AdDrop

Privacy Policy

Effective date: February 12, 2026

AdDrop (“we”, “us”, “our”) operates the AdDrop platform. This policy explains how we collect, use, and protect your personal information when you use our service. We value your privacy and are committed to handling your data responsibly.

1. Information We Collect

Information You Provide

  • Account info: email address, password (securely hashed), display name
  • Property data: property address, price, beds/baths/sqft/lot size/year built, property type, MLS number, property description, selling points, listing agent name, brokerage
  • Property photos: images you upload for ad generation
  • Feedback: type (bug/feature/general), description text

Information Collected Automatically

  • Device and browser info (type, OS, browser version)
  • IP address and approximate location (via infrastructure providers)
  • Pages visited, features used, and actions taken within the service
  • Server logs (access times, error logs)
  • CAPTCHA verification tokens (Cloudflare Turnstile)

Information from Third Parties

We do not currently receive personal information from third-party sources beyond authentication and security services (Supabase, Cloudflare).

2. How We Use Your Information

  • Providing the service: creating and displaying AI-generated ad campaigns from your property data
  • Processing your property data through OpenAI's API to generate ad copy (property details are sent to OpenAI for processing)
  • Account management and authentication
  • Responding to your feedback and support requests
  • Improving the service based on usage patterns
  • Security, fraud prevention, and enforcing rate limits
  • Communicating service-related information (email)
  • Legal compliance

3. How We Share Your Information

  • OpenAI: Property data you submit is sent to OpenAI's API for ad copy generation. OpenAI processes this data according to their API data usage policies. We use the API (not ChatGPT), meaning your data is not used to train OpenAI's models.
  • Supabase: Hosts our database and authentication system. Your account data and campaign data are stored on Supabase infrastructure.
  • Cloudflare: Processes CAPTCHA verification during signup/login. Cloudflare may collect IP address and browser data for security purposes.
  • Unsplash: Landing page images may be loaded from Unsplash servers. Unsplash may collect IP addresses and browser data when images are served.

We do not sell your personal information.

We only share data as necessary to provide the service as described in this policy.

We may disclose information if required by law, legal process, or government request.

In the event of a business transfer (merger, acquisition, sale of assets), user data may be transferred to the new entity with notice.

4. Cookies and Tracking Technologies

We use a limited number of cookies, all essential for the service to function:

  • Supabase auth cookies: Maintain your login session (essential, session-based)
  • Cloudflare Turnstile cookies: Verify you are human during signup/login (essential, session-based)

We do not use analytics cookies, advertising cookies, or tracking pixels. For full details, see our Cookie Policy.

5. Data Retention

Data CategoryRetention PeriodRationale
Account dataDuration of account + 30 days after deletionAccount recovery window
Property/campaign dataDuration of account + 30 daysService delivery
Feedback submissions2 yearsQuality improvement
Server logs90 daysSecurity and debugging
CAPTCHA tokensSession onlySecurity verification

After the retention period, data is permanently deleted.

6. Data Security

We implement appropriate security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Secure password hashing (handled by Supabase)
  • Access controls and authentication for all systems
  • CAPTCHA protection against automated abuse
  • Rate limiting to prevent abuse

No system is 100% secure. We commit to notifying affected users of any data breach without unreasonable delay, consistent with applicable law.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data via your account settings
  • Delete your account and associated data by contacting us
  • Object to certain processing of your data
  • Receive a copy of your data (data portability)

To exercise these rights, contact us at support@addrop.com. We will respond within 30 days.

8. Do Not Track

We do not currently respond to Do Not Track (DNT) browser signals, as there is no industry-standard technology for honoring DNT. We will update this policy if a standard is adopted.

9. Children's Privacy

AdDrop is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@addrop.com.

10. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies. Linking does not imply endorsement.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will provide notice via email or a prominent notice on our service at least 30 days before the changes take effect. Continued use after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: support@addrop.com