Privacy Policy
Last updated: 1 May 2026
1. Introduction
Essex Marketing Services Ltd ("we") respects your privacy. This Policy explains how we collect, use, and protect your personal data when you use Dropestra.
2. Data We Collect
**Account data:** Name, email address, password (hashed), billing address, country.
**Usage data:** Pages visited, features used, signup wizard steps, session duration.
**Payment data:** We do not store card details. All payment processing is handled by Stripe, Inc. under their own privacy policy.
**Communications:** Emails you send to us, support tickets.
3. How We Use Your Data
4. Legal Basis (GDPR)
We process your data on the following bases: contract performance, legitimate interests, legal obligation, and where applicable, consent.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service, comply with legal obligations, or resolve disputes. On account deletion, data is anonymised or deleted within 90 days.
6. Third-Party Processors
We use the following sub-processors: Stripe (payments), Postmark (email), Vercel (hosting), PostHog (analytics), Sentry (error tracking). A full list is maintained at dropestra.com/subprocessors.
7. Your Rights
You have the right to access, rectify, erase, restrict, or port your data. To exercise these rights, contact privacy@dropestra.com.
8. Cookies
We use cookies for essential functionality and analytics. See our Cookie Policy for details.
9. Contact
Data Controller: Essex Marketing Services Ltd. Contact: privacy@dropestra.com.
© 2026 Essex Marketing Services Ltd. Registered in England and Wales. All rights reserved.