DropOS

Legal

Privacy Policy

Last updated: June 2026

Your data belongs to you. Here is exactly what we collect, why, and what we do with it.

What we collect

Name, email, phone, country on registration. Store settings, products, orders, customer information you enter. KIRO chat messages (to generate responses only — never sold or used for AI training without consent). Customer payment details go directly to Paystack/Stripe and are never stored on our servers.

How we use it

To run your account and store. To send transactional emails (order confirmations, password resets). To improve the platform. To manage your subscription. We do not sell your data. We do not use your customer data for advertising.

Your customers' data

You are the data controller for your customers' personal information. You are responsible for your own store privacy policy and for complying with applicable privacy laws. We act as your data processor.

Security

Data stored on Railway (PostgreSQL) and Vercel — both SOC 2 compliant. HTTPS everywhere. Passwords hashed with bcrypt. API keys encrypted at rest. We never log your Paystack or Stripe secret keys in plain text.

Cookies

Essential cookies only — for keeping you logged in. No tracking cookies. No Google Analytics. No Facebook Pixel on the DropOS dashboard.

Retention

Data kept while your account is active. Permanently deleted within 30 days of account deletion, except where we are legally required to retain records. Export all your data from Settings at any time.

Your rights

Access, correct, export, or delete your data at any time. Email privacy@droposhq.com. We respond within 30 days.

NDPR

We comply with Nigeria's Data Protection Regulation (NDPR) 2019. As your data processor we support your NDPR compliance obligations.

Changes

We notify you by email at least 14 days before material changes.

Contact

privacy@droposhq.com · DropOS, Lagos, Nigeria

Privacy questions: privacy@droposhq.com