Privacy Policy
Effective 1 June 2026
1. Who we are
Dropdog (“we”, “us”) is a discovery platform for Instagram-native boutique brands operated from the United States. This policy describes what data we collect when you visit https://www.dropdog.ai or subscribe to our email digest.
2. Information we collect
- Email address, if you subscribe to our digest or claim a brand listing.
- Anonymous visitor identifier set in a first-party cookie (dd_vid) to attribute impressions, page views, email signups, and clicks on drop cards back to a visitor session. Reset on cookie clear.
- Anonymous session identifier set in a first-party cookie (dd_sid) to connect one browsing session to an influencer entry link and traffic source.
- Cookie preference and claim-flow cookies used to remember your cookie choice and complete brand-operator sign-in or claim steps in the same browser.
- Coarse geography from hosting headers (country, region, and city when available). We do not store IP addresses for analytics.
- Browser, device, and pageview telemetry collected by PostHog (product analytics) and Sentry (error monitoring). We do not enable session replay, autocapture, or feature-flag tracking.
- Brand operator account data, if you claim a brand: email, name, and the actions you take in the operator dashboard.
We do notprocess payments. Purchases happen on each brand’s own store under that brand’s own privacy policy.
3. Why we collect it
- To operate the site, deliver the bi-weekly email digest, and count impressions, page views, email signups, and clicks to brand stores.
- To detect and fix bugs (Sentry error capture).
- To understand which drops and brands resonate (PostHog pageviews and click events).
- To verify brand-owner identity during the claim flow.
4. Third-party processors
We share data with the following service providers strictly to operate Dropdog. Each is bound by their own terms and security obligations.
- Supabase (US): database, authentication, storage.
- Vercel (US): web hosting and edge delivery.
- Klaviyo (US): bi-weekly consumer email digest.
- Resend (US): transactional email (magic-link auth, operator notifications).
- PostHog (US): pageview and event analytics.
- Sentry (US): error monitoring.
5. Retention
Email subscriber records are retained until you unsubscribe. First-party interaction events are retained for 365 days. Operator accounts are retained until you delete the account. Aggregated, non-identifying statistics may be retained indefinitely.
6. Your rights
Regardless of where you live, you may request a copy of your data, ask us to correct it, or ask us to delete it. EU and UK visitors have rights under GDPR; California residents have rights under CCPA. To exercise any right, email hello@dropdog.ai. We respond within 30 days.
7. Cookies
We use dd_vid for the anonymous visitor identifier and dd_sid for the current browsing session, short-lived claim and sign-in helper cookies, plus session cookies set by Supabase Auth when you sign in as a brand operator. We do not use third-party advertising cookies. Optional PostHog analytics storage is off unless you accept analytics cookies, and browser Global Privacy Control or Do Not Track signals are treated as essential-only. See the Cookie Policy for the full cookie inventory.
8. International transfers
Our processors are all US-based. If you visit from outside the US, your data is transferred to and processed in the US under the Standard Contractual Clauses (where applicable) and the Data Privacy Framework.
9. Children’s privacy
Dropdog is not directed at children under 13 and we do not knowingly collect data from them.
10. Changes & contact
We update this policy when our processors or practices change. The effective date at the top of this page reflects the most recent revision. Reach us any time at hello@dropdog.ai.
This policy is provided as a plain-language template and is not legal advice. Brand operators and visitors should consult their own counsel for jurisdiction-specific requirements.