← Back to droPINion

Privacy Policy

Last updated: May 1, 2026

droPINion ("we", "us", "our") is a location-based social map. This Privacy Policy explains what information we collect, how we use it, and your choices. It applies to the droPINion mobile app and the droPINion website.

By creating an account or using the app, you agree to this Policy. If you do not agree, do not use the service.

1. Information We Collect

Information you provide

  • Account: email address and password (passwords are stored hashed; we never see your plaintext password).
  • Profile: display name and optional avatar photo.
  • User-generated content: pins (a pin consists of a name, a precise geographic coordinate, an optional photo, and a comment), comments on other pins, and your votes (likes / dislikes) on comments.
  • Photos: images you choose to attach to a pin or comment.

Information collected automatically

  • Location: when you create a pin or center the map on your current position, the app reads your device GPS coordinates. We do not track your location in the background. You can deny or revoke the location permission at any time in your device settings — the app will still let you browse the public map.
  • Push notification token: if you enable notifications, your device's push token is stored so we can send relevant alerts (e.g. when someone likes your comment).
  • Technical data: IP address and user-agent string. These are used for rate limiting, abuse prevention, and admin audit logs. We do not use them for tracking or advertising.

Information we do not collect

  • We do not collect contacts, calendar, or microphone data.
  • We do not run third-party analytics or advertising SDKs in the app.
  • We do not sell your personal data and we do not share it for cross-context behavioral advertising.

2. How We Use Your Information

  • To create and authenticate your account.
  • To display your pins, comments, and votes to other users at the exact coordinate you chose.
  • To deliver push notifications you have opted in to receive.
  • To moderate the service: review reports, block abusive users, and remove content that violates our rules.
  • To prevent fraud and abuse (rate limiting, audit logging).
  • To comply with legal obligations.

3. Public Content

Pins, comments, votes, and your public profile (display name, avatar) are visible to anyone using droPINion, including users who have not signed in (the public map is browseable without an account). Do not post anything you would not want to be public.

Your email address and the precise GPS coordinate of your current device location (as opposed to a pin coordinate you chose to publish) are never shown to other users.

4. Third-Party Services

We use a small number of trusted vendors to operate the service. Each receives only the data they need:

  • Apple Push Notification Service / Firebase Cloud Messaging: to deliver push notifications. Your device push token is stored with the vendor.
  • Google Maps SDK: renders the Android map surface. Subject to Google's privacy terms.
  • Resend: sends transactional emails (sign-up confirmation, password reset). Receives your email address and the email body.
  • Hosting / database: our servers and Postgres database store the data described above. They run on infrastructure providers under standard data-processing terms.

5. User-Generated Content & Moderation

droPINion has zero tolerance for objectionable content or abusive behaviour. We provide the following tools, accessible from inside the app:

  • Report: any pin, comment, or user can be reported via the "…" menu, with reasons including spam, harassment, and inappropriate content.
  • Block: any user can be blocked from their profile. A blocked user's pins and comments become invisible to you, and yours to them.
  • Delete: you can delete any of your own pins, comments, and uploaded photos at any time.

We commit to reviewing every report and acting on it (removing content, suspending users, or dismissing the report) within 24 hours. Users who repeatedly violate our rules will have their accounts removed.

6. Data Retention

  • Account data is retained while your account is active.
  • When you delete your account, we delete your profile, pins, comments, votes, photos, and push tokens. This action is irreversible.
  • Server logs (IP, user-agent, audit log) are retained for up to 90 days for security and abuse-prevention purposes, then deleted.

7. Your Rights

Depending on where you live (e.g. EU/UK under GDPR, California under CCPA, Türkiye under KVKK), you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (you can edit your profile in the app).
  • Delete your data (you can delete your account from the app).
  • Export a copy of your data.
  • Withdraw consent for processing.
  • Object to processing or lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Children

droPINion is not intended for children under 13 (or under 16 in the EEA, where applicable). We do not knowingly collect data from such children. If you believe a child has registered, email [email protected] and we will remove the account.

9. Security

We use TLS in transit, hashed passwords (better-auth), restricted admin access, and database-level access controls. No system is perfectly secure; if we ever experience a breach affecting your data, we will notify you as required by applicable law.

10. International Transfers

Our infrastructure may store and process data in countries other than the one you reside in. Where required, we rely on standard contractual clauses or equivalent safeguards.

11. Changes to This Policy

We may update this Policy. Material changes will be highlighted in the app and the "Last updated" date above will change. Continued use of droPINion after a change constitutes acceptance of the updated Policy.

12. Contact

Questions, requests, or complaints? Email us at [email protected].