entity details are in the page header.

Account

Name and email, via Clerk.

Preferences

Role, niches, regions, weekly load, delivery time, and notification toggles, the values you set inside the app.

Behaviour

Cards kept / skipped / saved, deck completion, and the feedback ratings you give us.

Device

OS, app version, push token (only when notifications are enabled).

Payments

Paddle handles billing; we store only your subscription status and plan. We never see your card number.

Location beyond country level. Contacts. Microphone, camera, or biometrics. Cross-app advertising IDs (IDFA / GAID). Browsing history outside Wrapped.

• To deliver your weekly wrap, curation, ranking, personalisation.
• To send your Monday wrap email companion.
• To run the service, billing, support, security investigations.
• For analytics in PostHog, anonymised after 90 days.
• We never sell your data. Ever.

Free-tier sponsored cards are selected by niche, never by your personal data. Advertisers never see who you are.

Card text is generated by Anthropic's Claude models via the Vercel AI Gateway. Your preferences are sent to the model only as part of generating your wrap; per Anthropic's API terms, that data is not used to train models. Anthropic's data-handling policy: anthropic.com/legal/privacy.

Account data is retained as long as your account is active. On deletion, your data is fully wiped within 30 days (this allows for backup overlap). Behavioural data is anonymised after 90 days.

• Access, export, and delete your data anytime from Preferences or by emailing privacy@wrapped.hive.spot.
• EU / UK users have full GDPR rights, including objection to processing, restriction, portability, and the right to lodge a complaint with your supervisory authority.
• California users have full CCPA / CPRA rights, including the right to know, delete, correct, and opt out of sale (we do not sell data).

Wrapped is not directed at users under 16. We do not knowingly collect data from minors. If you believe a minor has signed up, contact us at privacy@wrapped.hive.spot and we will delete the account.

Data may be processed in the US, EU, and Nigeria. Standard Contractual Clauses (SCCs) are in place for EU→US transfers with our sub-processors.

Connections use HTTPS only. Sessions are handled by Clerk; passwords (rare, most users sign in via SSO) are bcrypt-hashed. Error monitoring runs in Sentry with PII scrubbed at source.

See our Cookie Policy for the full list.

We will notify you by email plus an in-app banner at least 30 days before any material change takes effect.

Email us at privacy@wrapped.hive.spot. Entity details are in the page header.