Privacy Policy

Last Updated: November 13, 2025

Welcome to PengDrop ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

1. Information We Collect

1.1 Information You Provide

Account Information: When you create an account, we collect your email address, username, and password (stored securely).
Store Information: If you create a seller account, we collect your store name, description, and profile images.
Product Information: Digital products you upload, including files, images, descriptions, and pricing.
Purchase Information: When you make a purchase, we collect your email address for order confirmation and product delivery.
Payment Information: Payment data is processed securely through Stripe. We store your Stripe account ID if you're a seller, but we never store full credit card numbers.

1.2 Automatically Collected Information

Usage Data: We collect analytics about store visits, product views, and purchases to help sellers understand their performance.
Technical Data: IP addresses, browser type, device information, and cookies for functionality and security.

2. How We Use Your Information

We use the information we collect to:

Provide and maintain the PengDrop marketplace platform
Process transactions and deliver digital products
Send order confirmations and purchase receipts via email
Enable communication between buyers and sellers
Provide customer support and respond to inquiries
Improve our services and develop new features
Detect and prevent fraud or abuse
Comply with legal obligations

3. Information Sharing and Disclosure

We share your information only in these situations:

3.1 With Your Consent

When you make a purchase, we share your email address with the seller to fulfill your order and provide support.

3.2 Service Providers

We use trusted third-party services:

Supabase: Database and authentication services (EU West region for GDPR compliance)
Stripe: Secure payment processing and seller payouts
Resend: Transactional email delivery for order confirmations

3.3 Legal Requirements

We may disclose information if required by law, court order, or to protect the rights, property, or safety of PengDrop, our users, or others.

3.4 Business Transfers

If PengDrop is involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before this happens.

4. Data Security

We implement security measures to protect your information:

All data is transmitted using SSL/TLS encryption (HTTPS)
Passwords are hashed using industry-standard algorithms
Payment data is handled securely through Stripe (PCI-DSS compliant)
Database access is restricted and monitored
Regular security audits and updates

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

Provide our services to you
Comply with legal obligations (e.g., tax records, transaction history)
Resolve disputes and enforce agreements

When you delete your account, we delete or anonymize your personal information within 90 days, except where retention is required by law.

6. Your Rights and Choices

You have the following rights:

6.1 Access and Correction

You can access and update your account information at any time through your profile settings.

6.2 Data Portability

You can request a copy of your data in a machine-readable format by contacting us at hello@pengdrop.com.

6.3 Deletion

You can delete your account at any time. This will remove your personal information, though some data may be retained for legal compliance.

6.4 Marketing Communications

You can opt out of marketing emails using the unsubscribe link in any email or by updating your preferences in your account settings.

6.5 Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

7. International Data Transfers

PengDrop operates globally. Your information may be transferred to and processed in countries other than your own. We use Supabase EU West region for data storage to comply with GDPR requirements.

8. Children's Privacy

PengDrop is not intended for users under 18 years of age. We do not knowingly collect information from children under 18. If you believe we have collected information from a child, please contact us immediately.

9. Third-Party Links

PengDrop may contain links to external websites or services. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last Updated" date at the top indicates when changes were last made.

11. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have additional rights:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

Right to know what personal information we collect
Right to know if we sell or disclose your personal information
Right to opt-out of the sale of your personal information (we do not sell data)
Right to deletion of your personal information
Right to non-discrimination for exercising your rights

13. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us:

Email: hello@pengdrop.com
Website: https://pengdrop.com

By using PengDrop, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.