Privacy Policy

Drophero

Effective date: June 23, 2026

Drophero is a software service operated by Drophero, registered in the Netherlands with the Dutch Chamber of Commerce. Drophero provides tools that help merchants create original Shopify-ready product drafts and ad creative drafts from product information they are authorized to use.

Public contact email: info@drophero.app
Privacy and data request email: info@drophero.app
Support and refund email: info@drophero.app
privacy policies

1. Who we are

Drophero is a software service operated by Drophero, registered in the Netherlands with the Dutch Chamber of Commerce. Drophero provides tools that help merchants create original Shopify-ready product drafts and ad creative drafts from product information they are authorized to use.

Public contact email: info@drophero.app
Privacy and data request email: info@drophero.app
Support and refund email: info@drophero.app

We do not publish the private residential address of the business owner on this website. Where a formal address is legally required by a competent authority, platform reviewer, payment provider, or regulator, it can be provided through the appropriate private channel.

2. Scope of this Privacy Policy

This Privacy Policy applies to drophero.app, the Drophero web application, Drophero Shopify app functionality, optional Chrome Extension functionality, and related support services.

This policy explains what data we collect, why we collect it, how we use it, how long we keep it, and how users can request access, correction, deletion, or other privacy rights.

3. Important product rights and authorized-source notice

Drophero is designed for merchant-controlled and rights-safe product workflows. Users may only use product information, URLs, media, advertising references, and other source materials that they own, are licensed to use, or are authorized to use for officially licensed or dropshipped products.

Public ads or third-party pages may only be used as creative inspiration for structure, hooks, benefits, and formatting. Drophero does not permit users to copy third-party product text, images, videos, logos, trademarks, brand assets, or other protected content without permission.

Before publishing, users must review and approve generated content and confirm that they have the necessary rights to use the product information and selected media.

4. Data we collect

4.1 Account and login data

When a user creates or uses an account, we may collect and process:

  • Name, email address, company or store information, country, and user role, where provided.
  • Login and authentication data, such as password hashes, login timestamps, session information, and security events, where applicable.
  • Technical data such as IP address, browser type, device information, and diagnostic data needed for security, debugging, and service reliability.

4.2 Shopify merchant and store data

When a merchant connects Drophero to Shopify, we may process Shopify data necessary to install, authenticate, operate, and publish approved product drafts. This may include:

  • Shop domain, store URL, shop identifier, merchant/admin contact details, and app installation status.
  • Shopify app settings, connected shop configuration, and permissions/scopes granted during installation.
  • Product information selected or generated by the merchant, such as product titles, descriptions, image URLs, product media, price fields, draft status, and Shopify product IDs after publishing.
  • Publishing logs, error states, timestamps, and workflow status needed to confirm whether product publishing succeeded or failed.

Drophero does not request Shopify API access to store customer, order, payment, or checkout data for the core product publishing flow. Unless a future feature explicitly requires it and the required access is approved and disclosed, we do not collect or store Shopify store buyer (end-customer) data, including:

  • Buyer or customer names, email addresses, or phone numbers.
  • Shipping or billing addresses of store customers.
  • Order history, cart contents, or checkout information.
  • Payment card or transaction details from the merchant's storefront.

Data we store relates to the merchant's Drophero account and connected shop operations (for example shop domain, OAuth tokens, product drafts, and publishing logs), not to individual buyers who purchase from the merchant's Shopify store.

4.3 Product, source, and creative workflow data

When users generate product drafts or ad creative drafts, we may process:

  • User-provided source URLs and authorized product information.
  • User-selected public ad inspiration or third-party reference material, where the user confirms they are authorized to use it or use it as creative inspiration only.
  • Generated product titles, descriptions, ad copy, creative angles, media selections, and other AI-assisted outputs.
  • Rights confirmation records, including the source URL, user or shop identifier, timestamp, and whether the user confirmed they have the necessary rights before publishing.

4.4 Optional Chrome Extension data

If a user chooses to use the Drophero Chrome Extension, the extension may collect only the data needed to send selected source or inspiration information to the user's Drophero account. This may include user-selected public text snippets, page metadata, source URLs, and image URLs.

The Chrome Extension is optional for the Shopify flow. It should not read passwords, private messages, payment card data, checkout data, or private account areas. Data is sent to Drophero only when the user actively uses the extension or related feature.

4.5 Meta/Facebook advertising data

If a user connects a Meta/Facebook account, Drophero may process the data needed to create, review, publish, or analyze advertising workflows. This may include connected business assets, page IDs, ad account IDs, campaign IDs, ad set IDs, ad IDs, ad creative data, access tokens, and performance insights such as spend, impressions, clicks, CTR, CPC, CPM, and conversion-related metrics, depending on enabled features and granted permissions.

Users can disconnect Meta/Facebook access where this functionality is available. After disconnecting, Drophero will stop using the disconnected access token for future actions and will delete or anonymize connected tokens according to the retention rules below.

4.6 AI processing data

Drophero may send user-provided product information, source information, prompts, images, image URLs, or generated drafts to AI service providers to create original drafts, rewrite content, translate content, edit media, or perform OCR, depending on the feature used.

Drophero uses AI to generate draft outputs for user review. Users remain responsible for checking accuracy, rights, claims, translations, and suitability before publishing.

4.7 Billing and subscription data

For merchants using Drophero through the Shopify App Store, any paid app features made available inside the Shopify app are handled through Shopify Billing or Shopify App Pricing, unless Shopify expressly permits another billing method. Drophero does not store full payment card details for Shopify App Store billing.

Drophero may store subscription status, plan information, billing identifiers, usage status, and related administrative records needed to manage access to paid or free features. Publishing approved product drafts to Shopify does not require Paddle or any external checkout flow for Shopify App Store users.

If Drophero later offers the Shopify app or Shopify publishing functionality free of charge, Drophero will not collect charges for those free Shopify app features. Any future billing changes will be reflected in this Privacy Policy and in the live app flow before they apply.

4.8 Support and communication data

When users contact us, we may process emails, support messages, issue descriptions, screenshots or attachments supplied by the user, and related support history. We use this data to respond to requests, debug issues, and maintain the service.

5. Why we use data

We process data for the following purposes:

  • To create and manage user accounts and secure access to Drophero.
  • To install, authenticate, and operate Shopify app functionality.
  • To generate original product drafts, ad creative drafts, translations, and related workflow outputs.
  • To publish approved product drafts to Shopify when the user chooses to publish.
  • To connect to Meta/Facebook where the user enables advertising features.
  • To process rights confirmations and maintain an audit trail for authorized-source use.
  • To provide support, troubleshoot errors, prevent abuse, and improve reliability.
  • To manage subscriptions, billing status, usage limits, refunds, and account administration.
  • To comply with legal, tax, platform, security, and regulatory obligations.

Where the GDPR applies, we rely on the following legal bases:

  • Contract: to provide Drophero and deliver the features requested by the user.
  • Legitimate interests: to secure the platform, prevent abuse, debug issues, improve reliability, and communicate about service-related matters.
  • Legal obligation: to comply with applicable tax, accounting, platform, regulatory, and legal duties.
  • Consent: where optional cookies, marketing communications, or optional integrations require consent.

7. How we share data

We may share data with service providers and platforms only as needed to operate Drophero, provide the requested features, and comply with legal or platform obligations. These may include:

  • Shopify, for app installation, authentication, billing where applicable, product publishing, and required privacy webhook handling.
  • Meta/Facebook, where a user connects Meta assets for advertising workflows.
  • AI providers, where needed to generate draft content, translate, edit images, or perform OCR.
  • Hosting, database, storage, CDN, automation, email, analytics, support, and error-monitoring providers used to run and secure the service.
  • Payment and billing processors. For Shopify App Store users, Shopify Billing or Shopify App Pricing is used for paid Shopify app features.

We do not sell personal data. We do not permit service providers to use personal data for their own unrelated marketing purposes.

8. International transfers

Drophero is operated from the Netherlands, but some service providers may process data in other countries. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, processor agreements, or other lawful transfer mechanisms.

9. Retention

We keep personal data only for as long as needed for the purposes described in this Privacy Policy, unless a longer period is required for legal, tax, accounting, security, or platform compliance reasons.

In general:

  • Account data is kept while the account is active and for a reasonable period after closure where needed for legal, security, or support purposes.
  • Generated drafts, source URLs, workflow logs, and publishing records may be kept while the account remains active or until deleted by the user or by Drophero according to product settings.
  • Shopify access tokens are deleted or invalidated after uninstall, shop/redact, or other required deletion events where applicable.
  • Meta access tokens are deleted or invalidated after disconnect or deletion requests where applicable.
  • Billing and accounting records may be kept as required by law.
  • Backups and logs are retained for a limited period necessary for service continuity, security, and troubleshooting, then overwritten or deleted according to operational schedules.

10. Shopify privacy webhooks and deletion

Drophero supports Shopify mandatory privacy webhooks for Shopify-connected merchants: customers/data_request, customers/redact, and shop/redact. Compliance webhook payloads are not saved to our database because they may contain Shopify buyer identifiers.

What we store (merchant and shop operations)

  • Drophero merchant account details (such as name and email).
  • Connected shop domain, app installation status, and OAuth access tokens.
  • Product drafts, generated content, Shopify product IDs, and publishing logs.
  • Shopify app subscription and billing status where applicable.

What we do not store (Shopify store buyers)

  • Shopify buyer or customer names, emails, phone numbers, or addresses.
  • Order, cart, checkout, or storefront payment data.
  • Any other personally identifiable information about the merchant's store customers.

How each privacy webhook is handled

  • customers/data_request: Drophero acknowledges the request with a successful HTTP response only. We do not export buyer data to the merchant because we do not store Shopify store customer PII.
  • customers/redact: Drophero deletes any legacy internal logs that may reference the Shopify customer identifier provided in the webhook, if such records exist.
  • shop/redact and app uninstall: Drophero deletes or invalidates shop-related data that is no longer needed, including OAuth access tokens, connected shop records, and associated webhook logs, subject to legal or security retention obligations.

11. User rights

Depending on applicable law, users may have the right to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. Users can submit privacy and data requests by emailing info@drophero.app.

We may need to verify the request before acting on it. We will respond within the timeframe required by applicable law. If we cannot fully comply with a request, we will explain the reason where legally permitted.

12. Security

Drophero uses technical and organizational measures designed to protect data against unauthorized access, misuse, loss, or alteration. These measures may include access controls, encrypted transport, server-side token handling, limited employee or contractor access, logging, and secure development practices.

No online service can guarantee absolute security. Users are responsible for maintaining the confidentiality of their login credentials and for using strong, unique passwords where applicable.

13. Cookies and tracking

Drophero may use cookies and similar technologies for essential login/session functions, security, preferences, analytics, affiliate attribution, and service improvement. Non-essential analytics or marketing cookies should be used in accordance with applicable consent requirements.

Users can control cookies through their browser settings. Blocking essential cookies may prevent parts of the service from working correctly.

14. Children

Drophero is intended for business users and is not intended for children. Users must be at least 18 years old or the age of majority in their jurisdiction to use the service.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date and, where appropriate, notify users through the service or by email.

16. Contact

For privacy, data protection, support, refund, or legal questions, contact Drophero at: info@drophero.app