Privacy Policy
Last updated: 11 July 2026
This policy explains what personal data Call Dibs collects, why, and the choices you have. We have written it to be readable rather than exhaustive. If anything is unclear, email hello@calldibs.uk.
Who we are
Call Dibs (“we”, “us”) is operated by Grasshopper Labs, a company registered in England and Wales (company number 17117225) with its registered office at 22 Stephenson Way, Didcot, OX11 9AU. We are the data controller for the personal data described here. You can reach us at hello@calldibs.uk or by post at that address.
The short version
- You can create and share a gift registry without an account.
- We collect only what we need to run the service: registry content, the names and emails people choose to give, and (optionally) a login.
- We do not sell your data, and we do not run advertising trackers.
- Call Dibs never handles money. Group gifts are coordinated between guests off-platform; we hold no payment details.
What we collect
Most personal data is provided directly by you. Some information, such as product titles, prices and images, is obtained from third-party retailer webpages when you choose to import an item.
Registry content you provide
- The registry itself: title, host name, occasion, an optional event date label and note.
- Items you add: title, shop name, product link, price and image. When you paste a product link we fetch that page server-side to read its title, price and image, and we may store a copy of the image. Product images remain the property of their respective owners and are stored solely to display the items you add.
- An optional owner email, used to send your private edit link and to let you recover it later.
Information from guests
- When someone reserves an item (“calls dibs”) they may add a name so others know it is taken. A name is optional.
- For a group gift, the coordinator and contributors provide a name, email, an optional contact (phone or handle) and a pledge amount. The amount is a figure for coordination only; no payment is taken by us. This information may be visible to the registry owner, the group-gift coordinator, and other participants as needed to coordinate that gift.
Accounts (optional)
If you choose to create an account, sign-in is handled by our processor Clerk. Clerk processes your email and authentication details and sets a session cookie. An account simply gives you a single place to find registries you created. The core flows never require one.
Reports and safety
If you report a registry for abuse, we store the reason and any detail you add so we can review it. We keep records of moderation actions.
Technical data
Our infrastructure provider (Cloudflare) processes standard request data such as IP address and timestamps to deliver the service, apply rate limits and protect against abuse. We use this for security and reliability, not to build profiles of you.
The browser extension
The optional Call Dibs browser extension adds the product you are viewing to one of your registries. It is designed to read as little as possible:
- It only acts when you click it. Opening the extension reads product information (title, price, image address and page address) from the tab you are currently viewing, using a permission the browser grants for that tab only. It does not run in the background, does not read other tabs, and does not collect your browsing history.
- That product information is shown to you first, and is sent to calldibs.uk only if you press Add to registry. It is then stored as a registry item, exactly as if you had added it on the website.
- Adding items requires a Call Dibs account. The extension uses Clerk (our sign-in processor, described above) to keep you signed in; its cookie access is used solely for your own session.
- To open quickly, the extension remembers your registry list and your last-used registry on your device. This snapshot stays in your browser's extension storage and is removed when you uninstall the extension.
- The extension contains no advertising, no analytics trackers, and sends data to no one other than calldibs.uk and our processors listed in this policy.
Why we use it, and our lawful basis
Under the UK GDPR we rely on the following bases:
- Contract: to create, display and manage your registry and reservations at your request, and to send the transactional messages you ask for, such as your edit link.
- Legitimate interests: to keep the service secure and reliable, prevent abuse, and respond to reports. We balance these against your rights.
- Consent: for any genuinely optional communications we may introduce in future (for example a newsletter). We do not currently send these, and where we rely on consent you can withdraw it at any time.
- Legal obligation: where we must retain or disclose data to comply with the law.
Who we share it with
We do not sell personal data. We share it only with the service providers (processors) that run Call Dibs, each bound to handle it on our instructions:
- Cloudflare: hosting, our database (D1) and image storage (R2).
- Clerk: authentication, for users who create an account.
- Resend: delivery of transactional email (for example your edit link).
We may also disclose data where required by law, or to protect the rights and safety of users and the public.
International transfers
Cloudflare, Clerk and Resend may process personal data in countries outside the UK or EEA, including the United States. Where they do, the transfer is protected by appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision.
How long we keep it
We keep registry and reservation data for as long as the registry exists. Because access works by secret link, an owner can ask us to delete a registry at any time and we will remove it and its items, reservations and pledges.
- Deleted registries are normally removed from active systems within 30 days, though copies may persist in backups for a limited period before being overwritten.
- Moderation and abuse-prevention records may be retained for up to 24 months.
- Email delivery logs are kept only briefly, for troubleshooting and abuse prevention.
We may keep limited records longer where we have a legal obligation or a clear safety reason to do so.
Your rights
Under the UK GDPR you can ask us to access, correct, delete or restrict your personal data, object to certain processing, or receive it in a portable form. To exercise any of these, email hello@calldibs.uk. We may request information necessary to verify your identity, or your control of the relevant registry or email, before acting on a request.
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
You also have the right to complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk, though we hope you will contact us first.
Cookies
Call Dibs uses only the cookies needed to run the site. We and our providers may set strictly necessary security and authentication cookies: if you sign in, Clerk sets a session cookie to keep you logged in, and Cloudflare may set security cookies (such as one to tell humans from bots). We do not use advertising or cross-site tracking cookies.
Affiliate links
Some product links on a registry are affiliate links. Call Dibs is a participant in the Amazon Associates Programme and in affiliate networks such as Skimlinks. If you click through to a retailer and buy something, we may earn a small commission, at no extra cost to you. As an Amazon Associate, Call Dibs earns from qualifying purchases.
These links work by redirect: when you tap a buy link we forward you to the retailer (sometimes via an affiliate network) with a tag that lets the purchase be attributed to us. We do not add advertising or tracking scripts to our own pages to do this, and the tag is not tied to your identity. The retailer or network you are forwarded to may set its own cookies under its own privacy policy, which is outside our control.
What other users can see
Call Dibs is a sharing tool, so some of what you provide is shown to other people using the same registry. Depending on how a registry is used, others may be able to see information you choose to provide, including your name, whether you have reserved an item, your group-gift participation and contact details, and notes associated with a registry. To protect the surprise, an owner does not see who reserved their own items until after the event date. Only share information you are comfortable other participants seeing.
How we protect data
We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse or alteration. No online service can be completely secure, so we cannot guarantee absolute security.
A note on shared links
Access to a registry is controlled by the secret link, not by a login. Anyone you give a share link to can view that registry, and anyone with the private edit link can change it. Share these links only with people you trust.
Children
Call Dibs is not intended for use by anyone under 16 without the involvement of a parent or guardian. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will remove it.
Changes to this policy
We may update this policy from time to time. We will change the “last updated” date above, and for significant changes we will take reasonable steps to let affected users know.
Contact
Questions or requests: hello@calldibs.uk.