← Back

Privacy Policy

Dropkard

Operated by Joshua Harris trading as Dropkard

hello@dropkard.com

United Kingdom

Last updated: 22 May 2026

1. Who We Are

Dropkard is operated by Joshua Harris trading as Dropkard, based in the United Kingdom. For the purposes of UK GDPR, Joshua Harris trading as Dropkard is the data controller for personal data collected through this Service.

If you have any questions about how we handle your data, contact us at hello@dropkard.com.

2. What Data We Collect

Account data. When you create an account, we collect your email address. If you sign in via Google OAuth, we receive your email address and name from Google as part of the authentication process.

Usage data. We collect information about how you use the Service, including pages visited, links clicked, and actions taken within your account. This data is used to provide analytics features and to improve the Service.

Public page data. Content you add to your Dropkard page — including your display name, bio, links, and artwork — is stored and made publicly accessible at your chosen URL.

Payment data. We do not collect or store payment card details. All payment processing is handled by Paddle, our payment processor, who acts as merchant of record. We store only your Paddle customer ID and subscription status.

3. How We Use Your Data

We use the data we collect to:

  • Create and manage your account
  • Provide and operate the Service
  • Send transactional emails, including account confirmation, billing notifications, and product updates
  • Display analytics to you within your dashboard
  • Respond to support requests

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

  • Contract: processing necessary to provide the Service you have signed up for
  • Legitimate interests: processing to maintain the security and integrity of the Service, and to improve it
  • Legal obligation: processing required to comply with applicable law

5. Data Storage and Security

Your data is stored in Supabase, hosted in the eu-west-2 region (West Europe, London). All data is stored within the United Kingdom. We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

6. Third-Party Services

We use a small number of third-party services to operate Dropkard:

ServicePurposePrivacy Information
SupabaseDatabase and authenticationsupabase.com/privacy
PaddlePayment processingpaddle.com/privacy
ResendTransactional email deliveryresend.com/privacy
VercelApplication hostingvercel.com/legal/privacy-policy

7. Cookies

Dropkard uses only essential cookies necessary for authentication and session management. We do not use tracking cookies or advertising cookies. No cookie consent banner is required.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (for example, transaction records for tax purposes).

9. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (subject to legal retention obligations)
  • Restrict or object to certain processing
  • Portability — receive your data in a portable format

To exercise any of these rights, contact us at hello@dropkard.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email. The current version is always available at dropkard.com/privacy.

11. Contact

Joshua Harris trading as Dropkard

hello@dropkard.com

United Kingdom