Privacy Policy

We collect information you provide directly, information generated through your use of the Service, and information from third-party sources integrated into the platform.

• Account information: When you register, we collect your full name, username, email address, password (stored as a cryptographic hash), and account role (Artist, Manager, Assistant, Fan).
• Profile information: Optional profile data including artist/fan biography, profile image, and associated social media handles.
• Content you upload: Photos, videos, audio recordings, documents, and other files that Artists upload to the platform, along with associated metadata (file names, sizes, types, upload dates).
• Payment information: Billing address and payment card details submitted during checkout. Full card numbers are transmitted directly to Stripe and are never stored on DropSub servers.
• Communications: Messages you send to DropSub support, feedback submissions, and responses to surveys or research.

• Usage data: Pages visited, content viewed, search queries, subscription actions, purchase history, and feature interactions.
• Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, and referring URLs.
• Log data: Server logs including timestamps, request paths, response codes, and error information for security and debugging purposes.
• Content engagement data: For Artists, aggregate statistics on folder views, file plays, subscriber counts, and revenue metrics made available through the analytics dashboard.

• Stripe: Upon Stripe Connect onboarding, we receive confirmation of identity verification status, payout account details (bank account last 4 digits, routing information), and transaction records from Stripe.
• Authentication providers: If you choose to sign in using a third-party authentication provider, we receive basic profile information (name, email) from that provider.

We use the information we collect for the following purposes, all of which are necessary to provide, operate, and improve the Service:

• Account management: To create and manage your account, verify your identity, and authenticate your sessions.
• Service delivery: To deliver content you have purchased access to, process subscriptions, and manage recurring billing through Stripe.
• Artist analytics: To generate and display subscriber counts, revenue metrics, content engagement statistics, and payout summaries in Artist dashboards.
• Notifications: To send transactional emails (purchase confirmations, subscription renewals, payout notifications, account security alerts) and, where you have opted in, marketing communications about new features or promotions.
• Customer support: To respond to your inquiries, investigate disputes, and resolve technical issues.
• Safety and fraud prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, content policy violations, and other illegal activity.
• Legal compliance: To comply with applicable laws, regulations, tax obligations, and respond to lawful requests from government authorities.
• Product improvement: To analyze usage patterns, diagnose bugs, conduct A/B testing, and improve the platform's features, performance, and design.

We share your information only with the service providers necessary to operate the platform. All third-party providers are contractually required to process your data only as directed by DropSub and to maintain appropriate security measures.

• Business transfers: If DropSub is acquired, merges with another entity, or undergoes a corporate restructuring, your information may be transferred as part of that transaction. We will notify you before your data is subject to a materially different privacy policy.
• Legal obligations: We may disclose your information when required by law, court order, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• With your consent: We may share your information with third parties in other circumstances with your explicit consent.

We do not share personal information with advertisers, data brokers, or analytics companies for targeted advertising purposes.

DropSub uses cookies and similar tracking technologies to operate the Service, remember your preferences, and understand how users interact with the platform.

• Essential cookies: Required for the platform to function. These include session authentication tokens, CSRF protection tokens, and load-balancing cookies. You cannot opt out of essential cookies without losing access to the Service.
• Preference cookies: Remember your settings such as preferred language, display mode, and content filters.
• Analytics cookies: Help us understand how visitors use the platform — which features are used most, where users encounter friction, and how pages perform. We use aggregated, anonymized data from these cookies to improve the Service.
• Security cookies: Used to detect and prevent fraudulent activity, account takeovers, and other malicious behavior.

DropSub stores authentication tokens in your browser's localStorage (for persistent "remember me" sessions) or sessionStorage (for session-only authentication that clears when you close the browser tab). These tokens are used solely to authenticate your requests to the DropSub API.

Most web browsers accept cookies by default, but you can instruct your browser to refuse cookies or notify you when a cookie is being sent. Note that refusing essential cookies will prevent you from accessing the Service. Refer to your browser's help documentation for instructions on managing cookies.

We retain your personal information for as long as your account remains active and for a reasonable period thereafter as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

• Active account data: Retained for the lifetime of your account plus 90 days following account closure to allow for dispute resolution.
• Uploaded content: Artist content is retained for the duration of the Artist's account. Upon account deletion, content files are removed from active storage within 30 days and from backup systems within 90 days.
• Transaction records: Payment and subscription records are retained for seven (7) years from the transaction date for tax and legal compliance purposes, even after account deletion.
• Security and fraud logs: Access logs, IP records, and fraud-related data are retained for up to two (2) years.
• Support communications: Customer support tickets and related correspondence are retained for three (3) years.
• Anonymized analytics: Aggregated, de-identified usage data may be retained indefinitely for product improvement purposes and cannot be traced back to individual users.

When we no longer have a legitimate need to retain your data, we securely delete or anonymize it. You may request deletion of your account data at any time through account settings, subject to the retention periods above required by law.

Depending on your location, you may have the following rights with respect to your personal information. To exercise any of these rights, please contact us at legal@dropsub.com. We will respond to verified requests within 30 days.

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know about personal information sold or disclosed for business purposes (DropSub does not sell personal information) and the right to non-discrimination for exercising your rights.

EEA and UK residents may have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the right to lodge a complaint with your local supervisory authority.

DropSub is not directed to children under the age of 13 (or 16 in the European Economic Area), and we do not knowingly collect personal information from children below these ages. Our Terms of Service require all users to be at least 18 years of age or the age of majority in their jurisdiction.

If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold, we will take immediate steps to delete that information from our systems. If you believe we may have collected information from a minor, please contact us immediately at legal@dropsub.com.

Parents or legal guardians who have concerns about their child's privacy in connection with the DropSub platform should contact us directly. We take these concerns seriously and will respond promptly.

If you have questions, concerns, or requests regarding this Privacy Policy or DropSub's data practices, please contact our privacy team:

• Email: legal@dropsub.com — for privacy inquiries, data subject requests, and legal notices
• Response time: We aim to respond to all privacy inquiries within 5 business days and to fulfill data subject requests within 30 days
• Company: DropSub LLC

If you are not satisfied with our response, you have the right to lodge a complaint with the appropriate data protection authority in your jurisdiction. For EEA residents, this would be the supervisory authority in your EU member state. For UK residents, this is the Information Commissioner's Office (ICO).

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via email or a prominent notice on our website at least 14 days before the changes take effect. Your continued use of the Service following notice of changes constitutes acceptance of the updated policy.