01Data We Collect
Information you provide
- Account data: email address, name, and authentication provider (Google, GitHub) when you create an account
- Uploaded content: HTML files and associated assets you publish through Droploft
- Comments: text and email address when you leave comments on documents
- Payment data: processed by Stripe; we do not store credit card numbers
Information collected automatically
- Usage analytics: page views, reading time, scroll depth, referral source, and device type for published documents
- Server logs: IP address, browser type, and timestamps for uploads and API requests
- Anonymous tokens: localStorage-based identifiers for anonymous users to associate documents with their browser session
Information we do NOT collect
- We do not read or analyze the content of your uploaded documents, except as needed to provide requested features (AI summary, mobile adaptation, health check)
- We do not use your content to train AI models
- We do not sell your data to third parties
02How We Use Your Data
| Data | Purpose | Legal basis |
|---|---|---|
| Email, name | Account management, notifications | Contract performance |
| Uploaded files | Hosting, serving, displaying your documents | Contract performance |
| View analytics | Providing engagement metrics to document owners | Legitimate interest |
| Server logs | Security, abuse prevention, debugging | Legitimate interest |
| Payment info | Billing via Stripe | Contract performance |
03Data Storage & Security
- Encryption: all data is encrypted at rest and in transit (TLS 1.3)
- Infrastructure: hosted on Cloudflare (CDN, compute, storage) and Neon (PostgreSQL database)
- File storage: uploaded documents are stored in Cloudflare R2 with server-side encryption
- Access control: internal access to production data is restricted and logged
04Data Retention
| Data type | Retention period |
|---|---|
| Anonymous uploads | 30 days (7 days with no views triggers early removal) |
| Registered user documents | Until user deletes them or closes account |
| View analytics | Free: 7 days · Pro: 90 days · Team: unlimited |
| Server logs (IP, timestamps) | 90 days |
| Account data after deletion | Permanently removed within 30 days |
05Third-Party Services
We use the following third-party services that may process your data:
- Cloudflare — infrastructure, CDN
- Neon — database
- Stripe — payments
- Sentry — error tracking
- Inngest — task processing
We do not share your data with advertisers or data brokers.
07Your Rights
All users
- Access: request a copy of all data we hold about you
- Deletion: delete your account and all associated data from Account Settings
- Export: download all your data via GDPR Data Export in Account Settings
- Correction: update your profile information at any time
California residents (CCPA)
You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information.
EU/EEA residents (GDPR)
You have additional rights including data portability, restriction of processing, and the right to object to processing. Our legal basis for processing is detailed in Section 02. To exercise these rights, contact privacy@droploft.io.
08Document Viewers
When someone views a document published on Droploft, we collect basic analytics (view count, reading time, device type, referral source) to provide engagement metrics to the document owner. Viewer IP addresses are logged for security purposes and retained for 90 days. We do not create persistent profiles of document viewers.
09Children
Droploft is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
10Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-product notification at least 14 days before taking effect. The “Last updated” date at the top reflects the most recent revision.
Privacy questions, or exercising your rights?