Privacy Policy
Last updated: May 2026
Data Controller
The Service is operated by Ubique d.o.o., a company registered in Croatia, European Union.
- Registered seat: Kikićeva 7, 10000 Zagreb, Croatia
- Company VAT ID (OIB): HR 90787328659
- Privacy contact: privacy@droplana.com
In this policy, "droplana", "we", "us", and "our" refer to Ubique d.o.o.
Scope
This Privacy Policy explains how Droplana collects, uses, and stores personal data when you use the Service. It applies to Business accounts and to Customers who access portals created by those Businesses.
Data Collected
We collect:
- Business accounts: email address, business slug, session data, magic link tokens (stored as SHA-256 hashes).
- Files and messages: files you upload and messages you send to customers are stored on our infrastructure.
- Customer behavioural data: we record specifically when a Customer views a message or downloads a file through their portal. This data is surfaced to the Business who owns that portal. Automated bot traffic is filtered and not recorded.
- Billing-related identifiers: subscription IDs and invoice IDs received from Creem. We do not store payment card details — those are processed by Creem.
How We Use Data
Data is used solely to provide the Service: authenticating users, delivering files, and showing Businesses when their Customers have engaged with shared content. We do not sell data to third parties and we do not train AI models on your data.
Data Processors
We use the following sub-processors. All EU-based providers operate under a Data Processing Agreement.
| Service | Provider | Location | Notes |
|---|---|---|---|
| Server hosting | Hetzner Online GmbH | Germany (EU) | DPA available |
| PostgreSQL database | Hetzner Online GmbH | Germany (EU) | DPA available |
| S3-compatible object storage | Hetzner Online GmbH | Germany (EU) | DPA available |
| Transactional email | Brevo (Sendinblue SAS) | France (EU) | No customer file data stored |
| Payments (Merchant of Record) | Creem.io - Armitage Labs OÜ | Estonia (EU) | Subscription and invoice data only |
| Code hosting | GitHub, Inc. | US | No customer data |
International Transfers
Customer files, database records, emails and payments are all stored and processed in EU.
Data Retention
Data is retained for as long as your account is active. You can export or permanently delete all data from the Account settings page at any time. Account deletion is an irreversible hard delete. Backups are used solely for disaster recovery, are not user-accessible, and expire on the system-defined schedule of our infrastructure provider.
Your Rights
Under the GDPR you have the right to access, correct, delete, export, restrict, or object to processing of your personal data. Most rights can be exercised directly from your Account page. To make any other request, email privacy@droplana.com. We respond within 30 days.
You also have the right to lodge a complaint with your supervisory authority. For Croatia this is the Croatian Personal Data Protection Agency (AZOP).
Contact
For privacy enquiries or data subject requests, contact us at privacy@droplana.com.