Legal

Privacy Policy

Last updated: April 2026

Present Agent ("we," "our," or "us") operates presentagent.vip and its subdomains (occasions.presentagent.vip, store.presentagent.vip). This Privacy Policy describes exactly what information we collect, why we collect it, who we share it with, and your rights regarding that data. We have written this policy against the actual code — not from a boilerplate template — so every claim is traceable to what our systems actually do.

1. Information we collect

1a. Google Calendar & Contacts (when you connect your Google account)

When you sign in with Google, we request the following OAuth scopes from Google's authorization server:

  • https://www.googleapis.com/auth/calendar.readonly — read-only access to your Google Calendar events (to detect upcoming occasions: birthdays, anniversaries, holidays)
  • https://www.googleapis.com/auth/contacts.readonly — read-only access to your primary Google Contacts (names, birthdays, relationships, organizations, interests listed in contact fields)
  • https://www.googleapis.com/auth/contacts.other.readonly — read-only access to your "Other contacts" (people you have emailed but not explicitly added to Contacts)

We persist a subset of contact data into our database ("recipient overlay"): relations, organizations, addresses (city/region/country only — no street address), and interests listed in the contact. This overlay is stored in our SQLite database and used to personalize gift recommendations for that contact.

1b. What we do NOT collect (v0)

We do not read your Gmail. Gmail access is not requested in v0 of Present Agent. Our codebase includes a Gmail scope constant for a future opt-in feature, but it is gated behind a feature flag (NEXT_PUBLIC_ENABLE_GMAIL=false) and no Gmail tokens are requested, stored, or used unless and until that feature ships with a separate, explicit consent flow.

We also do not collect: payment card numbers (handled entirely by Shopify), government IDs, financial account data, or health/medical records.

1c. Information you provide directly

  • Recipient profile data — age range, interests, relationship to you, occasion, budget, personality notes — entered during gift finder conversations
  • Wishlist content — products you save, share, or annotate
  • Feedback and reactions — thumbs up/down, preference signals, freeform notes you leave on recommendations
  • Gift history — products you mark as purchased, occasion, optional giver satisfaction rating
  • Support messages — if you email us or submit a contact form

1d. Information collected automatically

  • Usage events — pages visited, features used, recommendation cards viewed, buy-link clicks, session duration. Stored in oureventstable and mirrored to PostHog (see section 3)
  • Conversation transcripts — your gift finder chat messages are stored in ourconversation_messagestable for quality analysis, and are sent to our recommendation sub-processors to generate picks (see section 3 for the full list)
  • Session recording via PostHog — clicks, scrolls, and interactions on Present Agent pages. Email inputs are masked before recording. Other typed text (gift context, notes) is visible in recordings
  • Channel attribution — UTM parameters and referring URL at session creation, stored ingift_sessions
  • Device and browser information — browser type, operating system, screen size (via PostHog)
  • IP address and approximate location (via PostHog)

1e. Sensitive-inference policy

Our recommendation engine internally gates certain product categories (e.g., products relevant to health conditions or sensitive life situations) to avoid surfacing inappropriate recommendations. These inferences are applied at runtime to filter recommendations — they are never written back to your Google Contacts, persisted as personal data labels, or shared with third parties.

2. How we use your information

  • To generate personalized gift recommendations (recipient profile + gift context is sent to our recommendation sub-processors — see section 3 for the full list and what each one receives)
  • To detect and surface upcoming occasions (calendar events + contact birthdays) in your dashboard
  • To improve recommendation quality over time using the learning loop — feedback signals and gift history let us steer future recommendations for returning users
  • To operate the platform — authentication, session management, wishlist and recipient profile storage
  • To analyze how people use Present Agent and identify where the product can improve (PostHog analytics)
  • To respond to support requests and emails you send us
  • To send transactional communications — Shopify handles order confirmations

We do not sell your personal information or recipient profiles to third parties. We do not use your data to train external AI models.

3. Third-party sub-processors

Anthropic (Claude)

AI recommendation and gift-card generation. Your recipient profile and gift context are sent to Anthropic's API to generate picks. Anthropic's data handling is governed by their API data usage policy. We use claude-sonnet-4 for recommendations and card copy.

Google (Gemini)

Conversational profiling. Your gift finder conversation is processed by Google's Gemini 2.5 Flash API to extract a structured gift context. Google's API data usage policy governs how they handle these inputs.

Google (OAuth / Calendar / Contacts / People API)

Authentication and occasion data. We use Google's OAuth 2.0 flow for sign-in and request calendar.readonly, contacts.readonly, and contacts.other.readonly scopes. Data from the Calendar and People APIs is fetched on your behalf and cached in our database as the recipient overlay.

PostHog

Product analytics and session recording. We use PostHog to understand how users interact with our platform. PostHog records session replays (with email masking), captures custom events (views, clicks, reactions), and stores heatmap data. PostHog data is sent to PostHog's US infrastructure. You can opt out via your browser's Do Not Track signal or by contacting us.

Shopify

E-commerce catalog, cart, and checkout. All purchase transactions are processed through Shopify on store.presentagent.vip. Shopify collects payment data and order information per their privacy policy. We never receive raw payment card numbers.

Railway

Application hosting. Our Next.js app, SQLite database, and background services run on Railway's infrastructure in US-based data centers. Your data at rest is stored on Railway-managed volumes.

4. Cookies and local storage

pa_user

Session cookie. An opaque user ID (UUID) set after Google OAuth login. Used to identify you across requests so your dashboard, recipients, and gift sessions load correctly. Domain: .presentagent.vip (shared across all subdomains). Lifetime: 1 year. HttpOnly; not readable by JavaScript.

pa_oauth_state

Security cookie. A random CSRF token tied to the in-progress Google OAuth flow. Consumed and deleted immediately after the OAuth callback completes. Lifetime: 10 minutes. HttpOnly.

PostHog cookies

PostHog sets cookies (typically ph_* prefixed) to track your session across page loads and record behavioral data (clicks, scrolls, feature interactions). PostHog is only initialized when a PostHog API key is configured. You can disable PostHog tracking via your browser's Do Not Track header or by blocking the PostHog domain in your ad blocker.

Local storage

We store your user ID in localStorage under the key present-agent-user-id as a client-side fallback for passing your identity to API calls. This value mirrors the pa_user cookie and contains no additional personal information.

5. Cross-border data transfers

Present Agent is operated from Canada. Our infrastructure (Railway hosting, Anthropic API, Google Gemini API, PostHog) is located in the United States. If you are located in the EU, UK, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States when you use our service. By using Present Agent, you acknowledge this transfer.

Governing law for this service is the province of Quebec, Canada (see Terms of Service for details).

6. How long we keep your data

We retain your data indefinitely to support the learning loop — past gift history and feedback help us make better recommendations when you return. You can request deletion of your data at any time (see section 7). When we receive a deletion request, we remove your user record, associated recipients, gift sessions, conversation messages, and recipient overlay data. Anonymized, aggregated analytics data (no personal identifiers) may be retained after deletion.

Recommendation cache entries expire automatically after the cache TTL (typically 24 hours). Google OAuth tokens (refresh tokens) are stored until you disconnect your Google account from the dashboard or revoke access at myaccount.google.com/permissions, at which point the token is invalidated by Google and we stop receiving fresh data.

7. Your rights

Depending on your jurisdiction (including GDPR, Canadian PIPEDA, and Quebec Law 25), you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request removal of your account and associated data ("right to be forgotten"). Automated self-serve deletion is a post-launch priority; for now, email us and we will process manually within 30 days
  • Portability — export your recipient profiles and gift history in machine-readable format
  • Opt out of analytics — block PostHog via your browser's Do Not Track setting or an ad blocker
  • Disconnect Google access — revoke our Calendar and Contacts access at any time from your dashboard settings or directly at myaccount.google.com/permissions

To exercise any of these rights, email us at support@presentagent.vip. We will respond within 30 days.

8. Children's privacy

Present Agent is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 13, please contact us immediately at support@presentagent.vip.

9. Changes to this policy

We will update this policy when our data practices change materially. The "Last updated" date at the top of this page reflects the date of the most recent revision. Continued use of Present Agent after a change constitutes acceptance of the updated policy.

10. Contact

For privacy questions, requests, or concerns, email support@presentagent.vip. We are a small team and we read every message.