Privacy Policy

Tofa is operated by Firstframe LLC, a US limited liability company ("we", "us", or "our"). This policy explains how we collect, use, and protect your personal information when you use gettofa.com.

1. Information We Collect

When you create an account we collect your phone number or email address, display name, and optional birthday and profile photo. We also collect your wishlist items, any preferences you set, and usage data (pages visited, actions taken) to improve the Service.

We also collect phone numbers from non-account-holders (gifters) when they opt into gift reminders for a wishlist item. These phone numbers are stored securely and used solely to send the single SMS gift reminder the gifter requested. We do not use them for marketing or share them with third parties. To request deletion of your phone number, contact us at [email protected].

2. Authentication

Your phone number or email address is used solely for account authentication. We send a one-time passcode via SMS or a sign-in link via email when you log in. We do not send marketing messages or unsolicited communications.

3. SMS Communications

By entering your phone number on our login page you consent to receive a single SMS containing your verification code. Message and data rates may apply. Reply STOP at any time to opt out. For help, reply HELP. SMS delivery is handled by Twilio.

4. Email Communications

By entering your email address on our login page you consent to receive a one-time sign-in link. Transactional emails are sent via Resend from [email protected]. We do not send promotional email without your explicit consent.

5. Analytics & Error Tracking

We use Vercel Analytics to understand how the Service is used. Vercel Analytics is privacy-friendly — it does not use cookies, does not track individuals across sites, and does not collect personally identifiable information. We also use Sentry for error monitoring, which may capture anonymised technical data about errors. You may decline analytics tracking via the consent banner shown on your first visit.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with service providers necessary to operate Tofa: Supabase (data storage), Twilio (SMS), Resend (email), Vercel (hosting and analytics), and Sentry (error monitoring). Each is bound by their own privacy policies.

7. Data Storage & Retention

Your data is stored securely using Supabase (PostgreSQL) with encryption at rest and in transit. We retain your data as long as your account is active. You may delete your account and all associated data at any time from your account settings. You may also export your data at any time from your account settings.

8. Your Rights

You have the right to access, correct, export, or delete your personal data at any time. Account deletion and data export are available directly in the app under Settings → Edit profile. For other requests, contact us at the email below.

9. Contact

Questions about this policy? Email [email protected]. Firstframe LLC, United States.