Vibe Droppervibedropper

Privacy Policy

Last updated: 2 April 2026

1. Who we are (Data Controller)

vibedropper ("we", "us") operates the vibedropper email marketing and drop-commerce platform. For the purpose of the General Data Protection Regulation (GDPR), we are the data controller for personal data we process in relation to our platform users (account holders) and our website visitors.

When you use our platform to send campaigns or manage lists, your subscribers' data is processed on your behalf: you are the data controller for that data, and we act as a data processor. Our processing of subscriber data is governed by our Terms of Service and your instructions.

2. What data we collect and why

Platform users (account holders)

  • Account data: email, name, profile image. Sign-in is passwordless (magic link or code). Legal basis: contract performance.
  • Usage data: organization memberships, roles, and activity within the platform. Legal basis: contract performance, legitimate interest (security, product improvement).
  • Sessions and logs: session tokens, IP and request logs where necessary for security and abuse prevention. Legal basis: legitimate interest.

Subscribers (your list contacts)

Subscriber data (email, name, custom fields, consent and opt-in status) is provided by you or by the subscriber when they sign up. We process it only as your processor to deliver emails, manage lists, and run your campaigns. We do not use it for our own marketing. Subscribers can unsubscribe at any time via links in your emails and can request access or erasure from you (the controller).

Website visitors

We may use strictly necessary cookies for authentication and security. With your consent we may use analytics or preference cookies. You can change your cookie preferences at any time.

3. Retention

We retain your account and related data for as long as your account is active. After you delete your account, we remove or anonymise your personal data within a reasonable period, except where we must retain it for legal or regulatory reasons (e.g. invoices, dispute resolution). Subscriber data is retained according to your settings and your instructions as controller.

4. Your rights (GDPR)

If you are in the European Economic Area (or equivalent), you have the right to:

  • Access – request a copy of the personal data we hold about you.
  • Rectification – have inaccurate data corrected (you can update your profile in account settings).
  • Erasure – request deletion of your personal data ("right to be forgotten"). You can delete your account from your profile page.
  • Portability – receive your data in a structured, machine-readable format. You can download your data from your profile page.
  • Restrict processing – in certain cases, limit how we use your data.
  • Object – object to processing based on legitimate interest.
  • Withdraw consent – where we rely on consent, you can withdraw it at any time.
  • Complain – lodge a complaint with a supervisory authority in your country.

To exercise these rights for your platform account: use the "Data & Privacy" section in your Profile (download data, delete account) or contact us at the address below.

5. Cookies

We use strictly necessary cookies (e.g. session) to run the service. Optional cookies (e.g. analytics, preferences) are used only with your consent. You can manage your choices via our cookie banner or your browser settings.

6. Security and international transfer

We implement appropriate technical and organisational measures to protect your data. Data may be processed in the European Economic Area and in other countries where we or our service providers operate; we ensure suitable safeguards (e.g. standard contractual clauses) where required by law.

7. Contact

For privacy-related requests or questions, contact us at: privacy@vibedropper.com. We will respond within the timeframes required by applicable law (e.g. one month under GDPR).

← Back to home