Legal
Privacy Policy
Last updated: this is a placeholder template. Get a lawyer to review before you launch.
1. Data we collect
We collect your email, name, age, and country (which you provide on sign-up), plus the prompts and source assets you upload to generate drops.
2. Why we collect it
We use your data to operate Dropt: authenticate you, generate your drops, count your usage, and contact you about service updates.
3. Sharing
We send prompts and source images to AI providers (fal.ai, Runway, OpenAI) and email through Resend. We never sell your data to third parties.
4. Storage
Your data is stored on AWS S3 and MongoDB Atlas, encrypted at rest. We retain it for as long as your account exists.
5. Your rights
You can request a copy of your data or delete your account at any time from Settings. We honor GDPR and similar regulations globally.
6. Cookies
We use a single httpOnly session cookie to keep you signed in. Optional analytics cookies are off by default.
| Name | Purpose | Lifetime | HttpOnly |
|---|---|---|---|
| dropt_rt | Refresh token (keeps you signed in) | 30 days | yes |
| dropt_session | Session marker — readable by the frontend router | 30 days | yes |
| dropt_csrf_v2 | CSRF double-submit token | 1 day | no |
| dropt_cookie_consent_v2 | Your cookie choice (localStorage, not a browser cookie) | 1 year | no |
7. Contact
Privacy questions? Email privacy@dropt.ai.