Privacy Policy

1. Introduction

Dropie (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document automation platform and related services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, and contact details
• Document Data: Documents you upload, create, or process through our platform
• Usage Information: How you interact with our services, features used, and preferences
• Payment Information: Billing details processed securely through our payment providers

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system
• Log Data: Access times, pages viewed, referring pages
• Cookies: Session cookies and preference cookies to improve your experience

3. How We Use Your Information

We use your information to:

• Provide and maintain our document automation services
• Process your documents according to your instructions
• Improve and personalize your experience
• Communicate with you about your account and services
• Ensure security and prevent fraud
• Comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Compliance: SOC 2 Type II certified and GDPR compliant

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in these circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With trusted third parties who assist in operating our services
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Your Privacy Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing of your data
• Restriction: Request limited processing of your data

7. Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

• Active account data is retained while your account is active
• Deleted documents are permanently removed within 30 days
• Backup data is retained for 90 days for disaster recovery
• Legal compliance data may be retained as required by law

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses for EU data transfers
• Privacy Shield principles compliance
• Data localization options for enterprise customers

9. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

10. Cookie Policy

We use cookies to:

• Maintain your session and preferences
• Analyze usage patterns to improve our services
• Remember your settings and authentication

You can control cookies through your browser settings. Disabling cookies may limit some features of our service.

11. Third-Party Services

Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our platform. Your continued use constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

14. Jurisdiction-Specific Rights

European Union (GDPR)

If you are in the EU, you have additional rights under GDPR. Our legal basis for processing includes:

• Contract performance (to provide our services)
• Legitimate interests (to improve and secure our services)
• Legal obligations (to comply with laws)
• Consent (where explicitly provided)

California (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt-out of the sale of personal information (which we do not do).

Other Jurisdictions

We respect privacy rights in all jurisdictions where we operate. Contact us for specific information about your local privacy rights.