Plain-language summary: We only collect your email address when you join our waitlist. We use it to send you launch updates and early access information. We never sell your data. You can delete your data at any time by emailing us. That's it.
WHO WE ARE
DeadDrop ("we", "us", "our") is a product developed and operated by [Company Name], a company registered in [Country / Jurisdiction] under company number [Registration Number].
This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit deadDrop.io (the "Site") or interact with our waitlist and communications.
We are the data controller for all personal data described in this policy. If you have any questions, see Section 13 — Contact Us.
WHAT DATA WE COLLECT
We collect only the minimum data necessary to operate our waitlist and communicate with interested users. We do not collect any data passively without your knowledge.
| Data Type | When Collected | Required? |
|---|---|---|
| Email address | When you submit the waitlist form on our Site | Yes — required to join the waitlist |
| IP address | Automatically logged by our hosting provider on each page visit | Automatic — cannot be avoided |
| Browser / device type | Collected via server logs when you visit the Site | Automatic — cannot be avoided |
| Timestamp of submission | Recorded when you submit the waitlist form | Automatic — for records management |
✓ We do NOT collect names, phone numbers, physical addresses, payment data, or any sensitive personal data at this stage. The DeadDrop product itself stores no data about you on our servers — it is a physical device that operates entirely offline.
HOW WE USE YOUR DATA
We use the data we collect for the following specific purposes only:
- Waitlist management: To record your interest in DeadDrop and maintain an ordered list of early access registrants.
- Product communications: To notify you of the DeadDrop launch date, early access availability, and exclusive pre-order pricing.
- Delivery of promised materials: To send you the free survival checklist PDF you were offered at the time of sign-up.
- Service communications: To send essential notices such as changes to this Privacy Policy or our Terms of Service.
- Fraud prevention and security: IP addresses and server logs may be used to detect and prevent abuse, spam, or malicious activity on our Site.
- Legal compliance: To comply with applicable laws and regulations, or to respond to lawful requests from authorities.
We will never use your email address to send unsolicited third-party promotions, advertisements, or marketing unrelated to DeadDrop. Every email we send will include a one-click unsubscribe link.
LEGAL BASIS FOR PROCESSING
Under the General Data Protection Regulation (GDPR) and applicable data protection laws, we rely on the following legal bases to process your personal data:
- Consent (Art. 6(1)(a) GDPR): When you submit your email via our waitlist form, you give us your explicit consent to receive communications about DeadDrop. You may withdraw this consent at any time by unsubscribing or contacting us.
- Legitimate interests (Art. 6(1)(f) GDPR): We process server log data (IP address, browser type, timestamps) on the basis of our legitimate interest in operating a secure and functional website.
- Legal obligation (Art. 6(1)(c) GDPR): Where we are required by law to retain or disclose data, we will do so on this basis.
DATA RETENTION
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following limits:
| Data | Retention Period |
|---|---|
| Email address (waitlist) | Until you unsubscribe or request deletion, or until 24 months after the DeadDrop product launches — whichever comes first. |
| Server logs (IP, browser, timestamps) | Up to 90 days, then automatically purged by our hosting provider. |
| Email correspondence | Up to 3 years, for records management and legal compliance purposes. |
When data is no longer needed, we will securely delete or anonymise it in accordance with industry-standard practices.
THIRD PARTIES & DATA SHARING
We do not sell, rent, or trade your personal data. We share data with third parties only in the following limited circumstances:
- Email delivery provider: We use a third-party email service provider (such as Mailchimp, ConvertKit, or equivalent) to send waitlist communications. Your email address is stored on their platform, governed by their own privacy policy and data processing agreements. We have signed a Data Processing Agreement (DPA) with our provider.
- Website hosting provider: Our Site is hosted on a third-party platform that processes server log data as a necessary part of providing hosting services.
- Legal authorities: We may disclose personal data if required to do so by law, court order, or regulatory authority — for example, in response to a valid law enforcement request.
- Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the successor entity. We will notify you before such a transfer occurs.
All third-party processors we engage are contractually required to process your data only on our instructions and in compliance with applicable data protection law.
INTERNATIONAL DATA TRANSFERS
If our email service provider or hosting platform processes data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision — to ensure your data receives an equivalent level of protection as within the EEA.
You may request details of the specific safeguards in place for any international transfer by contacting us at the address in Section 13.
YOUR RIGHTS
Under the GDPR and other applicable laws, you have the following rights regarding your personal data. We will respond to all valid requests within 30 days.
- Right of access: You can request a copy of all personal data we hold about you.
- Right to rectification: You can ask us to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): You can request that we delete all personal data we hold about you. We will comply unless we are required by law to retain it.
- Right to restrict processing: You can ask us to pause the processing of your data in certain circumstances.
- Right to data portability: You can request your data in a structured, machine-readable format for transfer to another provider.
- Right to object: You can object to processing based on legitimate interests or direct marketing at any time.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Right to lodge a complaint: You have the right to complain to your national data protection authority. In the EU, you can find your local authority at edpb.europa.eu.
To exercise any of these rights, contact us using the details in Section 13. We may need to verify your identity before processing your request.
COOKIES
Our Site currently uses no cookies for tracking or analytics purposes. We do not use Google Analytics, Facebook Pixel, or any third-party tracking technologies on this page.
✓ No tracking cookies. No analytics. No advertising pixels. This site is built for people who value privacy — and we hold ourselves to the same standard.
If this changes in the future, we will update this policy and present you with a cookie consent notice before any non-essential cookies are placed on your device.
CHILDREN'S PRIVACY
DeadDrop is not directed at, and does not knowingly collect personal data from, children under the age of 16 (or the applicable minimum age in your jurisdiction). If you are under this age, please do not submit your data via our waitlist form.
If we become aware that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has submitted their data to us, please contact us immediately at the address in Section 13.
SECURITY
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These include:
- HTTPS encryption for all data transmitted to and from our Site.
- Access controls limiting who within our organisation can access your data.
- Data processing agreements with all third-party processors handling your data.
- Regular review of our data storage and processing practices.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by law.
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we do, we will:
- Update the "Last Updated" date at the top of this page.
- Notify waitlist subscribers by email if the changes are material.
- Where required by law, seek fresh consent for any new uses of your data.
We encourage you to review this policy periodically. Your continued use of the Site after any changes constitutes acceptance of the updated policy.
CONTACT US
For any questions, requests, or complaints relating to this Privacy Policy or our handling of your personal data, please contact us using the details below. We aim to respond to all requests within 5 business days.
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority.