Privacy Policy

A plain-English explanation of what Prankwish collects, why, who can see it, and how to control your data. No legalese fog, no surprises.

On this page

What we collect
Why we collect it
Who we share it with
Payment data
Cookies and tracking
How long we keep data
Your rights
Security
Contact us

1. What we collect

Prankwish only collects what is needed to deliver the order you commissioned. Specifically:

Account and order dataEmail at checkout, recipient name, occasion, personalization brief, delivery preferences, order history.

Payment dataCard details are tokenized by the PCI-compliant gateway. We store only the last four digits and card brand for receipts.

Communication dataLive-chat transcripts, email replies, revision and refund requests connected to your order.

Technical dataIP address, device, browser, pages visited, referrer — collected by analytics for site reliability and abuse prevention.

2. Why we collect it

To deliver the video you ordered — the personalization brief is shared with the assigned creator only.
To send order updates — checkout confirmation, status changes, delivery notification, revision and refund updates.
To support you — handle revision requests, refunds, and live-chat questions.
To prevent fraud — detect duplicate accounts, payment fraud, brief abuse and content-policy violations.
To improve the service — anonymized analytics on which products perform well, where users drop off in the flow, what to fix.

Prankwish does not sell personal data. The narrow list of parties who see your data:

Assigned creator — sees only the personalization brief, recipient name, occasion, and any pronunciation hints. The creator does not see your billing details or payment info.
Payment processor — handles card processing under PCI-DSS rules. Receives only the data necessary to complete the charge.
Email and hosting providers — deliver transactional emails and host the platform under contractual data-processing agreements.
Analytics providers — receive anonymized event data (page views, conversion funnel) with no personally identifiable details.
Legal requests — disclosed only when compelled by law (court order, lawful subpoena), and with the narrowest possible scope.

4. How payment data is protected

Card numbers never touch the Prankwish serversThe checkout form is rendered by the PCI-DSS-certified gateway. Card data is tokenized in your browser and exchanged for a token, which is what Prankwish stores. Even a complete server compromise cannot expose your card details.

The site uses HTTPS end-to-end with a current TLS certificate. Receipts show only the last 4 digits and card brand for your reference.

5. Cookies and tracking

Prankwish uses the minimum cookies needed for the platform to work:

Session cookies — keep you logged into your order detail page during a browsing session.
Preferences — remember language, dark mode, and dismissed banners.
Analytics — measure site performance and conversion. You can opt out via the cookie banner.

No third-party advertising or retargeting cookies are set by default.

6. How long we keep data

Order data — 24 months from delivery, used for revisions, disputes, and tax records.
Personalization briefs — 90 days post-delivery, then anonymized.
Chat transcripts — 6 months unless they are part of an open dispute.
Payment tokens — only as long as required by the payment processor; full card data never stored.
Analytics events — 14 months in aggregated form.

You can request earlier deletion at any time — see Your Rights below.

7. Your rights

AccessRequest a copy of all data Prankwish holds about you. Delivered within 30 days.

CorrectionFix incorrect personal data — name spelling, email address, brief details.

DeletionRequest deletion of your data, subject to legal retention requirements.

PortabilityReceive your data in a machine-readable format to move to another service.

ObjectObject to specific processing activities (e.g., analytics) without losing service.

Withdraw consentWithdraw consent for optional data uses at any time without affecting prior processing.

To exercise any right, email support@prankwish.com from the email address used at checkout. We respond within 30 days.

8. Security

HTTPS end-to-end with current TLS.
PCI-DSS-certified payment gateway; card data tokenized.
Encrypted storage for personal data.
Role-based internal access — only the support crew and the assigned creator see order content.
Continuous platform monitoring and security patching.
Annual security review and access audit.

9. Children

Prankwish is intended for adults (18+). We do not knowingly collect data from minors. If you believe a minor has placed an order, contact us so we can void it and delete the data.

10. International transfers

The platform is operated globally; some data may be processed in countries outside your home jurisdiction by infrastructure providers operating under standard data-protection contractual clauses.

11. Updates to this policy

This policy may be updated to reflect changes in the service, infrastructure, or law. Material changes will be announced by email to active customers and posted at the top of this page. The version live on this page is always the active policy.

Last reviewed: 2026-05-01.

12. Contact us

Privacy questions, data-rights requests, or compliance enquiries: email support@prankwish.com or open the live chat on any page. We respond to privacy requests within 30 days.