Privacy Policy

This Privacy Policy explains how Dropafeed handles information collected through the Dropafeed website, dashboard, hosted forms, embedded widgets, billing flows, and support interactions.

Dropafeed is a business software product. In many cases, our customers decide what feedback to collect from their end users and act as the primary controller for that information, while Dropafeed acts as a service provider or processor on their behalf.

We collect account and workspace information such as email address, authentication data, website domains, billing status, and product configuration needed to operate your account.

We also collect feedback payloads submitted through hosted forms and widgets, along with related metadata such as timestamps, source website context, form identifiers, and technical request information like user agent or origin validation data.

We use information to provide the service, authenticate users, validate submission traffic, route and store feedback, generate dashboards and exports, process billing events, maintain security, and troubleshoot incidents.

We do not describe this product as an advertising platform, and this policy should not be read as consent for unrelated profiling or resale of user data.

Dropafeed relies on third-party infrastructure providers to operate the service, including Vercel for the web app, Cloudflare for edge validation and queueing, Supabase for authentication and database storage, and Polar for billing and customer portal functionality.

Information may be processed by those providers only as needed to run the service. Customers remain responsible for reviewing whether those subprocessors are appropriate for their own compliance obligations.

We retain account records, billing state, and feedback data for as long as needed to operate the service, maintain security, resolve disputes, and meet legal or financial record-keeping obligations.

Customers are responsible for deciding what end-user content they collect through Dropafeed and for whether that collection aligns with their own retention and deletion obligations.

Dropafeed uses authenticated dashboard access, tenant-scoped reads, server-side privileged operations, origin validation, and form attachment checks to reduce unauthorized access to customer data.

No internet-facing service can honestly promise perfect security. If we discover a material security incident affecting the platform, we will investigate, mitigate, and communicate through the appropriate customer support channel.

If you are an end user who submitted feedback to a Dropafeed customer, please contact the website or business that collected your submission first, because they usually control the content and purpose of that data.

If you are a Dropafeed customer and need help with access, export, correction, or deletion requests related to your account data, use the support channel associated with your account or billing contact.

We may update this Privacy Policy as the product, infrastructure, or legal posture evolves. When we make material changes, we will update the effective date on this page and publish the revised version here.