Privacy & GDPR

Privacy Policy

This policy explains what data Droplink processes, why we process it, and what rights you have under GDPR and similar privacy laws.

Last updated: March 13, 2026

1. Controller Information

Controller under Art. 4(7) GDPR: Droplink, Alleenstraße 29, 74321 Bietigheim-Bissingen, Germany.

For privacy-related requests, contact support@drop-link.io.

2. Categories of Personal Data

Depending on how you use Droplink, we may process the following data:

  • Account and registration data such as name, email address, password hash, plan, and account status.
  • Store integration data such as connected Shopify store details, products, orders, and fulfillment status.
  • Billing and payment data such as payment method type, transaction identifiers, invoices, and credit usage.
  • Referral program data such as referral link identifiers, referral status, and fraud-prevention signals.
  • Technical and usage data such as IP address, browser, device type, log files, and feature usage.

3. Purposes of Processing

  • Providing and maintaining the Droplink platform.
  • Connecting stores and synchronizing order workflows.
  • Processing subscriptions, credits, and billing operations.
  • Forwarding fulfillment data to logistics partners.
  • Preventing fraud, abuse, and unauthorized access.
  • Improving performance, reliability, and product quality.
  • Complying with legal and accounting obligations.

4. Data Sharing and Processors

We share data only where necessary to provide the service.

Typical recipients include Shopify, payment providers such as Stripe or PayPal, fulfillment partners, cloud infrastructure providers, and analytics or monitoring vendors.

Where required, we use data processing agreements and limit shared data to what is necessary for the relevant task.

5. International Transfers

Some vendors or partners may process data outside the European Economic Area.

Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

6. Data Retention

  • We keep account data for the duration of the customer relationship.
  • We retain billing and tax-relevant records for the period required by applicable law.
  • We delete or anonymize data when it is no longer needed, unless legal retention obligations apply.

7. Security Measures

  • Encrypted transport using HTTPS/TLS.
  • Access controls and least-privilege permissions.
  • Secure authentication and monitored infrastructure.
  • Logging and technical safeguards against abuse.
No online system can guarantee absolute security, but we apply reasonable technical and organizational measures.

8. Your Privacy Rights

  • Access to your personal data.
  • Correction of inaccurate data.
  • Deletion where legal requirements allow.
  • Restriction of processing in certain cases.
  • Data portability where applicable.
  • Objection to processing based on legitimate interests.
  • Complaint to a competent supervisory authority.
To exercise your rights, email support@drop-link.io.

9. Cookies and Tracking

We may use cookies or similar technologies for authentication, session handling, security, analytics, and product improvement.

Where legally required, we ask for consent before activating non-essential tracking.

10. Automated Decision-Making

Droplink does not make automated decisions that produce legal or similarly significant effects on users within the meaning of Art. 22 GDPR.

11. Changes to This Policy

We may update this policy from time to time.

Material changes will be published on this page with an updated effective date.