1. Introduction
Do Not Wish LLC (“Do Not Wish,” “we,” “our,” or “us”) is the data controller responsible for personal information collected through our website, mobile applications, and marketplace platform (collectively, the “Services”). Our participating brands, boutiques, and sellers are referred to as “Partners.”
This Privacy Policy explains how we collect, use, retain, disclose,disclose, retain, transfer, and protect personal information in connection with the Services. It also describes the rights you have over your information and how to exercise them.
The Services are not directed to individuals under 13 years of age, or under 16 in jurisdictions with a higher minimum age. We do not knowingly collect personal information from children without verifiable parental consent.
2. Information We Collect About You
2.1 Information You Provide
When you create an account, make a purchase, list an item on the marketplace, or contact us, you may provide:
Contact and identity details: name, email address, phone number, and mailing address
Account information: login credentials, preferences, and saved settings
Transaction data: items purchased or listed, order details, pricing, and return history
Payment information, which is processed by authorized payment processors; we do not store full card details
Communications you send to our customer service team
2.2 Information Collected Automatically
When you interact with the Services, we and our technology partners automatically collect:
Device and connection data: device type, operating system, IP address, and browser
Usage and behavioral data: pages visited, search activity, browsing patterns, and session behavior
Location data: general geographic region inferred from IP address or, where enabled, device location
Cookie and tracking data: see Section 5 for details
2.3 Information from Third Parties
We may receive information about you from:
Social authentication providers such as Apple or Google when you use them to sign in
Analytics and advertising partners who provide audience and performance insights
Third-party services that help us improve personalization, recommendations, and platform experiences
2.4 Partner & Vendor Information
Where businesses, brands, boutiques, suppliers, or marketplace participants engage with the Services as Partners, we may collect business registration details, operational contacts, inventory submissions, fulfillment information, payout and billing details, account credentials, communications, and marketplace performance information.
3. How We Use Information
3.1 Marketplace Operations
We use personal information primarily to operate the marketplace and deliver the Services. This includes facilitating transactions, order fulfillment, and returns; supporting Partner coordination and inventory redistribution; managing your account; providing customer support; and maintaining platform performance and integrity.to operate, maintain, and improve the marketplace and related Services. This includes facilitating transactions, supporting order fulfillment and returns, coordinating Partner operations and inventory redistribution, managing accounts, providing customer support, maintaining marketplace integrity, and supporting platform functionality.
We may also use operational and marketplace data to support inventory positioning, marketplace performance, fraud monitoring, and platform optimization.
3.2 Personalization & Analytics
We use behavioral and transactional data to surface relevant inventory, power recommendation systems, and improve marketplace experiences. We may also use third-party analytics and demographic insights to improve platform performance, inventory discovery, and user engagement.
3.3 Automated Systems
We may use automated systems, machine learning, and personalization technologies to support marketplace experiences, product recommendations, fraud prevention, and platform functionality. Where required by law, we will provide additional notice and the opportunity to object.
Sustainability & Impact Data: Aggregated and anonymized data related torelating to sustainability, redistribution activity, circularity, environmental impact, and emissions-related metrics may be used for operational analysis, marketplace insights, impact reporting, and ESG purposesrelated purposes. This data does not identify individual users.
3.4 Security & Trust
We use personal information to verify identities, detect and prevent fraud, and protect the safety of users, Partners, and the marketplace.
3.5 Marketing & Communications
Where you have consented or where applicable law permits, we send promotional communications about products, services, and marketplace activity. You may opt out at any time through your account preferences or the unsubscribe mechanism in any marketing message.
3.6 Legal & Compliance
We use personal information to comply with applicable laws, respond to legal process, enforce our agreements, and retain records as required.
3.7 Legal Bases for Processing
We process personal information on the basis of: (a) contractual necessity, to provide the Services you have requested; (b) legal obligation, where required by applicable law; (c) legitimate interests, to operate and improve the marketplace, prevent fraud, and communicate relevant information, balanced against your privacy rights; and (d) consent, where specifically required and revocable at any time. Our primary legitimate interests include: operating and securing the marketplace platform; detecting and preventing fraud and abuse; improving platform performance and user experience; and sending relevant communications to existing users. A summary of our Legitimate Interests Assessment (LIA) is available on request at privacy@donotwish.com.
4. Sharing & Service Providers
We do not sell your personal information for monetary compensation. We share information only as described below.
4.1 Marketplace Partners
When you transact through the marketplace, we share the information necessary to fulfill that transaction—such as your name, delivery address, and order details—with the relevant Partner. Partners are responsible for their own privacy practices with respect to information they independently process.
Partners are independently responsible for the information they collect, process, or retain outside the Services or beyond the scope of transaction fulfillment and marketplace operations. We require all Partners to agree to data handling standards as a condition of participation; however, we encourage you to review the privacy policies of Partners you transact with directly.
4.2 Service Providers
We engage service providers to support marketplace operations, such as payment processing, logistics and delivery, fraud prevention, customer service infrastructure, cloud hosting, marketing technology, and analytics. These providers access personal information only as necessary to perform their contracted functions.
4.3 Advertising Partners
With your consent or where otherwise permitted, we may share limited identifiers with advertising and social media platforms to deliver relevant advertising on our behalf. Text messaging opt-in data and mobile information will not be shared with third parties for marketing purposes.
4.4 Legal & Safety Disclosures
We may disclose personal information to law enforcement, regulators, or courts when required by law or legal process, or to protect the rights, property, or safety of Do Not Wish, our users, or others. Where permitted, we will notify you of such requests.
4.5 Corporate Transactions
In connection with a merger, acquisition, reorganization, or asset sale, personal information may be transferred as part of that transaction. We will provide notice as required by applicable law.
4.6 Aggregated Data
We may share aggregated, anonymized data that cannot identify individual users with Partners, investors, and service providers to support marketplace research and operational planning.
5. Cookies & Tracking Technologies
We use cookies and similar technologies to operate the Services, remember your preferences, measure performance, and support personalized experiences.
5.1 Cookie Inventory
The table below lists the non-essential cookies and similar technologies we deploy. Strictly necessary cookies (required for authentication, session management, and fraud prevention) cannot be disabled and are not listed here. This inventory is reviewed and updated periodically; the current version reflects our cookie stack as of the date of this Policy.
| Cookie Name | Provider | Category | Purpose | Retention |
|---|---|---|---|---|
| _ga | Performance | Google Analytics — distinguishes users and tracks sessions for platform analytics. | 2 years | |
| _ga_[ID] | Performance | Google Analytics 4 — persists session state for GA4 measurement. | 2 years | |
| _fbp | Meta | Targeting | Meta Pixel — identifies browsers for ad conversion tracking and retargeting. | 90 days |
| ttclid | TikTok | Targeting | TikTok Pixel — tracks ad clicks and conversions from TikTok campaigns. | Session / 13 months |
| dnw_locale [verify name] | Do Not Wish | Functional | Stores language and regional preferences to deliver a consistent browsing experience. | 1 year |
| dnw_cookie_consent [verify name] | Do Not Wish | Functional | Records your cookie consent choices to avoid re-prompting on return visits. | 6 months |
Note: Cookie names marked [ID] include a property-specific identifier suffix.
Third-party cookie practices are governed by the respective provider’s privacy policy.
This table will be updated as our technology stack evolves.
5.2 Advertising & Analytics Technologies
We may use advertising and analytics technologies—including tools provided by Meta, TikTok, and similar platforms—to evaluate campaign performance, understand audience engagement, and support relevant advertising experiences.
5.3 Managing Preferences
You may accept or decline non-essential cookies through our cookie preference banner or through your browser settings. To opt out of interest-based advertising, visit youronlinechoices.eu or aboutads.info/choices. Do Not Wish does not currently respond to browser Do Not Track (DNT) signals; however, we do honor Global Privacy Control (GPC) signals as described in the US State Privacy Rights Addendum. Disabling certain cookies may affect the functionality of the Services.
6. International Transfers
Do Not Wish operates globally. Your personal information may be transferred to and processed in jurisdictions outside your country of residence, where data protection laws may differ from those in your jurisdiction. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or contractual necessity for transaction fulfillment.
7. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, satisfy legal and regulatory requirements, and support any disputes or enforcement actions.
As a general guide: account data is retained while your account is active and for a reasonable period thereafter; transaction and billing records are retained for up to ten years as required by applicable tax lawtransaction, billing, and operational records may be retained for up to ten years where required by applicable tax, accounting, fraud prevention, or legal obligations; marketing data is retained for up to two years from your last interaction or until you withdraw consent; and application data such as job submissions is retained for up to six months.
When data is no longer required, it is permanently deleted or irreversibly anonymized.
8. Your Privacy Rights
Subject to applicable law, you have the following rights with respect to your personal information:
Access – Request a copy of the personal information we hold about you
Correction – Request that inaccurate or incomplete information be corrected
Erasure – Request deletion of your information where no longer necessary or lawfully retained
Restriction – Request that we limit processing while we assess a correction or objection
Objection – Object to processing based on our legitimate interests, including for marketing
Portability – Receive your information in a structured, machine-readable format
Withdrawal of Consent – Revoke consent at any time without affecting prior processing
Residents of California, Virginia, and Texas have additional rights under applicable state law, including the right to opt out of the sale or sharing of personal information. See the US State Privacy Rights Addendum below.
To submit a rights request, complete our Data Subject Request Form or contact us at privacy@donotwish.com. We respond within the timeframes required under applicable law. Identity verification may be required before we process your request.
9. How We Protect Your Information
We apply industry-standard technical and organizational safeguards to protect personal information, including encryption in transit and at rest, access controls, tokenization of payment credentials, regular security monitoring, and periodic penetration testing. Our infrastructure and security controls are designed and maintained in alignment with SOC 2 Type II principles; documentation of our security practices is available to enterprise Partners on request under NDA. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach and will inform affected individuals without undue delay where required by law. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
10. Children’s Privacy
The Services are not intended for individuals under 13, or under 16 in jurisdictions with a higher minimum age. Jurisdictions with a higher age threshold include EU and EEA member states under the GDPR (where member states may set the threshold between 13 and 16), the United Kingdom under the UK GDPR and Age Appropriate Design Code (13, with heightened protections up to 18), and US states including Texas and Florida that have enacted children’s online safety laws establishing heightened protections for minors up to 18. In the United States, our practices are designed to comply with the Children’s Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children. If we become aware that a child has provided information without appropriate consent, we will promptly delete it. Contact us at privacy@donotwish.com if you have concerns.
11. Contact Us
Do Not Wish LLC
New York, New York
privacy@donotwish.com
Data Subject Request Form: donotwish.com/privacy-request
If your concern is not resolved to your satisfaction, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
EU/UK Representative: Do Not Wish maintains an EU/UK representative function for the purposes of Article 27 GDPR and UK GDPR. EU and UK residents with data protection enquiries may contact us at: privacy@donotwish.com.
Data Protection Officer: Where required by applicable law, Do Not Wish has designated or will designate a Data Protection Officer. Data protection enquiries, including those addressed to the DPO, may be submitted to: privacy@donotwish.com.
12. Updates to This Policy
We may update this Policy periodically to reflect changes in our practices, legal requirements, or the evolution of the marketplace. Material changes will be communicated by email or through a notice on the Services. The date at the top of this document reflects the most current version.
As the marketplace evolves, certain features, services, technologies, or operational processes described in this Policy may change, expand, or be replaced.
ADDENDUM: US STATE PRIVACY RIGHTS
Applicable to Residents of California, Virginia, and Texas
This Addendum supplements the Privacy Policy above and applies to residents of California, Virginia, and Texas, in compliance with the CCPA/CPRA, VCDPA, and TDPSA. Capitalized terms carry the meanings defined in those laws.
Categories of Personal Information Collected
Over the preceding 12 months, we have collected:
Identifiers: name, email, phone, mailing address, IP address, device identifiers, and internal account IDs
Personal information as defined under State Privacy Laws: contact details, gender, and payment card information
Commercial information: transaction history, order details, and purchase behavior
Internet and electronic activity: browsing behavior, device session data, search queries, and platform interactions
Geolocation data: general location derived from IP address or, where enabled, device location
Inferences: derived from activity and transaction history to support personalization and recommendations
We do not sell biometric personal information or use sensitive personal information beyond the purposes described in this Policy.
Opt-Out of Sale or Sharing
Certain advertising technologies we use may constitute a sale or sharing of personal information under State Privacy Laws. You may opt out via the Do Not Sell or Share My Personal Information link in our website footer, or by broadcasting a Global Privacy Control (GPC) signal from your browser. Opt-outs are device and browser specific.
Automated Decision-Making
We do not use automated decision-making in ways that produce legal or similarly significant effects on users. Where we introduce such systems in the future, we will provide notice and, where required, an opportunity to opt out.
Non-Discrimination
Exercising any of your privacy rights will not result in denial of goods or services, different pricing, or a reduced level of experience.
Submitting Requests
Submit rights requests using our Data Subject Request Form or by contacting privacy@donotwish.com. We respond in compliance with applicable State Privacy Law timelines. Denied requests may be appealed by contacting us directly.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. To verify an agent-submitted request, we require: (a) written and signed permission from you authorizing the agent to act on your behalf, or a valid power of attorney; and (b) independent verification of your identity directly with you, unless a power of attorney has been provided. We may deny a request from an agent who cannot satisfy these requirements. Agent requests may be submitted via our Data Subject Request Form at donotwish.com/privacy-request.
California Business Contact Information
California residents who share business contact details with Do Not Wish in a professional context retain the same privacy rights described above. This processing is based on our legitimate interest in maintaining professional relationships.