Last updated: June 2, 2026 - Version 3.0
1. Who We Are
Drop Planner is an independent fashion drop planning PWA operated from Zambia. Privacy questions and data-rights requests can be sent to privacy@dropplanner.com.
This policy explains how we collect, use, share, store, and protect personal data for the website, app, emails, analytics, billing, uploads, reminders, moodboards, and support workflows.
2. Data We Collect
- Account data: name, email, password credentials handled by our auth provider, sign-in metadata, profile photo, business name, country, brand details, and social handles you choose to add.
- Planning data: drops, pieces, suppliers, timelines, notes, content plans, shoot details, moodboard links, uploaded files, reminders, team memberships, comments, and workspace activity.
- Billing data: plan, billing interval, payment provider, checkout reference, entitlement status, renewal or cancellation state, and payment audit events. Card or mobile-money details are handled by payment providers, not stored by Drop Planner.
- Support and email data: support requests, transactional email delivery metadata, unsubscribe or notification preferences, and security-event notices.
- Technical data: IP address, request metadata, browser and device information, security logs, rate-limit signals, and approximate country where needed for security, routing, analytics, or billing localization.
- Analytics data: after consent, we may use PostHog and optional Mixpanel to collect product events, page views, feature usage, device metadata, and reliability signals. We configure PostHog person profiles for identified users only and route browser analytics through a same-origin proxy when configured.
3. Why We Use Data
| Purpose | Examples | Legal basis where GDPR applies |
|---|---|---|
| Provide the service | Accounts, workspaces, drops, uploads, reminders, exports, team access | Contract |
| Secure the platform | Auth checks, 2FA, abuse prevention, rate limits, audit logs | Legitimate interest; legal obligation where applicable |
| Process payments | Checkout, entitlement mapping, invoices, renewals, cancellations, refunds where offered | Contract; legal obligation |
| Send emails | Verification, login codes, reminders, security notices, support replies, product updates if enabled | Contract; legitimate interest; consent for marketing |
| Improve reliability and product quality | Consent-gated analytics, crash and usage patterns, feature adoption | Consent or legitimate interest depending on region and setting |
| Comply with law | Tax, fraud, regulatory, consumer-rights, and legal requests | Legal obligation |
4. Cookies, Storage, And Analytics
Authentication tokens are stored in session storage and are cleared on logout or session expiry. We do not intentionally store auth tokens in local storage.
We use local storage for preferences such as cookie consent, theme, sidebar state, and safe app preferences. Offline drafts may be stored locally so unfinished work is not lost.
PostHog and Mixpanel browser analytics load only when public analytics IDs are configured and the user accepts analytics cookies. Declining the cookie banner prevents optional analytics initialization. We do not use advertising pixels or sell/share analytics data for cross-context behavioral advertising.
5. Who We Share Data With
We do not sell personal data. We share limited data with service providers that help operate Drop Planner:
- Supabase for database, authentication, and storage.
- Resend or another configured email provider for transactional, lifecycle, and opted-in product emails.
- Paystack and Lemon Squeezy for payment processing, checkout, webhooks, and entitlement records.
- PostHog and optional Mixpanel for consent-gated analytics and reliability telemetry.
- Cloudflare, Render, Redis/Upstash, or similar infrastructure providers for hosting, caching, security, rate limiting, and logs.
- Google if you use Google sign-in, and embedded media providers such as YouTube, Vimeo, SoundCloud, TikTok, Pinterest, Spotify, or Apple Music when you add or view their embeds.
6. User Content And UGC
Your workspace content remains yours. You are responsible for having the rights to upload or embed designs, photos, supplier materials, music, videos, links, prompts, and other content you add. We may remove or restrict content that appears unlawful, abusive, infringing, unsafe, or inconsistent with our Terms of Use.
7. Retention
- Active account and workspace data is retained while the account is active.
- Deleted account and workspace data is removed within 30 days unless retention is required for security, billing, fraud prevention, legal claims, or compliance.
- Server and security logs are retained for up to 90 days unless an incident requires longer preservation.
- Billing and tax records may be retained for the period required by applicable law.
- Backups age out on their normal rotation schedule.
8. Your Rights
Depending on your location, including under GDPR and CCPA/CPRA, you may have rights to access, correct, delete, export, restrict, object to processing, withdraw consent, opt out of sale or sharing, limit use of sensitive personal information, and appeal or complain to a regulator.
Drop Planner does not sell personal data and does not knowingly share personal data for cross-context behavioral advertising. To exercise rights, email privacy@dropplanner.com. We will verify the request and respond within 30 days unless the law allows more time.
9. Email Compliance
Transactional emails are sent to provide the service, secure accounts, confirm activity, or deliver reminders. Marketing or product-update emails require enabled preferences or consent where required, include sender information, and provide a way to manage preferences or opt out.
10. International Transfers
Drop Planner is operated from Zambia and uses providers that may process data in the United States, European Union, United Kingdom, or other regions. Where GDPR applies and data is transferred outside the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses, provider data-processing terms, or equivalent mechanisms.
11. Children
Drop Planner is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. Contact us if you believe a child has provided personal data.
12. Updates
We may update this policy as the product, providers, or law changes. Material updates will be communicated by email, in-app notice, or prominent website notice.