Privacy Policy

Dropable GmbH
Lukas Wirth, Max Geiger, Fabio Sorrentino
Willy-Brandt-Platz 4
90402 Nürnberg, Germany

Contact Information:
Email: legal@dropable.io
Phone: +49 (0) 151 23476125

We collect information when you visit our website or use our file sharing services:

Personal Information:
• Name, email address, and phone number (when you contact us or register)
• Company/agency information for professional accounts
• Project data and file sharing requirements
• Communication history and correspondence
• Newsletter subscription data (if you subscribe)

File Sharing Data:
• Uploaded files and project materials
• File metadata (names, sizes, types, upload timestamps)
• Project organization and folder structures
• Client access logs and file download history

Technical Information:
• IP address and device information
• Browser type and version
• Pages visited and time spent on site
• Referral sources and user behavior patterns

Server Log Files:
Our hosting provider automatically collects and stores information in server log files, which your browser automatically transmits. This includes:
• Browser type and version
• Operating system used
• Referrer URL (previously visited page)
• Hostname of the accessing computer
• Time of server request
• IP address

This data cannot be assigned to specific persons and is not merged with other data sources.

We use your personal data for the following purposes:

Service Provision:
• Operate file sharing platform and storage services
• Process account registrations and authentication
• Enable file uploads, downloads, and project management
• Provide client access to shared files and projects
• Send service notifications and file activity updates
• Deliver newsletters (if you subscribed)

Business Operations:
• Improve our platform functionality and user experience
• Analyze service quality and customer satisfaction
• Monitor storage usage and system performance
• Comply with legal and regulatory requirements
• Maintain business records as required by law

Communication:
• Respond to your inquiries and support requests
• Send relevant service updates and information
• Provide technical support and assistance

Legal Basis (GDPR Art. 6):
• Processing based on your consent (Art. 6(1)(a) GDPR) - e.g., newsletter subscription
• Processing necessary for contract performance (Art. 6(1)(b) GDPR) - e.g., file sharing services
• Processing necessary for legal obligations (Art. 6(1)(c) GDPR) - e.g., tax records
• Processing based on legitimate interests (Art. 6(1)(f) GDPR) - e.g., platform analytics

We use the following analytics tools to improve our services:

Google Analytics:
• Tracks website usage, page views, and user behavior
• Helps us understand how visitors interact with our platform
• Enables us to improve website performance and content
• Data is anonymized (IP anonymization enabled)
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

Google Tag Manager:
• Manages website tracking codes and conversion measurement
• Enables us to measure marketing effectiveness
• Helps optimize user experience based on behavior data
• Privacy Policy: https://policies.google.com/privacy

Conversion Tracking:
We track the following events to improve our services:
• Account registrations and sign-ups
• Contact form submissions and inquiries
• File upload and download activities
• Email and phone click interactions
• Social media engagement

You can opt out of analytics tracking by adjusting your cookie preferences or using browser privacy settings.

We work with trusted third-party providers to deliver our services:

Website Infrastructure:
• Vercel Inc. (Website hosting and CDN services)
• Privacy Policy: https://vercel.com/legal/privacy-policy

Communication Services:
• Resend (Email delivery for notifications and newsletter)
• Privacy Policy: https://resend.com/legal/privacy-policy

Data Storage and Security:
• Supabase (Secure database, file storage, and authentication services)
• Privacy Policy: https://supabase.com/privacy

All third-party providers are carefully selected and contractually required to maintain appropriate data protection standards in compliance with GDPR.

Newsletter Subscription:
With your consent, you can subscribe to our newsletter to receive information about our services, product updates, and relevant industry insights.

Legal Basis:
Newsletter delivery is based on your explicit consent (Art. 6(1)(a) GDPR).

Data Processing:
• Email address (required for delivery)
• Subscription timestamp
• Confirmation timestamp (double opt-in)
• IP address at subscription time (proof of consent for legal compliance)

Service Provider:
Newsletter emails are sent via Resend (https://resend.com/legal/privacy-policy). Your email address and subscription data are transmitted to and processed by Resend for the purpose of newsletter delivery.

Double Opt-In Process:
We use the double opt-in procedure to ensure your consent. After registration, you will receive a confirmation email with a verification link. Only after clicking this confirmation link will you be subscribed to our newsletter. This protects you from unwanted subscriptions and serves as proof of consent.

Withdrawal of Consent:
You can withdraw your consent and unsubscribe at any time by:
• Clicking the unsubscribe link at the bottom of any newsletter email
• Sending an email to legal@dropable.io
• Contacting us via phone at +49 (0) 151 23476125

Upon unsubscribe, your email address will be immediately removed from our newsletter distribution list. If we are legally required to retain your data for other purposes (e.g., if you are also a customer with an active account), this retention will be limited to those purposes only.

Retention Periods:
• Active user accounts: Duration of service usage
• Inactive accounts: Up to 12 months after last activity (with notification)
• Project and file data: Until account deletion or user-initiated removal
• Contact inquiries and support tickets: Up to 3 years (business compliance)
• Newsletter subscriptions: Until you unsubscribe or withdraw consent
• Communication records: Until deletion request or consent withdrawal
• Website analytics: 14 months (Google Analytics default)
• Technical logs: 12 months maximum
• Legal/tax records: As required by German commercial and tax law (typically 10 years)

Security Measures:
We implement industry-standard security measures including:
• Encrypted data transmission (SSL/TLS encryption)
• Secure file storage with encryption at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Staff training on data protection procedures
• Incident response and breach notification procedures
• Automated backups and disaster recovery

SSL/TLS Encryption:
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, including files you upload and inquiries you send to us. You can recognize an encrypted connection by the "https://" in your browser's address bar and the lock icon. When SSL/TLS encryption is activated, data you transmit to us cannot be read by third parties.

Our website uses cookies and similar technologies:

Essential Cookies:
• Required for basic website functionality
• Session management and authentication
• File upload/download operations
• Cannot be disabled without affecting site operation

Analytics Cookies:
• Google Analytics for website performance measurement
• User behavior analysis for service improvement
• Anonymous usage statistics and reporting

Functional Cookies:
• Language preferences (English/German)
• Theme settings (dark/light mode)
• User interface preferences

Marketing Cookies:
• Conversion tracking for marketing campaigns
• Social media integration and sharing features

Cookie Management:
You can control cookie settings through:
• Your browser's privacy settings
• Our cookie consent banner
• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Most browsers accept cookies automatically but allow you to disable them. Please note that disabling cookies may limit website functionality.

Under GDPR, you have the following rights:

Access and Information (Art. 15 GDPR):
• Request information about what personal data we process
• Obtain a copy of your personal data in a structured format
• Be informed about data processing purposes and recipients

Correction and Deletion (Art. 16, 17 GDPR):
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data ("right to be forgotten")
• Delete your account and all associated files
• Object to processing for marketing purposes

Restriction and Portability (Art. 18, 20 GDPR):
• Request restriction of data processing in certain circumstances
• Receive your data in a portable format
• Transfer data to another controller
• Export all your files and project data

Consent and Withdrawal (Art. 7 GDPR):
• Withdraw consent for data processing at any time
• Opt out of marketing communications and newsletters
• Request restriction of analytics tracking

Right to Object (Art. 21 GDPR):
• Object to data processing based on legitimate interests
• Object to direct marketing and profiling

Exercising Your Rights:
To exercise any of these rights, contact us at:
Email: legal@dropable.io
Phone: +49 (0) 151 23476125

We will respond to your request within 30 days (as required by GDPR Art. 12).

Right to Lodge a Complaint:
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged data protection violation occurred.

Supervisory Authority (Germany):
For data protection matters in Germany, the competent supervisory authority depends on your federal state. For general inquiries:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
Phone: +49 (0) 228 997799-0
Email: poststelle@bfdi.bund.de
Website: https://www.bfdi.bund.de

Some of our service providers operate internationally, which may involve transferring your data outside the EU/EEA:

Google Services (Analytics, Tag Manager):
• Data may be processed in Google's global data centers
• Google LLC participates in the EU-US Data Privacy Framework (DPF)
• DPF adequacy decision by EU Commission: July 10, 2023
• Google complies with GDPR and international data protection standards
• DPF List: https://www.dataprivacyframework.gov/list
• Privacy Policy: https://policies.google.com/privacy

Vercel and Supabase:
• Infrastructure located in secure, compliant data centers
• All transfers are protected by appropriate safeguards (GDPR Art. 46)
• Contractual data protection obligations in place (Standard Contractual Clauses)
• Vercel complies with EU-US Data Privacy Framework
• Supabase uses AWS infrastructure with regional data storage options

We ensure all international transfers comply with GDPR requirements and include appropriate protection measures.

When you contact us via our contact form or email:

Data Processing:
• Your inquiry data is stored for processing your request
• We collect only the information necessary to respond to your inquiry
• Data is processed based on your consent (GDPR Art. 6(1)(a)) or contract performance (GDPR Art. 6(1)(b))

Storage Duration:
• Contact form data is retained until your inquiry is fully resolved
• If a business relationship develops, data is stored according to commercial and tax retention requirements
• You can request deletion at any time (subject to legal retention obligations)

Email Communication:
• Emails are transmitted via Resend with encryption
• Email content is stored only as long as necessary for communication purposes
• We do not share your email address with third parties without your consent

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you as defined in Art. 22 GDPR.

Our website analytics are used solely for statistical purposes and platform improvement. They do not result in automated decisions about individuals.

We may update this privacy policy periodically to reflect:
• Changes in our data processing practices
• New legal requirements or regulatory guidance
• Updates to our services or technology
• Enhanced privacy protection measures

We will notify you of significant changes by:
• Posting the updated policy on our website with a new effective date
• Sending email notifications for material changes (where applicable)
• Highlighting key changes in our communications

We encourage you to review this policy regularly to stay informed about how we protect your privacy.

Last Updated: {{lastUpdated}}

For any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

Contact Information:
Dropable GmbH
Lukas Wirth, Max Geiger, Fabio Sorrentino
Email: legal@dropable.io
Phone: +49 (0) 151 23476125

Office Address:
Willy-Brandt-Platz 4
90402 Nürnberg, Germany

Response Time:
We aim to respond to all privacy-related inquiries within 30 days (GDPR compliance). For urgent matters, please call our office directly.