Privacy Policy

1. Introduction

This Privacy Policy explains how OpenDrop ("we," "us," or "our") collects, uses, and protects your information when you use our website and services at opendrop.app. It applies to all users, including those who send drops and those who claim them.

2. Information We Collect

• Social handles — When you claim a drop, we collect your social media handle (e.g., Twitch, YouTube) via OAuth to verify your identity.
• OAuth access tokens — We store tokens issued during the OAuth flow to verify your identity and periodically sync public profile data such as your username and follower count.
• Drop metadata — We store information about each drop, including sender, recipient handle, platform, and reward type. We do not store payment information.
• Analytics data — We use PostHog to collect anonymized usage data such as page views and feature interactions to improve the product.
• Error logs — We use Sentry to capture error reports and performance data to help us diagnose and fix issues.

3. How We Use Your Information

• Verify that the correct person is claiming a drop by matching their social identity.
• Sync public social profile data (username, follower count) periodically.
• Improve the product through anonymized analytics.
• Debug errors and monitor application performance.

4. What We Don't Do

• We do not sell your personal data to anyone.
• We do not share your data with advertisers or ad networks.
• We do not store gift card codes or reward codes after they have been revealed to the recipient.

5. Data Retention

OAuth tokens are retained until you request their deletion. Drop records are retained indefinitely as part of our audit trail to ensure accountability and prevent fraud. If you would like your data deleted, please contact us using the information in Section 10.

6. Your Rights

You have the right to request access to, correction of, or deletion of the personal data we hold about you. To exercise these rights, contact us at privacy@opendrop.app. We will respond to your request within 30 days.

7. Third-Party Services

We rely on the following third-party services to operate OpenDrop. Each has its own privacy policy governing how they handle data:

• Clerk — Authentication and user management
• Convex — Database and backend infrastructure
• PostHog — Product analytics
• Sentry — Error tracking and performance monitoring
• Vercel — Hosting and deployment

8. Children's Privacy

OpenDrop is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your information.