PopDrop
Legal

Privacy Policy

Last updated: TODO: set date

This Privacy Policy explains how PopDrop (“we”, “us”) collects, uses, and protects personal information when you use our order-fulfillment service.

Who we are

[Legal business name], [address], [country]. Contact: support@popdrop.io.

The two kinds of people whose data we hold

Our clients (resellers who use this site): account email, password (stored securely by our auth provider), and business name.

Our clients’ customers (the recipients of shipments): we store the recipient’s name, shipping address, quantity, and any delivery notes provided by our client. We collect this only to place and ship the order our client has paid us to fulfill.

Why we collect recipient data

We act as a service provider/processor on behalf of our clients. We use recipient names and addresses solely to place the corresponding order with the supplier so it ships to the correct address. We do not sell this data or use it for marketing.

Payments

Payments are processed by Stripe. We never see or store full card numbers; card data is handled entirely by Stripe under their security standards. We retain only a payment reference and the amount.

How data is stored and protected

Data is stored in our database provider (Supabase/Postgres) with row-level security so each client can access only their own orders. Recipient data is never shown on public pages and is accessible to our administrators only. All traffic is served over HTTPS.

How long we keep data

We retain order and recipient data for [retention period] to fulfill orders, handle support and returns, and meet legal/accounting obligations, after which it is deleted or anonymized.

Your rights

Depending on where you live, you (or a recipient, via our client) may have rights to access, correct, or delete personal data. Requests regarding a recipient’s data are generally directed through the client who submitted the order. Contact support@popdrop.io.

Changes

We may update this policy and will revise the date above when we do.

TODO: This is a plain-language draft, not legal advice. Have it reviewed by a qualified professional before launch.