HeyDropHeyDrop
Trust Center

Privacy Policy

Last updated: March 2026

This policy explains how HeyDrop collects, uses, stores, and protects your personal data. We are committed to transparency and your rights.

Who is the data controller?

HeyDrop P.S.A., registered at ul. Cegielniana 4A/15, 30-404 Krakow, Poland (KRS: 0001089398, NIP: PL6793273746), is the data controller for personal data processed through our platform and website.

What data do we collect?

We collect information you provide directly: name, email address, company name, job title, phone number, and content you add to your digital business card (links, social profiles, photos). We also collect minimal operational usage data (device info, browser type) needed to deliver and secure the service. We do not provide viewer or recipient analytics dashboards to individual or team users - your prospects' interactions with your card are not surfaced as analytics.

How do we use your data?

We use your data to: provide, maintain, and improve our services; communicate with you about your account; process payments via our payment processor (Paddle); comply with legal obligations; and protect against fraud and abuse. We do not sell your personal data to third parties. We do not build viewer or recipient analytics dashboards on top of your contact interactions.

Where is data stored?

Your data is stored on AWS infrastructure in the United States (us-east-1 and us-west-2 regions, multi-AZ). AWS is certified under the EU-US Data Privacy Framework, enabling lawful international data transfers. All data is encrypted at rest using AES-256 (via AWS KMS) and in transit using TLS 1.2+. Access to production systems requires multi-factor authentication and follows the principle of least privilege.

What are your rights under GDPR?

If you are in the EU/EEA, you have the right to: access your personal data, rectify inaccurate data, request erasure, restrict processing, data portability, and object to processing. You also have the right to withdraw consent and lodge a complaint with a supervisory authority.

What are your rights under CCPA?

California residents have additional rights: the right to know what data is collected, the right to delete personal information, and the right to opt-out of data sales. We do not sell personal data. You will not be discriminated against for exercising these rights.

How long do we retain data?

We retain your data for as long as your account is active. After account deletion, personal data is removed within 30 days, except where retention is required by law (e.g., financial records for tax purposes).

Do we use cookies?

On our marketing website (heydrop.com), we use essential cookies for site functionality and - with your explicit consent via our CookieYes consent banner - anonymized analytics cookies (Google Analytics 4) to improve the marketing site, plus marketing cookies. Inside the HeyDrop product (the user and admin dashboards), we do not deploy third-party analytics or tracking. You can manage preferences at any time.

Contact Us

Data Protection Officer: dpo@heydrop.app

Privacy inquiries: privacy@heydrop.app