Privacy Policy

Information you provide:

• Name, email address, and password when you create an account
• Billing information (processed by Stripe — we do not store card details)
• Product images you upload
• Any communications you send us

Information collected automatically:

• IP address and approximate location
• Device type, browser, and operating system
• Usage data — pages visited, features used, time spent
• Cookies and similar tracking technologies (see Section 8)

We use your information to:

• Provide, maintain, and improve the Service
• Process payments and manage your subscription
• Send transactional emails (account, billing)
• Detect fraud and enforce our Terms of Service
• Comply with legal obligations

We do not sell your personal data.

When you upload product images, we act as a data processor on your behalf — we process those images solely to provide the Service as you instruct. We do not use your uploaded images or generated outputs to train our own AI models. Your data may be processed by third-party AI providers as part of delivering the Service, and their use of data is governed by their own terms and privacy policies.

We do not intentionally collect or use biometric identifiers for identification purposes.

Drop Candy uses third-party AI services to generate images. Your uploaded content and prompts are processed by these providers. We prefer to work with providers who do not use customer data for model training, but we cannot guarantee their practices.

A current list of our AI providers and all sub-processors is available in Section 5 below. We will update this list when our providers change.

We share data with the following third-party service providers to operate the Service:

Each provider is subject to their own privacy policy and data practices.

Images you generate through Drop Candy are private by default — they are not shared publicly or visible to other users. You control who sees your generated content.

Drop Candy generates images using artificial intelligence. These images do not depict real people. Any resemblance to actual individuals is coincidental and not intended.

AI-generated images may occasionally contain unintended elements, including content that resembles third-party logos, trademarks, or brand identifiers. Users are responsible for reviewing all generated outputs before commercial or public use.

We retain your personal data only as long as necessary to provide the Service and meet our legal obligations. If you cancel your account, you may request deletion of your data by emailing legal@dropcandy.ai. We will process deletion requests within a reasonable timeframe. Some data may be retained as required for legal, security, or billing purposes.

We use cookies and similar technologies to operate the Service and understand how it is used. You can control cookies through your browser settings, though disabling them may affect Service functionality.

We use:

• Essential cookies — required for the Service to function
• Analytics cookies — help us understand usage patterns (e.g. Google Analytics)

All users:

• Request access to the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent where processing is based on consent

To delete your account and all associated data: email support@dropcandy.ai from the address on file. We will complete the deletion within a reasonable timeframe and confirm once done. To cancel your subscription without deleting your account, visit Account → Plan → "Manage subscription."

EU/EEA and UK users (GDPR / UK GDPR):

You have additional rights including data portability, restriction of processing, and the right to object. You may lodge a complaint with your national data protection authority. EU/EEA users may contact their local supervisory authority; UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk. Our legal basis for processing is contractual necessity and legitimate interests.

Drop Candy is based in the United States. When we transfer your personal data to the US, we do so through service providers who have implemented Standard Contractual Clauses (SCCs) or other appropriate safeguards as required under GDPR and UK GDPR. A list of our service providers is in Section 5.

California users (CCPA / CPRA):

You have the right to know what personal information we collect, request deletion, request correction of inaccurate data, and opt out of the sale or sharing of personal information. We do not sell personal information or share it for cross-context behavioral advertising. You also have the right to limit our use of sensitive personal information to what is necessary to provide the Service. Submit requests to legal@dropcandy.ai. We will respond within 45 days.

Virginia, Colorado, Connecticut, Texas, and other US state users:

Depending on your state of residence, you may have rights to: access, correct, delete, and obtain a portable copy of your personal data; opt out of targeted advertising and profiling used to make decisions with legal or similarly significant effects; and appeal our decision if we decline your data request. To submit a request or appeal, email legal@dropcandy.ai. We will respond within the timeframe required by your state's law and confirm in writing once complete.

Drop Candy is not intended for users under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us immediately at legal@dropcandy.ai.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service. Continued use after changes constitutes acceptance.

For privacy-related questions, data requests, or deletion requests:

legal@dropcandy.ai

For EU/EEA users, you may also contact your local data protection authority.