Privacy Policy

Version 2.0 - Last updated: 02/16/2026

Back to home

Article 1: Preamble

The purpose of this privacy policy is to inform users of the site Dropapost (accessible at https://dropapost.io):

  • On how their personal data is collected and processed;
  • On the rights they have regarding this data;
  • On the person responsible for processing the collected personal data;
  • On the recipients of this personal data;
  • On the site's cookie policy.

Article 2: Principles and Legal Bases for Processing

In accordance with Article 5 of the European Regulation 2016/679 (GDPR), personal data is:

  • Processed lawfully, fairly and in a transparent manner;
  • Collected for specified, explicit and legitimate purposes;
  • Adequate, relevant and limited to what is necessary;
  • Accurate and kept up to date;
  • Kept for no longer than is necessary;
  • Processed in a manner that ensures appropriate security.

Legal bases applicable to our processing:

  • Performance of contract (Art. 6.1.b): account management, service delivery, billing, transactional communications;
  • Consent (Art. 6.1.a): analytical and marketing cookies, newsletters;
  • Legal obligation (Art. 6.1.c): retention of billing data (accounting obligation);
  • Legitimate interest (Art. 6.1.f): service improvement, security, fraud prevention.

Article 3: Personal Data Collected and Processed

3.1 - Data collected

The personal data collected as part of our activity are as follows:

Account Data

  • First and last name
  • Email address
  • Password (stored in encrypted form)

Billing Data

  • Payment information (processed by our secure payment provider)
  • Transaction history
  • Credits purchased and consumed

Usage Data

  • Created content (posts, images)
  • Managed brands
  • Social media account connection authorizations

Browsing Data

  • IP address
  • Browser information
  • Pages visited

Purposes of collection: Service delivery, account management, billing, service improvement, transactional communications, marketing campaign effectiveness measurement (with your consent).

3.2 - Data collection method

When you use our site, the following browsing data is automatically collected:

  • IP address
  • Browser information
  • Pages visited and duration of visit

Other personal data is collected when you perform the following operations:

  • Registration: first name, last name, email, password
  • Credit purchase: billing information
  • Content creation: texts and images
  • Social media connection: connection authorizations to your Instagram/Facebook accounts

Retention period:

  • Account data: until account deletion + 1 year (legal archiving)
  • Billing data: 10 years (Belgian accounting obligation)
  • Created content: until deletion by the user
  • Analytical/marketing cookies: 12 months maximum
  • Browsing data: 12 months maximum

3.3 - Data hosting

The site Dropapost is hosted by:

Vercel Inc. (United States)

Website: https://vercel.com

3.4 - Sub-processors and partners

Your data may be shared with the following partners, strictly within the scope of providing our services:

  • Stripe: Secure payment processing
  • Meta (Facebook/Instagram): Publishing to your connected accounts
  • Cloudflare: Image storage and delivery
  • PostHog: Product usage analytics (anonymized)
  • Tawk.to: Live support chat
  • AI provider: Content generation (submitted texts are processed without retention by the provider)
  • Google (with consent): Audience measurement
  • Meta Pixel (with consent): Marketing conversion tracking

3.5 - Cookie Policy

In accordance with European regulations, we ask for your consent before placing non-essential cookies.

Essential Cookies (no consent required)

  • Authentication session
  • Security cookies
  • Essential user preferences (language, theme)

Analytical Cookies (consent required)

  • Google audience measurement cookies
  • PostHog product analytics

Marketing Cookies (consent required)

  • Meta advertising tracking cookies

Manage your cookies: You can change your preferences at any time by clicking on at the bottom of the page. Your consent is stored for 12 months.

3.6 - Data Security

We implement appropriate technical and organizational security measures in line with industry standards to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

3.7 - International Data Transfers

Some of our sub-processors are located in the United States (Vercel, Stripe, Cloudflare). These transfers are governed by the EU-US Data Privacy Framework (European Commission adequacy decision of July 10, 2023) and/or Standard Contractual Clauses approved by the European Commission, in accordance with Articles 44 to 49 of the GDPR.

3.8 - Use of Artificial Intelligence

Dropapost uses artificial intelligence systems for content generation (text, images) and automatic responses. The content you submit is sent to our AI providers solely for the requested processing, without retention by these providers. No automated decision within the meaning of Article 22 of the GDPR is made about you based on these processes.

3.9 - OAuth integrations (social networks and third-party services)

To publish on your behalf on social networks and connected services, Dropapost uses the OAuth 2.0 protocols provided by each platform. You explicitly grant the permissions when connecting, and can revoke them at any time.

Meta (Facebook & Instagram)

Permissions requested: public_profile, business_management, pages_show_list, pages_read_engagement, pages_manage_engagement, pages_manage_posts, pages_manage_metadata, pages_messaging, read_insights, instagram_basic, instagram_content_publish, instagram_manage_insights, instagram_manage_comments, instagram_manage_messages

Usage: Publish the posts you create on your Facebook Pages and Instagram Business accounts, read publication statistics, manage comments and direct messages.

Revoke: Facebook Settings → Business Integrations

Google Business Profile

OAuth scope requested: https://www.googleapis.com/auth/business.manage

Usage: Publish your posts (Standard, Event, Offer) to your Google Business Profile listing, read your listing information for selection (name, address, identifier), manage connection status.

Limited Use compliance: Dropapost's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Concretely: we use Google data only to provide the publishing features described above, we do not sell it, we do not use it for advertising, and we do not allow humans to read it except in narrow cases (explicit user consent, legal compliance, or critical security operations).

Revoke: myaccount.google.com/permissions

Pinterest

Permissions requested: user_accounts:read, boards:read, boards:write, pins:read, pins:write

Usage: List your boards, create new boards if you ask for it, publish Pins (image, carousel, video) to your boards, read engagement statistics for your Pins.

Revoke: Pinterest Settings → Apps

TikTok

Permissions requested: user.info.basic, video.upload, video.publish

Usage: Publish the videos and photos you create on your TikTok account, read your username and avatar for display in the editor.

Revoke: TikTok Settings → Manage apps

Token storage: OAuth tokens (access tokens and refresh tokens) are encrypted at rest in our database. They are used only to perform the actions you initiate (publishing, reading statistics) or to automatically refresh expired sessions.

3.10 - Public showcase of publications

Posts you publish via Dropapost on your social networks are public by nature. Dropapost may display some of these posts in a limited way (public account handle, image, caption, date) on its own public pages (home, sign in, sign up) to illustrate the service. No private, draft or unpublished content is ever exposed. To exclude your posts from this showcase, contact us at [email protected].

Article 4: Data Controller

4.1 - The Data Controller

Company name: Dropapost

Controller: Jhon Bauwens

Business number (BCE): BE0500915324

Country: Belgium

Email: [email protected]

Website: https://dropapost.io

4.2 - Data Protection Contact

For any questions regarding the protection of your personal data, you can contact us at: [email protected]

If you believe that your rights are not being respected after contacting us, you can file a complaint with the competent supervisory authority:
— Belgium: Data Protection Authority (APD/GBA)
— France: CNIL

Article 5: User Rights

In accordance with the European Regulation 2016/679 (GDPR), you have the following rights regarding your personal data:

Right of access (Article 15 GDPR)

Obtain a copy of your personal data.

Right of rectification (Article 16 GDPR)

Correct your inaccurate or incomplete data.

Right to erasure (Article 17 GDPR)

Delete your data under certain conditions.

Right to data portability (Article 20 GDPR)

Receive your data in a usable format.

Right to restriction (Article 18 GDPR)

Restrict the processing of your data.

Right to object (Article 21 GDPR)

Object to the processing of your data.

  • Right not to be subject to a decision based solely on automated processing
  • Right to withdraw your consent at any time
  • Right to lodge a complaint with the competent supervisory authority (Article 77 GDPR)

To exercise your rights:

Please send your request by email to: [email protected]

In order to process your request, we may ask you to confirm your identity. We will respond to your request within 1 month maximum, in accordance with the GDPR.

For more information about your rights, visit the Data Protection Authority website.

Article 6: Conditions for Modification

The publisher of the Dropapost site reserves the right to modify this Policy at any time to ensure compliance with applicable law.

Any modifications shall not affect purchases previously made on the site.

In the event of substantial modifications impacting your rights, we will notify you by email.

This policy was last updated on 02/16/2026.

Back to home

© 2026 Dropapost. All rights reserved.