Privacy Policy
Effective July 16, 2026
This Privacy Policy explains how Droppin (“Droppin,” “we,” “us”), operating from Sisters, Oregon 97759, collects, uses, and shares personal information through the Droppin websites, apps, and services (the “Platform”). It applies to Attendees and Organizers. For events, the Organizer and Droppin each handle certain information; where an Organizer determines how your information is used for their event, this Policy covers Droppin’s role and the Organizer’s own practices are their responsibility.
1. Information we collect
Information you provide
- Account & contact: name, email address, and (if you choose) mobile phone number.
- Purchases: the tickets you buy and related order details. Payment card details are collected and processed directly by our payment processor (Stripe); we do not receive or store your full card number.
- Event access & waivers: information you submit to request access to an event, and waiver signatures (your name, contact details, and signature) where an event requires one.
- Identity vetting: for events that require it, information you submit to verify your identity, handled through a third-party verification provider (see “Sensitive information” below).
- Communications: messages you send us, and your messaging preferences.
Information collected automatically
- Usage & device data: such as pages viewed, actions taken, IP address, browser and device type, and timestamps, collected through logs and essential cookies.
- Attendance: check-in records when you are scanned in at an event.
Information from others
- Organizers may add you to an event contact list (for example, from a ticket purchase or an import) and share information about your attendance.
- Service providers such as our payment and verification providers share limited results with us (for example, whether a payment succeeded or a verification passed).
2. How we use information
- to sell and deliver tickets and provide event access, including QR codes and door check-in;
- to send transactional and event messages (order confirmations, ticket delivery, location reveals, and updates) by email and text;
- to operate gated events, including guest vetting and waiver collection;
- to process payments and refunds and to calculate platform and Organizer amounts;
- to secure the Platform, prevent fraud and abuse, and enforce our terms;
- to provide support and respond to your requests; and
- to comply with legal obligations.
3. Text messaging
If you provide a mobile number, you consent to receive event-related text messages as described in our SMS / Text Messaging Terms. You can opt out at any time by replying STOP. We do not sell or share your mobile number or your SMS consent with third parties for their own marketing. Message and data rates may apply.
4. How we share information
We share personal information only as follows:
- Service providers (subprocessors) that operate the Platform on our behalf under contract, including: Stripe (payments and payouts), Twilio (text and voice messaging), Resend (email delivery), our identity & background-check provider (Checkr) for events that require vetting, Auth0 (authentication), and Cloudflare and Neon (hosting and database).
- Organizers receive the information needed to run their events, for example, the attendee list, order details, waiver signatures, and vetting outcomes for their own events.
- Legal & safety: when required by law or to protect the rights, safety, and property of Droppin, Organizers, Attendees, or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
5. Cookies
We use strictly necessary cookies to keep you signed in and to keep the Platform secure and functioning. We do not use advertising or cross-site tracking cookies. You can control cookies through your browser, but blocking essential cookies may break parts of the Platform.
6. Retention
We keep personal information for as long as needed to provide the Platform, to comply with legal, tax, and accounting obligations, to resolve disputes, and to enforce our agreements. Order and payment records are typically retained for the period required by law. When information is no longer needed, we delete or de-identify it.
7. Security
We use reasonable administrative and technical safeguards to protect personal information, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
8. Your rights & choices
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to opt out of certain processing. Oregon residents have these rights under the Oregon Consumer Privacy Act; California residents have rights under the CCPA/CPRA; and individuals in the European Economic Area and United Kingdom have rights under GDPR. Because we do not sell personal information or use it for targeted advertising, there is no such activity to opt out of.
To exercise your rights, email privacy@getdroppin.com. We will verify your request and respond as required by law, and we will not discriminate against you for exercising your rights. If we deny your request, you may appeal by replying to our response. For information tied to a specific event, you may also need to contact the Organizer, who controls their own attendee data.
9. Sensitive information
For events that require identity vetting, verification is handled by our verification provider, and we receive only the outcome and limited details needed to grant or deny access. If a verification process involves government ID or biometric data, that processing is governed by the verification provider and is used only to confirm eligibility for the event, not for advertising. We ask that you provide identity information only when an event requires it.
10. Children
The Platform is not directed to children, and you must be at least 18 to create an account or buy tickets. We do not knowingly collect personal information from children under 13. If you believe a child provided us information, contact privacy@getdroppin.com.
11. International users
We operate in the United States, and information is processed here. If you access the Platform from outside the U.S., you understand your information will be transferred to and processed in the U.S., which may have different data-protection laws than your location.
12. Changes to this Policy
We may update this Policy from time to time. We will revise the “Effective” date above and, for material changes, provide reasonable notice.
13. Contact
Droppin · Privacy
Sisters, Oregon 97759
privacy@getdroppin.com