Legal
Privacy Policy
Last updated: June 2026
Your data belongs to you. Here is exactly what we collect, why, and what we do with it.
What we collect
Name, email, phone, country on registration. Store settings, products, orders, customer information you enter. KIRO chat messages (to generate responses only — never sold or used for AI training without consent). Customer payment details go directly to Paystack/Stripe and are never stored on our servers.
How we use it
To run your account and store. To send transactional emails (order confirmations, password resets). To improve the platform. To manage your subscription. We do not sell your data. We do not use your customer data for advertising.
Your customers' data
You are the data controller for your customers' personal information. You are responsible for your own store privacy policy and for complying with applicable privacy laws. We act as your data processor.
Security
Data stored on Railway (PostgreSQL) and Vercel — both SOC 2 compliant. HTTPS everywhere. Passwords hashed with bcrypt. API keys encrypted at rest. We never log your Paystack or Stripe secret keys in plain text.
Cookies
Essential cookies only — for keeping you logged in. No tracking cookies. No Google Analytics. No Facebook Pixel on the DropOS dashboard.
Retention
Data kept while your account is active. Permanently deleted within 30 days of account deletion, except where we are legally required to retain records. Export all your data from Settings at any time.
Your rights
Access, correct, export, or delete your data at any time. Email privacy@droposhq.com. We respond within 30 days.
NDPR
We comply with Nigeria's Data Protection Regulation (NDPR) 2019. As your data processor we support your NDPR compliance obligations.
Changes
We notify you by email at least 14 days before material changes.
Contact
privacy@droposhq.com · DropOS, Lagos, Nigeria
Privacy questions: privacy@droposhq.com