Information Collection and Use
Droplet collects data of two main types:
- directly from our public website for sales and marketing purposes
- through our web application on behalf of our customers via digital forms and workflows
Data Collected by Droplet
You may provide your name, email, and phone number through our public website's contact forms to learn more about our Service. By providing this information, you agree to being contacted by us. We may use the information collected through our public website's contact forms in our marketing efforts to promote the Service. You can choose to opt-out by clicking "unsubscribe" in our marketing emails or by contacting us at firstname.lastname@example.org.
Droplet allows customers to login using their preferred Single Sign On (SSO) provider. In order to use the Service, you will be required to provide your name and email. If you choose to use Google OAuth to sign in to your Droplet account, we will ask for your consent to collect your email, Google profile, and Google OpenID from Google. If you give your consent, Google will provide us with this information.
In order to provide the Service, we will store your email address in our database. This email will be used as an identifier for your account to enable future logins and may be used to send transactional emails as part of the Service. It will not be shared with third parties except as necessary to provide the Service. Your account data will not be shared under any other circumstance.
Data Collected by Our Customers
Droplet enables our customers to collect data through customizable forms and workflows. Our customers define the type of data collected according to their operational needs, which may include personally identifiable information (PII).
Droplet provides the Service on behalf of and at the direction of our customers and as such is considered a “data processor". Our customers are the "data controller" and control the collection, input, use, retention, disposal, and disclosure of data stored in the Service. Our customers are solely responsible for obtaining the right to collect, use, and share the data they collect using the Service.
Droplet does not own any of the data that our customers collect through utilization of the Service. Except as required by law or by our customers, Droplet cannot delete, change, or disclose any data controlled by our customers from the Service. Data subjects who have concerns about data that may have been collected through the Service should contact the customer who collected the data.
Droplet retains all data collected on behalf of our customers pursuant to contractual terms as long as the account is active and in good standing. Expired account data will be retained for a period of 30 days after which it will be permanently deleted (except when required by law to retain). Any data deletion requests initiated by our customers will be honored within a commercially reasonable timeframe.
Cookies are text files with small pieces of data — like an account ID or email — that are used to identify your computer as you use a computer network. Cookies are commonly used to keep you logged in to a website or to identify you for advertising purposes. The files are sent to your browser from the websites that you visit and are stored on your computer's hard drive.
Droplet thoroughly evaluates and utilizes third parties in order to provide the Service. All third parties are obligated not to disclose or use any data they receive for any other purpose. Droplet does not rent, sell, or otherwise provide access to customer data to third parties for marketing or advertising purposes. Droplet may update the third parties we use from time to time in order to better provide the Service and will notify customers of any material changes. Please reach out to us at email@example.com if you have any concerns or would like to opt out of data sharing. Please note that opting out may require discontinuing the use of certain features or the Service entirely.
Droplet uses physical, operational, and technological measures to ensure data security and privacy, including application firewalls, data encryption, physical access controls, annual security trainings, and criminal background checks of all employees. These safeguards are designed to protect against the loss, misuse, and unauthorized access or disclosure of customer data. All of the data collected as part of the Service is encrypted in transit and at rest. Droplet verifies its operational security on an annual basis by undergoing an independent SOC 2 Type II audit. Over the course of the audit, Droplet demonstrates its adherence with the principles set forth in Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (AICPA, TSP Section 100).
Droplet does not display any advertising as part of the Service. Droplet does not sell or otherwise use or disclose customer data for behavioral or targeted advertising. Google Analytics cookies are used on our public website for purposes of retargeting, analytics, and marketing attribution. You can opt out of Google Analytics services here.
Droplet does not provide the Service to anyone under the age of 13. We do not knowingly collect personally identifiable information (PII) from children under 13. In the case we discover that a child under 13 has provided us with PII, this information is immediately and permanently deleted from our Service. If you are a parent or guardian and you are aware that your child has provided us with PII, please contact us at firstname.lastname@example.org so that we can perform the necessary actions.