Privacy Policy

1. Introduction

Dropspace ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our product launch management platform and related services (collectively, the "Service").

By using Dropspace, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth, we collect:

• Email address
• Full name
• Profile picture (avatar URL)
• Google account identifier

2.2 Product Information

When you create launches, we collect:

• Product name and description
• Product website URL
• Website content (automatically scraped when you provide a URL)
• Launch schedule and platform preferences
• Uploaded media (images, videos)

2.3 Social Media Account Data

When you connect social media accounts, we collect:

• OAuth Tokens: Access tokens and refresh tokens required to post on your behalf (stored encrypted)
• Account Information: Username, display name, and profile data from connected platforms
• Platform-Specific Data: Account IDs, page IDs (for Facebook/Instagram), and connection metadata

We support connections to: Facebook, LinkedIn, Twitter/X, Reddit, Instagram, TikTok, Product Hunt, and Hacker News.

2.4 Persona Data

To personalize AI-generated content, we may collect:

• Twitter Posts: Recent tweets, engagement metrics (likes, retweets), and posting patterns
• Facebook Page Posts: Posts from your Facebook Pages for voice analysis and content personalization
• Reddit Content: Posts and comments, subreddits, and engagement scores
• Writing Samples: Text you provide for voice analysis
• AI Analysis: Generated persona characteristics and writing style analysis

2.5 Generated Content

We store:

• AI-generated content for each platform
• Content you edit or customize
• AI-generated videos for Instagram and TikTok
• Published post IDs and URLs

2.6 Billing Information

For subscription management, we store:

• Stripe customer ID
• Subscription plan and billing cycle
• Subscription status and dates

Note: We do not store complete payment card information. All payment processing is handled securely by Stripe.

2.7 Usage and Analytics Data

We automatically collect:

• Device and browser information
• IP address and approximate location
• Pages visited and features used
• Error logs and performance data
• Interaction events (clicks, form submissions)

3. How We Use Your Information

We use the information we collect to:

3.1 Provide the Service

• Authenticate your account and maintain your session
• Generate AI-powered content using your product information and persona
• Post content to your connected social media accounts
• Schedule and execute your product launches
• Display engagement analytics (impressions, reach, reactions, comments, shares, views) for Facebook, Instagram, and TikTok posts published through Dropspace

3.2 Improve and Personalize

• Analyze usage patterns to improve features
• Personalize content generation based on your writing style
• Develop new features and functionality

3.3 Communicate with You

• Send notifications about your launches and account
• Provide customer support
• Send important service updates and security alerts

3.4 Process Payments

• Process subscription payments through Stripe
• Manage billing and subscription status

3.5 Ensure Security and Compliance

• Detect and prevent fraud or abuse
• Monitor for security threats
• Comply with legal obligations

4. Third-Party Services and Data Sharing

We share data with the following third-party services to provide our Service:

4.1 Authentication and Database

• Supabase: User authentication, database storage, and file storage
• Google: OAuth authentication for account creation

4.2 AI and Content Generation

• Anthropic (Claude): Product descriptions, voice samples, and content preferences are sent to Claude API for content generation. Anthropic's privacy policy governs their handling of this data.
• Fal AI: Content and media data for AI video generation

4.3 Social Media Platforms

• Facebook: OAuth tokens and content for posting to Pages; engagement analytics data (impressions, reach, reactions, comments, shares) for posts published through Dropspace
• LinkedIn: OAuth tokens and content for posting to your profile and our company page
• Twitter/X: OAuth tokens and content for posting tweets and threads
• Reddit: OAuth tokens, content for posts, and user history for voice analysis
• Instagram: OAuth tokens and content for posting; engagement analytics data (impressions, reach, reactions, comments, shares, saves) for posts published through Dropspace
• TikTok: OAuth tokens and content for video posts; engagement analytics data (views, likes, comments, shares) for TikTok videos published through Dropspace
• Product Hunt: Content for product launches
• Hacker News: Content for submissions

LinkedIn Data Handling: Data obtained through LinkedIn's APIs is subject to LinkedIn's API Terms of Use and data storage requirements. Specifically:

• LinkedIn member social activity data (posts, comments, reactions) is cached for a maximum of 48 hours
• LinkedIn member profile data for non-authenticated members is cached for a maximum of 24 hours
• LinkedIn data is used solely for posting content to LinkedIn on your behalf
• LinkedIn data is never used for advertising, sales, recruiting, lead generation, or combined with other datasets
• You may request deletion of LinkedIn data at any time by disconnecting your LinkedIn account or contacting us

TikTok Data Handling: Data obtained through TikTok's Content Posting API is subject to the TikTok Developer Data Sharing Agreement and TikTok Privacy Policy. Specifically:

• Data Collected: TikTok user identifier (open_id), username, display name, avatar URL, OAuth tokens (encrypted), and publishing results (publish_id, post_id)
• Data Usage: TikTok data is used solely for posting video content on your behalf and displaying engagement analytics (views, likes, comments, shares)
• Security: OAuth tokens are encrypted using AES-256-GCM and stored only while your TikTok account is connected
• TikTok data is never sold, used for advertising, or shared with third parties except as required to provide the Service
• We do not collect sensitive personal data or data from minors through the TikTok integration
• You retain full control over privacy settings before each post, including who can view, comment, duet, or stitch your content
• You may disconnect your TikTok account at any time via Settings, which will delete all stored TikTok OAuth tokens

For more information, see TikTok's Cookie Policy.

4.4 Payment Processing

• Stripe: Payment card information and billing details for subscription processing. We do not have access to your full card numbers.

4.5 Analytics and Monitoring

• PostHog: Usage analytics, feature adoption, and user behavior tracking
• Sentry: Error tracking, performance monitoring, and debugging information

4.6 Infrastructure

• Vercel: Frontend hosting and edge functions
• Railway: Backend API hosting

5. Data Storage and Security

5.1 Data Storage

Your data is stored in secure cloud infrastructure:

• Primary database hosted on Supabase (PostgreSQL)
• Media files stored in Supabase Storage
• OAuth tokens encrypted before storage

5.2 Security Measures

We implement security measures including:

• Encryption of OAuth tokens at rest
• HTTPS encryption for all data in transit
• Row Level Security (RLS) policies on database tables
• Regular security monitoring and error tracking
• Secure authentication via OAuth 2.0 with PKCE

5.3 Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active
• Launch Data: Retained indefinitely for your reference unless you request deletion
• OAuth Tokens: Retained until you disconnect the account or they expire
• Persona Data: Retained until you delete your persona or account
• Analytics Data: Retained according to third-party provider policies
• LinkedIn API Data: Member social activity data (posts, comments, reactions) cached for maximum 48 hours; non-authenticated member profile data cached for maximum 24 hours, in compliance with LinkedIn's API Terms
• TikTok API Data: OAuth tokens retained until you disconnect your account or tokens expire; publishing results (post IDs, URLs) retained for your reference; no caching of TikTok user data beyond what is required for the Service, in compliance with TikTok's Developer Data Sharing Agreement

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access the personal data we hold about you and request a copy in a portable format.

6.2 Correction

You can update your account information through your profile settings or by contacting us.

6.3 Deletion

You can request deletion of:

• Your entire account and associated data
• Specific launches or content
• Voice profile data
• Connected social media accounts (which removes stored OAuth tokens)

6.4 Disconnect Social Accounts

You can disconnect any connected social media account at any time through the Settings page. Upon disconnection, we delete the associated OAuth tokens.

6.5 Opt-Out of Analytics

You can opt out of analytics tracking by using browser privacy features or contacting us.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries.

We ensure appropriate safeguards are in place when transferring data internationally, including standard contractual clauses where applicable.

8. European Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contract performance, legitimate interests, and legal obligations
• Right to Object: You can object to processing based on legitimate interests
• Right to Restrict: You can request restriction of processing in certain circumstances
• Data Portability: You can request your data in a machine-readable format
• Withdraw Consent: You can withdraw consent at any time where consent is the legal basis
• Lodge Complaint: You have the right to lodge a complaint with your local data protection authority

9. California Users (CCPA)

California residents have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we collect
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt out of the "sale" of personal information (note: we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at josh@jclvsh.art.

10. Children's Privacy

Dropspace is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: PostHog tracking for understanding usage patterns
• Preference Cookies: Storing your theme preference (light/dark mode)

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect Service functionality.

12. Do Not Track

Some browsers support a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals, but you can opt out of analytics tracking by contacting us.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

We will respond to your request within 30 days.

15. Summary of Data Practices