dropd(“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share and protect information about you when you use the dropd platform — including our mobile application and website (collectively, the “Service”).
By using dropd you agree to the practices described in this policy. If you do not agree, please stop using the Service.
1. Information We Collect
Information you provide directly
- Account information: name, email address, password and profile photo when you register.
- Profile information: bio, social media handles, and content you choose to display publicly as a host.
- Messages: content of messages sent between fans and hosts on the platform.
- Payment information: billing details collected via Stripe when you purchase tokens or receive payouts (see Section 4).
- Communications: emails or support messages you send us.
Information collected automatically
- Usage data: pages viewed, features used, timestamps, click-through data.
- Device data: device type, operating system, app version, IP address, and browser type.
- Crash reports: diagnostic data to help us identify and fix issues.
2. How We Use Your Information
- To operate and provide the dropd Service, including processing messages and managing accounts.
- To process token purchases and host payouts via Stripe.
- To enforce our 72-hour reply guarantee and issue automatic refunds where required.
- To personalise your experience and improve our platform.
- To send transactional emails (purchase receipts, reply notifications, refund confirmations).
- To detect and prevent fraud, abuse, and violations of our Terms of Service.
- To comply with legal obligations.
We will only send you marketing communications with your consent. You can unsubscribe at any time.
3. Database and Infrastructure — Supabase
dropd uses Supabase as our backend database and authentication provider. Supabase stores your account data, profile information, and message records in encrypted, secure cloud infrastructure. Supabase operates in compliance with industry security standards. Your data is stored on servers located in data centres within the European Economic Area or United States depending on your region. We have a Data Processing Agreement with Supabase. For more information see supabase.com/privacy.
4. Payments — Stripe
All payment processing is handled by Stripe, Inc. dropd does not store your credit card number, expiry date, or CVV on our servers. When you purchase tokens or receive a payout, your payment details are sent directly and securely to Stripe. Stripe is PCI DSS Level 1 certified. By using our payment features you also agree to Stripe's Privacy Policy. We may receive and store a Stripe customer ID and payment method summary (e.g. last four digits of your card) for billing reference purposes.
5. User Content and Messages
Messages sent between fans and hosts are stored in our database to facilitate the Service — including delivery, the 72-hour reply guarantee, refund processing, and moderation. Our team may access message content where required to investigate reports of policy violations or comply with legal requests. We do not sell or share message content with third parties for advertising. Hosts and fans should not share sensitive personal information (such as financial details or passwords) through messages.
6. Cookies and Tracking
Our website uses cookies and similar tracking technologies to:
- Essential cookies: keep you logged in and maintain session state.
- Analytics cookies: understand how visitors use our site so we can improve it (e.g. page view counts, traffic sources). Analytics data is aggregated and anonymised where possible.
- Preference cookies: remember your settings and preferences.
You can control cookies through your browser settings. Disabling essential cookies may affect how the Service functions.
7. Sharing Your Information
We do not sell your personal data. We may share your information with:
- Service providers: Supabase, Stripe, and other trusted vendors who help us operate the Service, bound by confidentiality and data protection agreements.
- Law enforcement or regulators: where required by applicable law, court order, or to protect the rights and safety of our users or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
8. Your Rights
Depending on your location, you may have rights including: access to your personal data, correction of inaccurate data, deletion of your account and data, objection to or restriction of processing, and data portability. To exercise any of these rights, open the dropd app and tap Help & Support from the menu. We will respond within 30 days.
9. Data Retention
We retain your account data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g. transaction records which may be retained for up to 7 years).
10. Children's Privacy
dropd is not directed at children under the age of 17. We do not knowingly collect personal data from anyone under 17. If you believe we have inadvertently collected information from a minor, please contact us immediately via Help & Support in the dropd app.
11. Security
We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security. We will notify you promptly in the event of a data breach that affects your rights.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date and notify you via email or an in-app notice if the changes are material. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
13. Governing Law
This Privacy Policy is governed by the laws of Victoria, Australia. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of Victoria, Australia.
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us: