QuickWishlist
Legal

Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how QuickWishlist (the «Service») collects, uses, and protects users' personal data, in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

1. Data controller

Carlos Tenor
Spain
Contact: carlos@tenorsoftware.com

2. Data we collect

  • Email address: required to authenticate you via magic link.
  • Wishlist content: titles, product URLs, prices, images, and notes that you voluntarily add.
  • Technical data: IP address, user-agent, and timestamps, collected for security and abuse prevention.

We do not use tracking cookies or third-party analytics. The only cookie we set is the session cookie, strictly necessary for the Service to function.

3. Purpose of processing

  • To authenticate your access to the Service.
  • To store and display the wishlists you create.
  • To generate product previews by extracting metadata from URLs you paste.
  • To prevent abuse and ensure the security of the Service.

4. Legal basis

  • Performance of a contract (Art. 6(1)(b) GDPR): to provide the Service you request.
  • Legitimate interest (Art. 6(1)(f) GDPR): to prevent fraud and maintain security.
  • Consent (Art. 6(1)(a) GDPR): to send the sign-in link to your email.

5. Recipients and third parties

We share strictly necessary data with the following processors:

  • Mailgun (transactional emails — magic links). Transfer to the U.S. under the European Commission's Standard Contractual Clauses.
  • OpenAI (occasional product metadata extraction as a fallback when OG/JSON-LD are unavailable). Transfer to the U.S. under Standard Contractual Clauses.
  • Hosting provider for the Service's infrastructure.

We do not sell or disclose personal data to third parties for commercial purposes.

6. Data retention

We retain your data while you maintain an active account. You may request deletion of your account and associated data at any time by emailing carlos@tenorsoftware.com. Technical logs are retained for a maximum of 90 days.

7. International transfers

Some processors (Mailgun, OpenAI) operate from the U.S. These transfers are protected by the European Commission's Standard Contractual Clauses (SCC).

8. Your rights

You may exercise your rights of access, rectification, deletion, objection, restriction of processing, and portability at any time by writing to carlos@tenorsoftware.com.

If your request is not properly addressed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD): aepd.es.

9. Security

We apply reasonable technical and organizational measures: TLS encryption in transit, hashing of authentication tokens, restricted data access, and backups.

10. Changes to this policy

We may update this policy. Material changes will be communicated via email to active accounts.