Last updated: January 2025
DropTracs ("we", "us", "our") is a software-as-a-service product operated at droptracs.com. We provide eBay fulfilment automation tools for online sellers. If you have any questions about this policy, contact us at privacy@droptracs.com.
We collect information you provide directly when creating an account (name, email address, password), information from third-party services you connect (eBay account details, Gmail OAuth tokens), usage data (trackings uploaded, conversions made, orders processed), and technical data (IP address, browser type, device information) collected automatically.
We use your information to provide and operate the DropTracs service, process payments via Stripe, send transactional emails (account confirmation, trial reminders, receipts) via Resend, connect to your eBay account to push tracking numbers, scan your Gmail for supplier dispatch emails when you enable the Gmail watcher, and respond to your support requests.
If you connect Gmail to DropTracs, we use Google's official OAuth 2.0 to request read-only access to your Gmail account. We scan only for supplier dispatch confirmation emails containing tracking numbers. We do not read, store, or process any other emails. We do not use Gmail data for advertising or marketing purposes. We do not sell Gmail data to any third party. You can revoke our access at any time from your Google Account settings at myaccount.google.com/permissions. Our use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements.
When you connect your eBay seller account, we store OAuth tokens securely to allow us to push tracking numbers and respond to Item Not Received cases on your behalf. We request only the minimum permissions required: sell.fulfillment, sell.fulfillment.readonly, and commerce.identity.readonly. We do not access your eBay financial data, personal messages, or account settings beyond what is necessary to provide the service.
We do not sell your personal data. We share data only with trusted third-party service providers necessary to operate DropTracs: Supabase (database and authentication), Stripe (payment processing), Resend (transactional email), and Vercel (hosting). Each provider processes data only as instructed and in accordance with their own privacy policies.
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (such as billing records, which we retain for seven years).
Depending on your location, you may have rights to access, correct, or delete your personal data, object to or restrict processing, and request data portability. To exercise these rights, contact us at privacy@droptracs.com. If you are in the UK or EU, you also have the right to lodge a complaint with your local data protection authority.
We use essential cookies only — these are required for the service to function (authentication sessions, security). We do not use advertising or tracking cookies. You can control cookie settings through your browser.
We implement industry-standard security measures including encrypted data storage, HTTPS across all connections, and row-level security on our database. No method of transmission over the internet is 100% secure, but we take all reasonable steps to protect your data.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the DropTracs dashboard. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
For any privacy-related questions, email us at privacy@droptracs.com.