Privacy Policy
This Privacy Policy explains how DisplayNote Technologies Limited trading as DropDeploy ("DropDeploy", "we", "us", "our") collects, uses, stores and shares personal data when you use:
- the DropDeploy marketing website at https://ddploy.com
- the DropDeploy web application at https://app.ddploy.com
- the DropDeploy hosted MCP/OAuth services
- any related sites, applications, communications and support channels we provide
1. Who we are
DropDeploy is operated by:
- Legal entity: DisplayNote Technologies Limited
- Registered address: Unit 18 Innovation Centre, Queens Rd, Belfast, BT3 9DT
- Company number: NI610261
- VAT number: GB125654319
- Privacy contact: [email protected]
If we are required to appoint a data protection officer, their details will be published here.
2. The personal data we collect
We may collect the following categories of personal data.
Information you provide directly
- account and profile details, such as your email address, display name, account name, role and account memberships
- invitation details, such as the email address of a person you invite to your account
- billing-related selections, such as chosen plan or subscription tier
- support or contact information you send to us
- hosted content and files you upload to DropDeploy, including website files and related metadata
Information collected automatically
- authentication and session data
- technical and device information such as IP address, browser type, operating system and request metadata
- activity and usage data relating to account actions, deployments, authentication attempts and service interactions
- site metadata such as site name, slug, size, file count, timestamps and account association
Information from third parties
- identity and profile information from Auth0 (Okta, Inc.) when you sign in
- billing and subscription information from Stripe
- email delivery metadata from our email delivery provider
3. How we collect personal data
We collect personal data:
- when you browse our website or app
- when you sign in through Auth0
- when you create, manage, claim or delete hosted sites
- when you invite team members
- when you start, manage or cancel a paid subscription
- when you contact us or request support
- when you use our MCP or OAuth-based integration flows
4. Why we use personal data
We use personal data to:
- provide, operate and secure DropDeploy
- authenticate users and manage sessions
- create and administer accounts and team access
- host, serve and manage uploaded sites
- process anonymous site claims
- provide billing, subscriptions and account administration
- send transactional emails, including invitations and account-related notices
- prevent abuse, fraud, unauthorized access and service misuse
- enforce service limits, rate limits and security controls
- comply with legal obligations and resolve disputes
- improve and monitor the service
5. Legal bases for processing
Depending on the context, we rely on one or more of the following legal bases:
- performance of a contract, where processing is necessary to provide DropDeploy to you
- legitimate interests, where processing is necessary for service security, abuse prevention, administration, internal service improvement or similar operational purposes and those interests are not overridden by your rights
- compliance with legal obligations
- consent, where required by law, including where we use non-essential cookies or similar technologies
Where consent is the legal basis, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
6. Authentication
DropDeploy uses Auth0, a service provided by Okta, Inc., for web authentication and certain OAuth-based identity flows. When you sign in, Auth0 may provide us with information such as your unique identity identifier, email address and display name so that we can authenticate you, create or update your account and administer access.
Okta, Inc. acts under its own privacy documentation for the authentication service it provides. You should also review Auth0's and Okta's privacy information.
7. Billing and payments
If you subscribe to a paid plan, billing and payment-related processing is handled through Stripe. We do not store full payment card numbers in DropDeploy.
We may store and use billing-related identifiers and subscription data, including:
- Stripe customer ID
- Stripe subscription ID
- subscription tier and status
Stripe acts as a separate service provider and may process personal data under its own privacy documentation.
8. Hosted content and customer responsibility
DropDeploy is a static site hosting platform. Files and content uploaded to the service may contain personal data, depending on what you choose to host. You are responsible for ensuring you have an appropriate legal basis and all necessary rights, notices and permissions for the content you upload and publish through DropDeploy.
If you use DropDeploy to make a website available to the public, you are responsible for the content and any third-party technologies used on that hosted site, except for technologies that DropDeploy itself injects or controls at platform level.
9. Cookies and similar technologies
We use cookies and similar technologies for authentication, security and site functionality. More detail is set out in our Cookie Policy.
DropDeploy performs server-side audience measurement for hosted sites. This does not place any cookie or unique identifier on the visitor's device.
Approximate visitor counts are derived from truncated network address ranges and generalized browser information, transformed through a one-way function into a probabilistic data structure (HyperLogLog) that cannot be reversed to identify individual visitors.
Daily audience approximations are retained for 90 days. Cumulative approximate visitor counts are retained permanently for the lifetime of the hosted site and deleted when the site is deleted.
Page view counts are stored as simple integer counters in the database, with no visitor-identifying information attached.
10. Sharing personal data
We may share personal data with:
- Okta, Inc. (Auth0), for authentication services
- Stripe, for billing and subscription services
- our email delivery provider, for transactional emails
- hosting, infrastructure, storage, security and operational service providers used to run DropDeploy
- professional advisers, auditors, insurers or legal counsel where necessary
- regulators, law enforcement or other authorities where required by law or to protect rights, safety or security
- a buyer, successor or investor in connection with a merger, acquisition, financing or sale of assets, subject to appropriate safeguards where required
We do not sell personal data in the ordinary meaning of that term.
11. International transfers
Some of our service providers may process personal data outside the UK or EEA. Where we transfer personal data internationally, we will use appropriate safeguards where required by law, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
12. Retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the service, comply with legal obligations, resolve disputes and enforce agreements.
Examples of retention periods or service behavior in the current service include:
- web sessions may persist for up to 30 days unless ended earlier
- anonymous sites are intended to expire after 7 days unless claimed to an account
- invitations may expire after 7 days
- daily audience-measurement approximations are retained for 90 days; cumulative approximate totals are retained for the lifetime of the site
- some security, audit and billing records may be retained longer where necessary for compliance, fraud prevention, financial records or dispute resolution
Actual retention periods may vary depending on account status, legal requirements, backups and security needs.
13. Security
We use technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse or alteration. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
14. Your rights
Depending on where you are located, you may have rights including:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to object
- the right to data portability
- the right to withdraw consent where processing is based on consent
- the right to complain to a supervisory authority
To exercise your rights, contact us at [email protected].
DropDeploy provides self-service tools to exercise your data portability and erasure rights. You can export your personal data (such as your email address, display name and account memberships) or permanently delete your user identity from the service at any time through the dashboard. If you are an administrator of an account, you can also export or delete the account and its associated data. Deleting your identity removes your personal data and your memberships from all accounts. If you are the sole administrator of an account, that account and its data will also be deleted. You may also contact us at [email protected] to exercise these rights.
15. Children
DropDeploy is not directed to children, and we do not knowingly collect personal data from children in breach of applicable law.
16. Third-party websites and hosted websites
DropDeploy may link to third-party services, and websites hosted by DropDeploy users may contain third-party links, code or content. We are not responsible for the privacy practices of third-party websites, services or user-uploaded content except where we expressly state otherwise.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date above. Where required by law, we will provide additional notice.
18. Contact
For privacy questions or requests, contact:
- DropDeploy Privacy
- [email protected]
- Unit 18 Innovation Centre, Queens Rd, Belfast, BT3 9DT