1. Information We Collect
We collect information that you provide directly to us, including:
- Email address (for authentication)
- Name (optional)
- Session data (for maintaining your login state)
- Device UUID (for security purposes)
- IP address and user agent (for security logging)
2. Uploaded Content
When you use the Service, you upload image files ("Your Content") to be composited into mockup templates. Regarding Your Content:
- You retain full ownership of Your Content at all times.
- Your Content is processed solely to render the mockup previews and exports you request.
- We do not use Your Content for any other purpose — including advertising, analytics, or training machine learning models.
- Your Content is not shared with or sold to any third party.
- Uploaded files are automatically deleted from our servers within 7 days of upload.
- We may access Your Content solely to diagnose a technical issue that you have reported to us. Such access is limited strictly to the reported issue.
3. How We Use Your Account Data
We use the account information we collect to:
- Provide, maintain, and improve the Service
- Authenticate your account and maintain your session
- Send you magic links for passwordless authentication
- Manage your subscription and credit balance
- Protect against unauthorized access and abuse
- Communicate with you about the Service
4. Payment Processing (Paddle)
All payments are handled by Paddle.com Market Limited ("Paddle"), our payment processor and Merchant of Record. When you make a purchase, you provide your payment details directly to Paddle — we do not receive or store your card number or full payment details.
Paddle receives your email address and, where required by law, your billing country in order to process the transaction and comply with tax obligations. Paddle's processing of your personal data is governed by Paddle's Privacy Policy.
5. Cookies and Similar Technologies
We use essential cookies for authentication purposes. These cookies are necessary for the Service to function and cannot be disabled. We use session cookies, CSRF tokens, and LocalStorage for device UUID security tracking. See our Cookie Policy for details.
6. Data Retention
We retain your personal data only for as long as necessary to provide the Service:
- Magic links expire after 15 minutes.
- Sessions expire after 12 hours of inactivity.
- Uploaded image files are deleted within 7 days.
- Account data is retained until you delete your account.
7. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access your personal data (via Account Settings → Export Data)
- Delete your account and all associated data (via Account Settings → Delete Account)
- Receive a copy of your data in a machine-readable format
- Object to processing based on legitimate interest
To exercise any of these rights, contact us at contact@drompl.com.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including password hashing (PBKDF2-SHA256), one-time use magic links, secure HttpOnly session cookies, CSRF protection, and rate limiting on authentication endpoints.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of changes by updating the "Last updated" date at the top of this page.
10. Contact Us
If you have questions about this Privacy Policy, contact us at contact@drompl.com.