Privacy Policy

Effective: 19 May 2026

This Privacy Policy explains what information DropValidate collects when you use our product-validation service, how we use it, and the choices you have. We aim to keep this short, plain, and honest.

What we collect

• Account information. When you sign up we collect your email address and, if you sign in with Google or Microsoft, the name and profile picture your provider shares with us.
• Validation history. The URLs, product descriptions, and any notes you submit for validation, along with the reports we generate from them, are stored against your account so you can review them later.
• Technical data. Your IP address is logged for rate limiting and abuse prevention. We log basic request metadata (timestamps, status codes) for operational debugging.
• Payment metadata. If you buy credits we store the purchase amount, currency, and timestamp. We do not see or store your card details — Stripe handles those.
• Optional phone number. If you opt into WhatsApp alerts we store the phone number you provide for that purpose.

How we use it

• To run the validations you request and show you the results.
• To send alerts and notifications you have opted into.
• To prevent abuse, enforce rate limits, and keep the service stable.
• To respond to support requests.

We do not sell your data and we do not use it for behavioural advertising.

Third-party processors

To deliver the service we share data with the following processors. Each is bound by their own privacy terms.

• Supabase — authentication and database hosting (United States).
• Stripe — payment processing (United States).
• Apify — proxy-based scraping of public product and ad pages (United Kingdom / European Union).
• Brave — search API used during validation (United States).
• DeepSeek — AI inference for report generation. DeepSeek processing may occur outside the EEA, including in the People's Republic of China. We flag this explicitly so EU users can make an informed choice; only the validation prompts you submit are sent, never your account credentials.
• Twilio — WhatsApp message delivery if you opt in (United States).
• Resend — transactional email delivery (United States).
• Google and Microsoft — OAuth sign-in if you choose those providers (United States / Ireland).

Cookies

We use a small number of essential session cookies so that signing in works. We do not currently use analytics or marketing cookies, so no consent banner is required. If we add optional cookies in the future, we will ask first.

Your rights

You can request access to, correction of, deletion of, or a portable copy of your personal data at any time by emailing support@dropvalidate.com. EU and UK users have additional rights under the GDPR / UK GDPR, including the right to lodge a complaint with your local data protection authority.

Data retention

We retain your account and validation history for as long as your account is active. When you delete your account, your personal data and validation history are purged within 30 days. Aggregated, non-identifying logs may be retained for longer for security and capacity planning.

Contact

For any privacy question — including data access or deletion requests — email support@dropvalidate.com.