Privacy Policy — DropItLow

DropItLow (“we,” “us,” or “our”) operates the DropItLow web application. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

Account information

When you create an account we collect your name and email address. Authentication is handled by Better Auth and your credentials are stored in an isolated authentication schema — separate from application data.

Alert preferences

You provide natural-language deal alert descriptions (keywords, merchants, price caps, exclusions). We store these so we can match incoming deals against your preferences.

Payment information

If you upgrade to a paid plan, payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. We receive only a Stripe customer ID and subscription status.

Usage data

We collect standard web analytics through Google Tag Manager, including pages visited, referral source, and device type. This data is aggregated and not linked to your alert content.

Error monitoring

We use Sentry to capture application errors. Error reports may include technical information associated with an error, such as an anonymized session identifier, page URL, browser or device details, and limited client-side context. We configure this tooling to avoid intentionally collecting sensitive information such as your alert content or payment details.

2. How We Use Your Information

Deal matching. We compare your alert preferences against incoming deal data to find matches and send you notifications.
Email notifications. We send deal-match alerts and essential account communications (password resets, billing confirmations) to the email address on your account.
Service improvement. We use aggregated, anonymized usage data to improve matching accuracy and application performance.
Billing. We share your email and Stripe customer ID with Stripe to process subscription payments.

3. Information We Do Not Collect or Sell

We do not sell, rent, or trade your personal information to third parties.
We do not run advertising on DropItLow or share data with ad networks.
We do not use your alert preferences to build marketing profiles or target you with ads.

4. Data Sharing

We share information only with the following service providers, solely to operate DropItLow:

Stripe — payment processing
PlanetScale — PostgreSQL database hosting
Vercel — web application hosting
Cloudflare — background worker hosting
Sentry — error monitoring
Google — analytics via Google Tag Manager

Each provider processes data under its own privacy policy and only as necessary to provide its service to us.

5. Data Retention

We retain your account and alert data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Anonymized, aggregated data (e.g., matching-accuracy metrics) may be retained indefinitely.

6. Data Security

We use industry-standard measures to protect your data, including encrypted connections (TLS), isolated authentication storage, and database-level access controls. No system is 100% secure, but we take reasonable steps to protect the information you entrust to us.

7. Your Rights

You may at any time:

Access or update your account information from your dashboard.
Delete your account, which removes your personal data.
Request a copy of the personal data we hold about you by emailing us at the address below.

If you are in the European Economic Area or another jurisdiction with data-protection laws, you may also have the right to lodge a complaint with your local supervisory authority.

8. Cookies

We use a session cookie to keep you signed in. Google Tag Manager may set additional analytics cookies. You can control cookies through your browser settings, though disabling the session cookie will prevent you from staying signed in.

9. Children

DropItLow is not directed at anyone under 16. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top and, for material changes, notify you by email or through the application.

11. Contact

Questions or requests about this Privacy Policy? Email us at support@dropitlow.com.