Back to Home

Privacy Policy

Last updated: December 12, 2025

Introduction

Droplink ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at droplink.fm (the "Service").

By using Droplink, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

We collect several types of information to provide and improve our Service:

Account Information

When you create an account, we collect your email address, name, and authentication credentials (password hash or OAuth tokens).

Landing Page Data

Spotify URLs, track/playlist/album/artist IDs, custom text content, design preferences, and configuration settings you provide when creating landing pages.

Conversion Tracking Data

Meta Pixel IDs, Conversions API (CAPI) access tokens (encrypted), custom event names, and conversion event data.

Analytics and Usage Data

Page views, click events, visitor IP addresses (anonymized), browser type, device information, and aggregated statistics.

Payment Information

Billing details processed through Stripe. We do not store credit card numbers on our servers.

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Service
  • To create and manage your landing pages
  • To process conversion tracking through Meta Pixel and CAPI
  • To process payments and manage subscriptions
  • To send service-related communications (updates, security alerts)
  • To provide customer support
  • To analyze usage patterns and optimize performance
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

Third-Party Services

We work with trusted third-party service providers to operate our Service:

Vercel (Hosting & Infrastructure)

Our application is hosted on Vercel. Data is stored in secure data centers.

Stripe (Payment Processing)

Payment information is processed by Stripe. We do not store credit card details.

Resend (Email Communications)

Transactional emails are sent via Resend. We share your email address for this purpose.

Meta (Facebook/Instagram)

If you configure Meta Pixel integration, conversion events are sent to Meta's servers according to your settings. We act as a data processor for this functionality.

Spotify

We fetch public metadata about tracks, albums, playlists, and artists from Spotify's API to display on your landing pages.

Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over HTTPS encryption
  • Passwords are hashed using bcrypt
  • CAPI tokens are encrypted using AES-256-GCM before storage
  • Database access is restricted and audited
  • Regular security updates and monitoring

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Data Retention and Deletion

We retain your information for as long as your account is active or as needed to provide our Service. You may delete your account at any time from your account settings.

When you delete your account:

  • All landing pages and associated data are permanently deleted
  • Your personal information is removed from our active databases
  • Encrypted CAPI tokens are destroyed
  • Aggregated analytics may be retained for statistical purposes (anonymized)

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing

GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data collection and use
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

To exercise any of these rights, please contact us at support@droplink.fm.

CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell data)
  • Right to access your personal information
  • Right to delete your personal information
  • Right to equal service and price (no discrimination)

We do not sell your personal information to third parties.

Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: support@droplink.fm

Back to Top