Privacy Policy

This policy explains what data Dropura collects, why we collect it, who we share it with, and what choices you have. It applies to everyone who uses the service, regardless of where they live.

1. Data We Collect

When you create an account or use Dropura we collect:

• Email address — to identify your account and send transactional email (verification, password reset, security notices).
• Display name — to label your moments and presence to other drop members.
• Password hash — we store an Argon2id hash of your password. The plaintext password is never stored.
• Your moments — the photos, captions, and metadata (capture time, camera EXIF where supplied, optional caption tags) you upload.
• Drops you belong to — the pin code, drop title, membership list, and your role inside each drop.
• IP address — captured per request for abuse-detection, rate limiting, and audit logs.
• Optional location — only if you grant the browser permission or explicitly attach a location to a moment. You can revoke this at any time in your device or browser settings.
• User-agent string — to detect broken clients and target compatibility fixes.

2. Why We Collect It

• To provide the service. Hosting your moments, delivering them to the drops you joined, generating recap exports, sending transactional email.
• To prevent abuse. Rate limiting, spam detection, audit logging, blocking accounts that violate our Terms.
• For technical support. Diagnosing bugs you report, restoring access after a sign-in problem.

We do not use your data to train AI models, profile you for advertising, or build a behavioural advertising graph. Dropura does not currently run any third-party analytics.

3. Legal Basis (GDPR)

If you are in the EU / EEA / UK, our legal basis for processing your personal data is:

4. How Long We Keep It

• Account data is kept until you delete your account. After deletion we hold the data for a 30-day grace period in case you recover the account, then purge it from primary storage.
• Drops auto-expire based on the lifetime you choose; expired drops are deleted in the daily expiration sweep.
• Backups rotate on their normal schedule (currently up to 30 days) — deleted data may remain in cold backup until the next rotation overwrites it.
• Legal-compliance holds override these timelines: if we receive a valid legal order to preserve specific data, we keep that data until the order is lifted or expires.

5. Who We Share It With

Dropura does not sell your personal data. We share data only with:

• Hosting provider — Render (US, Oregon region) — runs the application server and managed Postgres database that holds your account data.
• Media storage — Cloudflare R2 — stores the photo bytes you upload.
• Email sender — Resend — delivers transactional mail (verification, password reset, share invites).
• Law enforcement — only when we receive a valid legal order (e.g. a subpoena, court order, or equivalent under your local law) and only the specific data described in that order.

Each provider above is bound by their own data-processing terms; we share the minimum data each one needs to do its job.

6. Cookies

Dropura uses a small set of cookies, almost all of them strictly necessary for the service to work (session auth, anti-CSRF, language preference). We do not currently set any analytics or advertising cookies. The full inventory is in our Cookie Policy.

7. Your Rights

You can:

• Access the data we hold about you — request a copy from the Profile → Privacy section of the app or by emailing [email protected].
• Export your moments and account data as a JSON archive (Profile → Privacy → Export).
• Delete your account and the data it owns (Profile → Privacy → Delete account).
• Correct inaccurate data (Profile → Edit profile).
• Object to processing based on legitimate interest, or withdraw consent for optional features at any time.
• Lodge a complaint with your national data-protection authority if you believe we have mishandled your data.

For EU / EEA / UK residents these correspond to the rights under GDPR Articles 15–22 and we will respond within one month, extendable by two further months for complex requests.

8. Security Measures

• Encryption in transit — TLS 1.2+ everywhere, enforced via HSTS.
• Encryption at rest — Postgres-managed encryption for the database; server-side encryption (SSE) on the R2 object store.
• Strong authentication — passwords hashed with Argon2id, session cookies signed with rotating data-protection keys, anti-CSRF token required for all state-changing requests.
• Audit logging — every authentication and privacy-impacting action is recorded in an append-only audit table.
• Dependency scanning — automated vulnerability checks on every build; security-relevant findings are patched on a published cadence.

No system is perfectly secure. If you spot a vulnerability, please report it responsibly to [email protected].

9. Children

Dropura is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, email [email protected] and we will delete the account and its data within a reasonable time after verification.

10. International Transfers

Dropura is hosted in the United States (Render's Oregon region). If you access the service from outside the US, your data is transferred to and processed in the US. For EU / EEA / UK users, transfers are covered by the European Commission's Standard Contractual Clauses incorporated into our agreements with hosting and storage providers.

11. Changes to This Policy

We may update this policy. Material changes will be announced with at least 30 days' notice — by email and an in-app banner — before they take effect.

12. Contact & Complaints

• General privacy questions: [email protected]
• You also have the right to lodge a complaint with your national data-protection authority.

Last updated: 12 May 2026.
Source of truth: docs/legal/privacy.md.

← Back to Dropura