Privacy Policy

Last updated: March 7, 2026

MatDrop ("we", "us", or "our") operates the MatDrop website. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you sign up using a third-party provider (Google or Discord), we receive your name, email address, and profile image from that provider.

Authentication Data

We store securely hashed passwords for email-based accounts. We never store your plain-text password. For OAuth sign-ins, we store provider identifiers to link your account.

Payment Information

Payments are processed by Stripe. We do not store your credit card number or full payment details. We retain Stripe customer and subscription identifiers to manage your subscription status.

Usage Data

We collect standard server logs including IP addresses, browser type, and pages visited. This data helps us maintain and improve the service.

How We Use Your Information

• To create and manage your account
• To process payments and manage subscriptions
• To send transactional emails (e.g., email verification)
• To maintain and improve the service
• To respond to support requests

Cookies

We use essential cookies to keep you signed in. These are httpOnly, secure cookies that store authentication tokens. We do not use advertising or third-party tracking cookies.

Data Sharing

We do not sell your personal information. We share data only with:

• Stripe — for payment processing
• OAuth providers (Google, Discord) — only during authentication, and only the data necessary to sign you in
• Hosting provider (Fly.io) — to serve the application

Data Security

We take reasonable measures to protect your data, including encrypted connections (HTTPS), securely hashed passwords, httpOnly authentication cookies, and restricted database access.

Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your data in a portable format

Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us through our contact page.