GDPR Compliance

1. Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of EU residents. At dropfeed, we are committed to ensuring the privacy and protection of your personal data in compliance with GDPR requirements.

2. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing of your personal data
• Rights Related to Automated Decision Making: Human review of automated decisions

3. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

We will respond to your request within 30 days. If we need more time, we will notify you and explain the reason for the delay.

4. Personal Data We Collect

We collect the following categories of personal data:

• Account Information: Name, email address, password
• Profile Data: User profiles, preferences, settings
• Content Data: Posts, drafts, and content you create
• Usage Data: How you interact with our services
• Payment Data: Billing information (processed by Stripe)
• Technical Data: IP address, browser type, device information

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: To provide our services and fulfill our obligations
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations

6. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Improve our services

When we no longer need your data, we will securely delete or anonymize it.

7. Data Transfers

Your personal data may be transferred to and processed in countries outside the EU. We ensure appropriate safeguards are in place:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Other appropriate safeguards

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

9. Data Breach Notification

In the event of a data breach that affects your personal data, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Document the breach and our response
• Take steps to mitigate any adverse effects

10. Third-Party Processors

We use the following third-party processors who have access to your data:

• Supabase: Database and authentication services
• Stripe: Payment processing
• Vercel: Website hosting and CDN
• X.com: Social media integration

Google Analytics

We use Google Analytics to analyze website usage and improve our services. Google Analytics processes the following personal data:

• IP address (anonymized)
• Browser and device information
• Pages visited and session duration
• Geographic location (country/region level)
• Referrer information
• User interactions and custom events

Legal Basis: Legitimate interest in improving our services and user experience.

Data Retention: Google Analytics data is retained for 26 months by default.

Data Transfers: Data is transferred to Google servers in the United States under appropriate safeguards including Standard Contractual Clauses.

Your Rights: You can opt out of Google Analytics tracking by:

• Installing the Google Analytics Opt-out Browser Add-on
• Adjusting your browser's cookie settings
• Contacting us to request data deletion

All processors are bound by data processing agreements and GDPR compliance requirements.

11. Automated Decision Making

Our AI content generation features may involve automated processing. You have the right to:

• Request human review of automated decisions
• Express your point of view
• Contest the decision
• Understand the logic behind automated processing

12. Children's Data

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

13. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data in accordance with GDPR. You can find your local authority at:European Data Protection Authorities

14. Changes to This Notice

We may update this GDPR notice from time to time. We will notify you of any material changes by email or through our services. The "Last updated" date at the top of this page indicates when this notice was last revised.

15. Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us: