How does Droppe protect my data?
How does Droppe protect my data?
We follow GDPR and use industry-standard security measures to protect your personal and business information. We don't sell your data. We share only what's necessary to process your orders and improve your experience.
What data we collect
When you create an account:
- Name, email, phone number
- Company name, Business ID, VAT number
- Billing and delivery addresses
When you place orders:
- Order history and preferences
- Payment information (processed securely by Stripe)
- Communication history with support
**When you browse our site: **
- Browsing activity and product views (with your consent)
- Session data for site functionality
How we use your data
To process orders:
- Delivery addresses shared with brands and carriers
- Payment info processed by Stripe (never stored by us)
- Order history to track deliveries and handle returns
To improve your experience:
- Personalized product recommendations
- Saved preferences and sizing info
- Faster reordering from purchase history
With your consent:
- Marketing emails about new products and offers
- Analytics to improve our website
- Retargeting ads (cookies can be disabled)
Who we share data with
Required for orders (always shared):
- Brands — Delivery address and contact info for shipping
- Carriers — Delivery address for shipments
- Stripe — Payment processing (PCI-DSS Level 1 certified)
- Crisp — Customer support conversations
Only with your consent:
- Google Analytics (website improvement)
- Meta/Facebook Pixel (advertising)
- AdRoll (retargeting)
We never:
- Sell your data to third parties
- Share data for purposes beyond order processing and service improvement
- Keep data longer than legally required
Your GDPR rights
You have the right to:
- Access — Get a copy of all data we hold about you
- Correct — Fix inaccurate or incomplete information
- Delete — Request erasure of your personal data
- Object — Opt out of marketing and certain processing
- Portability — Receive your data in a standard format
- Restrict — Limit how we process your data
To exercise any right: Email management@droppe.com with your request. We respond within 30 days as required by GDPR.
Data retention
Data Type | Retention Period | Reason |
|---|---|---|
Order/transaction data | 7 years | German tax law (AO §147) |
Account data | While active + 5 years | Service and legal compliance |
Support conversations | 24 months | Quality and follow-up |
Analytics data | 26 months | Website improvement |
Marketing cookies | 18 months | Advertising |
When you request deletion, we remove or anonymize data unless legal retention applies.
Security measures
Technical protection:
- Encryption in transit (HTTPS) and at rest
- Access controls and logging
- Regular security assessments
- PCI-DSS Level 1 compliant payment processing via Stripe
Organizational protection:
- Staff data protection training
- Contracts with all data processors
- Incident response procedures
- Regular compliance audits
Cookies and tracking
Essential (always active):
- Login sessions
- Shopping cart
- Security features
Analytics (consent required):
- Google Analytics
- Hotjar session recordings
Marketing (consent required):
- Meta Pixel
- Google Ads
- AdRoll
Manage your preferences via the cookie banner or our Privacy Policy.
Data controllers
Droppe GmbH (Germany) handles:
- Customer orders and payments
- Marketing communications
- Customer support
Droppe Oy (Finland) handles:
- Platform technology
- Analytics and improvement
- Group data protection
Single contact point: management@droppe.com for all data requests.
Questions?
Questions about your data or privacy? Drop us a message or chat with us. We're happy to help.
Related articles:
Updated on: 25/12/2025
Thank you!