This Privacy Policy explains how DripScape ("we", "us") collects, uses, shares and protects your personal information when you use our website, mobile experience and related services. It complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. Data we collect
- Account data: name / username, email address, hashed password, role (buyer or designer), profile picture (if signed in via Google).
- Order data: shipping address, items purchased, total price, order status.
- Payment data: processed by Stripe. We never store full card details. We store Stripe customer IDs, subscription IDs, payout account IDs.
- Design data: AI-generated images, prompts, drafts, published products.
- Usage analytics: page views, clicks, cart adds, wishlist activity, follower events (used to power the Designer Analytics dashboard).
- Device & technical data: IP address, browser type, OS, referrer URL, session cookies.
2. How we use your data
- Operate, maintain and improve the marketplace.
- Process payments, payouts and tax reporting.
- Fulfil and ship orders via Printful, Printify and carriers tracked by Shippo.
- Send transactional emails (order confirmations, shipping updates, subscription notices) via the Gmail API.
- Generate AI design suggestions, trend scores and pricing recommendations via Google Gemini.
- Detect fraud, trademark infringement and policy violations.
3. Legal bases (GDPR)
- Contract: processing orders, subscriptions and payouts.
- Legitimate interest: analytics, fraud prevention, product improvement.
- Consent: optional marketing emails (you may unsubscribe at any time).
- Legal obligation: tax records, anti-money-laundering compliance.
4. Sharing with third parties
We share the minimum data required with the following processors:
- Stripe — payments, Connect payouts, subscriptions.
- Printful & Printify — production and shipping (your shipping address).
- Shippo — multi-carrier tracking webhooks.
- Google (OAuth, Gmail API, Gemini, Maps) — authentication, transactional emails, AI features, delivery maps.
- MongoDB Atlas (or self-hosted MongoDB) — our primary database.
We do not sell your personal data to advertisers.
5. International transfers
Some of our processors are based in the United States. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or the EU-US Data Privacy Framework where applicable.
6. Data retention
- Account & order records: retained for the duration of your account plus 10 years (tax compliance).
- Analytics events: retained for 24 months.
- Marketing preferences: until you withdraw consent.
7. Your rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion (subject to legal retention periods).
- Object to processing or request data portability.
- Lodge a complaint with your local data-protection authority.
Email privacy@dripscape.com to exercise any of these rights.
8. Cookies
We use strictly necessary cookies to keep you signed in and to remember your cart. We do not currently use third-party advertising or tracking cookies.
9. Security
We hash passwords with strong one-way algorithms, use HTTPS everywhere, and verify webhook signatures from Stripe, Printful, Printify and Shippo. Despite our efforts, no system is 100% secure — please use a unique strong password.
10. Changes
We may update this Privacy Policy. Material changes will be announced on the platform and/or by email. The "Last updated" date at the top of this page reflects the latest revision.
11. Contact
Privacy questions: privacy@dripscape.com
This document is a template and does not constitute legal advice. Please consult a qualified lawyer before launching commercially in your jurisdiction.