Privacy Policy

Scope

This Privacy Policy explains how droplana.com ("we", "us") collects, uses, and stores personal data when you use the Service. It applies to Business accounts and to Clients who access portals created by those Businesses.

Data Collected

We collect:

• Business accounts: email address, business slug, session data, magic link tokens (stored as SHA-256 hashes).
• Files and messages: files you upload and messages you send to clients are stored on our infrastructure.
• Client behavioural data: we record item_events — specifically when a Client views a message (viewed) or downloads a file (downloaded) through their portal. This data is surfaced to the Business who owns that portal. Automated bot traffic is filtered and not recorded.

How We Use Data

Data is used solely to provide the Service: authenticating users, delivering files, and showing Businesses when their Clients have engaged with shared content. We do not sell data to third parties.

Data Processors

We use the following sub-processors:

• S3-compatible object storage: stores uploaded files. A Data Processing Agreement (DPA) is in place with our storage provider.
• Amazon SES: delivers magic link emails.
• Supabase (PostgreSQL): stores structured application data.

Data Retention

Data is retained for as long as your account is active. You can export or permanently delete all data from the Account settings page at any time.

Contact

For privacy enquiries or data subject requests, contact us at privacy@droplana.com.