DropFix | Detect churn before it lands

1. Introduction

DropFix ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform and services (collectively, the "Service").

By accessing or using DropFix, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Information You Provide

Account information (name, email, company name)
Billing information (payment details processed by Stripe)
User-generated content (draft emails, notes, preferences)
Communications and correspondence

2.2 Automatically Collected Information

Device information and browser type
Usage data and interaction patterns
Cookies and tracking technologies
Log data (IP address, access times, referring URLs)

2.3 Information from Third Parties

Stripe (payment processing)
Supabase (database and authentication)
Anthropic (Claude API) (AI-powered features)
Resend (outbound email delivery)
Fly.io (application hosting and workers)
Vercel (frontend hosting and CDN)
Slack (optional integration; only processes data when connected)
Google (Gmail OAuth; only processes data when founder connects Gmail integration)

3. How We Use Your Information

We use the collected information for the following purposes:

To provide, maintain, and improve our Service
To process transactions and send related information
To send you technical notices and support messages
To analyze usage patterns and optimize user experience
To detect, prevent, and address technical issues
To generate AI-powered email drafts and insights
To comply with legal obligations

Privacy Protection in AI Processing: User personal data (names, emails) is never sent to third-party AI providers. Only anonymised behavioural signals are used for AI processing. This ensures your data remains private while still enabling intelligent automation.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will delete or anonymize your data upon request, except where retention is required by law or for legitimate business purposes such as fraud prevention or resolving disputes.

Behavioural Event Data: Event data collected via our SDK (page views, feature usage, user identifiers) is retained for a maximum of 12 months. After this period, event data is automatically deleted or anonymized.

5. Data Collected via SDK on Behalf of Customers

When founders install the DropFix SDK in their product, we collect behavioural data about their end users as a data processor acting on the founder's behalf. This data includes:

Page views and navigation patterns
Feature usage events
User identifiers (external IDs)
Session information and timestamps

We do not use this data for any purpose other than providing the Service to the founder. Founders are responsible for ensuring their own privacy disclosures cover the use of DropFix and for obtaining any necessary consents from their end users.

6. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Regular security assessments and audits
Access controls and authentication requirements
Secure cloud infrastructure with Supabase

7. Cookies and Tracking

We use cookies and similar tracking technologies to collect information about your browsing activities. You can control cookie preferences through your browser settings. Essential cookies required for Service operation cannot be disabled.

8. Third-Party Services

Our Service integrates with third-party services. Each third party has its own privacy policy governing their use of your information:

Stripe - Payment processing and subscription management
Supabase - Database, authentication, and storage
Anthropic (Claude API) - AI-powered email draft generation
Resend - Outbound email delivery for digests, dunning, and notifications
Fly.io - Application hosting and worker infrastructure
Vercel - Frontend hosting and content delivery network
Slack - Optional integration; only processes data when you connect your Slack workspace
Google - Gmail OAuth integration; only processes data when you connect your Gmail account

9. Your Rights

Depending on your location, you may have the following rights under applicable data protection laws:

Right to access your personal data
Right to correct inaccurate data
Right to delete your data
Right to data portability
Right to opt out of marketing communications
Right to object to processing

For users in the European Economic Area, these rights are protected under the General Data Protection Regulation (GDPR). For users in India, we comply with the Digital Personal Data Protection Act 2023 (DPDP Act).

To exercise these rights, please contact us at privacy@dropfix.io or through your account settings.

10. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

DropFix

Email: privacy@dropfix.io

Website: dropfix.io