Privacy Policy
We take your privacy seriously. This policy explains exactly what data we collect, why we need it, and your rights under GDPR and Belgian law.
Last updated: May 2026
Summary for your convenience
What we collect
Email, name, payment info (via Mollie), usage analytics, IP address.
Why we need it
To provide the Service, process payments, prevent fraud, improve features.
We never
Sell your personal data to third parties. Ever.
1Who We Are (Data Controller)
Dropelle is the data controller responsible for your personal data. We are based in Belgium and operate under Belgian and EU law (GDPR - Regulation 2016/679).
Contact: [email protected]
For urgent privacy matters, you may also contact the Belgian Data Protection Authority (GBA/APD).
2Data We Collect
Account Data
Email address, first name, last name, and hashed password. Required to create and secure your account.
Payment Data
Processed securely by Mollie. We do NOT store full credit card numbers, CVV codes, or bank account details on our servers. We receive a payment status, subscription ID, and customer ID from Mollie.
Usage Data
Pages visited, features used, time spent, searches performed. Collected to improve our product and debug issues.
Referral Data
Your unique referral code, referral signups, and wallet balance. Used for our affiliate program.
Technical Data
IP address, browser type, device type, operating system. Collected automatically by Cloudflare and our servers for security and performance.
Communication Data
Emails and messages you send to our support team. Stored to provide assistance and improve service.
Cookie Data
See our Cookie Policy for details on tracking technologies used on the Website.
3Legal Basis for Processing (GDPR Art. 6)
Contractual Necessity
We process your account and payment data to fulfill our contract with you — providing the Dropelle Service you signed up for.
Legitimate Interest
We process usage and technical data to secure our platform, prevent fraud, debug errors, and improve our product. We believe this interest does not override your fundamental rights.
Consent
For marketing emails and non-essential cookies, we ask for your explicit consent. You may withdraw consent at any time via account settings or unsubscribe links.
Legal Obligation
We retain payment records for 7 years as required by Belgian tax law (BTW-Wetboek / Code de la TVA). We may disclose data if compelled by Belgian law enforcement with a valid court order.
4Third-Party Data Processors
We share minimal data with trusted processors who help us operate the Service. All processors are contractually bound to GDPR compliance and may not use your data for their own purposes.
| Processor | Purpose | Data Shared |
|---|---|---|
| Mollie | Payment processing | Email, name, payment amount, subscription status |
| Cloudflare | Security, CDN, DDoS protection | IP address, browser data |
| Brevo (Sendinblue) | Transactional emails | Email, name |
| Google Analytics | Website analytics | Anonymized IP, pages visited |
| Meta & TikTok | Advertising pixels | Pseudonymized visitor data |
5Data Retention
Your data is retained as long as your account exists.
Upon account deletion request, all personal data is permanently erased within 30 days.
Payment and invoice records are retained for 7 years per Belgian tax law (Art. 60 CTVA / BTW-Wetboek).
Server logs and automated backups are rotated every 30 days.
6International Data Transfers
Your data is stored on servers within the European Union. Some processors (Google, Meta, Cloudflare) may transfer data outside the EU. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.
7Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete data we hold about you.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Request that we limit how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interest or direct marketing.
Right to Withdraw Consent
Withdraw previously given consent at any time, without affecting prior lawful processing.
To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority.
8Data Security
We implement appropriate technical and organizational measures including: SSL/TLS encryption for all data in transit, Cloudflare Web Application Firewall, hashed passwords (SHA-256 with salt), restricted server access, and regular security audits. While no system is 100% secure, we take commercially reasonable steps to protect your data. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33.
9Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.
10Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our Website. Continued use of the Service after changes constitutes acceptance of the updated policy.