← Back to DropPoint

Privacy Policy

Last updated: 13 June 2026

This Privacy Policy explains how DropPoint ("DropPoint", "we", "us") collects, uses, and protects personal data when you use our website and price-tracking service (the "Service"). We are committed to handling your data lawfully and transparently under the EU General Data Protection Regulation (GDPR) and applicable data-protection law.

1. Who we are (Data Controller)

The data controller responsible for your personal data is:

[Legal entity name / your full name]
[Address, Italy]
Email: [contact@yourdomain.com]

If you have any questions about this policy or your data, contact us at the email above.

2. Affiliate disclosure

DropPoint is a participant in the Amazon Associates Program, an affiliate advertising program. As an Amazon Associate, we earn from qualifying purchases.

This means that when you click a "Buy on Amazon" link on DropPoint and make a purchase, we may receive a commission from Amazon, at no additional cost to you. Affiliate links are marked on the site. The presence of an affiliate relationship does not influence the price-history data or the buy/wait guidance we show — those are generated from third-party pricing data (see Section 5).

When you click an Amazon link, Amazon may set its own cookies and collect data according to Amazon's own privacy notice. We do not control and are not responsible for Amazon's data practices. Please review Amazon's privacy policy for details.

3. What personal data we collect

We collect only what we need to run the Service:

Information you give us

  • Account data: your email address, and — if you sign in with Google or Apple — the basic profile identifier those providers share (such as your name and email). If you register with email and password, your password is stored in hashed, encrypted form by our authentication provider; we never see or store it in plain text.
  • Saved products & preferences: the Amazon products (ASINs) you choose to track, and your alert settings.
  • Communications: any messages you send us by email.

Information collected automatically

  • Usage and device data: IP address, browser type, device type, pages visited, and timestamps — used for security, fraud prevention, and to keep the Service working.
  • Cookies and similar technologies: see Section 8.

We do not intentionally collect special-category data (e.g. health, religion, political opinions), and we ask that you do not send it to us.

4. Why we use your data and our legal basis (GDPR Art. 6)

PurposeLegal basis
Create and operate your account; show and save the products you trackPerformance of a contract
Send price-drop alerts you have signed up forConsent (alerts) / Contract
Keep the Service secure, prevent abuse, and fix problemsLegitimate interests
Send marketing or product-update emailsConsent (you may withdraw at any time)
Comply with legal obligationsLegal obligation

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Price data and third-party sources

Product prices and price history shown on DropPoint are sourced from third-party data providers (currently Keepa) and, where applicable, Amazon's own interfaces. Prices and availability change frequently and the figures shown may not be current. Always confirm the live price on Amazon before purchasing. DropPoint does not sell products and is not responsible for the accuracy of third-party pricing data or for any purchasing decision you make based on it.

6. Who we share data with

We do not sell your personal data. We share it only with service providers ("processors") who help us run the Service, under contracts that require them to protect it:

  • Supabase — hosting, database, and authentication.
  • Google and Apple — only if you choose to sign in with them (authentication).
  • Keepa — provides price data (we send product identifiers, not your personal data, to retrieve prices).
  • [Email provider, e.g. Resend / Postmark] — to deliver alert and account emails.
  • [Analytics provider, if used] — only with your cookie consent.

We may also disclose data if required by law, to protect our rights, or in connection with a business transfer.

7. International data transfers

Some of our providers (such as Supabase, Google, and Apple) may process data outside the European Economic Area, including in the United States. Where this happens, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or an equivalent approved mechanism to protect your data.

8. Cookies

We use:

  • Essential cookies — required to log you in and keep your session secure. These do not require consent.
  • Analytics / marketing cookies (if any) — used only after you accept them via our cookie banner. You can change or withdraw your choice at any time.

You can also control cookies through your browser settings. Blocking essential cookies may stop the Service from working.

9. How long we keep your data

  • Account and saved-product data: for as long as your account is active.
  • After you delete your account: we delete or anonymise your personal data promptly, except where we must retain limited records to meet legal, tax, or security obligations.
  • Logs: kept for a limited period for security and then deleted.

10. Your rights (GDPR)

You have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate data;
  • Erase your data ("right to be forgotten");
  • Restrict or object to processing;
  • Data portability — receive your data in a portable format;
  • Withdraw consent at any time;
  • Lodge a complaint with a supervisory authority. In Italy this is the Garante per la protezione dei dati personali.

You can exercise the access, export, and deletion rights directly in your account Settings, or by emailing us at [contact@yourdomain.com]. We respond within one month.

11. Security

We use industry-standard measures to protect your data, including encryption in transit (HTTPS), hashed password storage, and access controls so that you can only access your own data. No system is perfectly secure, but we work to protect your information and will notify you and the relevant authority of a data breach where legally required.

12. Children

DropPoint is not intended for children under 16, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.

13. For users in California (CCPA/CPRA)

If you are a California resident: we do not sell your personal information. You have the right to know what personal information we collect, to request its deletion, and not to be discriminated against for exercising these rights. Contact us at [contact@yourdomain.com] to make a request.

14. Changes to this policy

We may update this policy from time to time. We will post the new version here and update the "Last updated" date. Significant changes will be communicated where appropriate.

15. Contact

Questions or requests about your data:
[contact@yourdomain.com] — [Legal entity / your name], [Address, Italy].