Back to Home

Privacy Policy

Last updated: January 9, 2026

1. Introduction

This Privacy Policy explains how DropPing ("we", "us", or "our") collects, uses, and protects your personal data when you use our service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The data controller responsible for your personal data is identified in our Impressum.

2. Data We Collect

2.1 Account Information: When you create an account, we collect your email address and a hashed version of your password. We never store your password in plain text.

2.2 Watch Data: We store information about the products you choose to monitor, including URLs, product names, and your notification preferences.

2.3 Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but do not store your credit card details. Stripe's privacy policy applies to payment data.

2.4 Communication Data: If you connect Telegram or Discord for notifications, we store the necessary identifiers (chat IDs, webhook URLs) to deliver alerts.

2.5 Technical Data: We automatically collect certain technical information including IP addresses (for rate limiting and security), browser type, and access times. This data is used for security purposes and service improvement.

2.6 Cookies: We use essential cookies for authentication and session management. See Section 8 for details on our cookie usage.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you requested, including account management, product monitoring, and notifications.
  • Legitimate Interests (Art. 6(1)(f)): Processing for security purposes, fraud prevention, and service improvement, where our interests do not override your rights.
  • Legal Obligation (Art. 6(1)(c)): Processing required to comply with legal obligations, such as tax and accounting requirements.
  • Consent (Art. 6(1)(a)): Where required, we obtain your consent for specific processing activities, such as marketing communications.

4. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Service
  • Send you product availability alerts and notifications
  • Process payments and manage subscriptions
  • Communicate with you about your account and the Service
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Improve and optimize the Service

5. Data Sharing and Third Parties

We share your data with the following categories of recipients:

  • Stripe: For payment processing (US-based, EU-US Data Privacy Framework certified)
  • Telegram/Discord: If you enable these notification channels, we share necessary identifiers to deliver alerts
  • Hosting Providers: Our infrastructure providers who process data on our behalf under data processing agreements
  • Legal Authorities: When required by law or to protect our rights

We do not sell your personal data to third parties. We do not share your data for advertising purposes.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions or certification schemes such as the EU-US Data Privacy Framework.

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations (e.g., tax records for 10 years)
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Cookies and Tracking

8.1 Essential Cookies: We use strictly necessary cookies for authentication and session management. These cookies are required for the Service to function and cannot be disabled.

8.2 Cookie Details:

  • Session Cookie: Maintains your login session (expires after 30 days of inactivity)
  • CSRF Token: Protects against cross-site request forgery attacks
  • Cookie Consent: Remembers your cookie preferences

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Request limitation of processing
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at the address in our Impressum. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Secure password hashing (bcrypt)
  • Access controls and authentication
  • Regular security assessments
  • Rate limiting to prevent abuse

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email.

13. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with a supervisory authority. In Germany, you may contact the data protection authority of your federal state or the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit).

14. Contact

For questions about this Privacy Policy or to exercise your data protection rights, please contact us at the address provided in our Impressum.

Terms of ServiceImpressum
Privacy Policy | DropPing | DropPing