Privacy Policy

1. Introduction

Dripper.ai is operated by LearningBerry LLC, a Delaware limited liability company doing business as Dripper.AI ("Dripper.ai," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at dripper.ai, use our design studio, marketplace, or any related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account information: Email address, name, and profile picture (via Google OAuth or email sign-in).
Seller profile information: If you become a seller, we collect your country, tax form type (W-9 or W-8BEN), identity verification data, payout preferences (Stripe Connect or PayPal email), and a mailing address for CAN-SPAM compliance.
Store information: Store name, bio, social media links, branding assets (avatar, banner images), custom domain settings, and SEO metadata.
Product listings: Titles, descriptions, tags, pricing, mockup images, and design files you upload or create.
Design content: AI prompts, uploaded images, design projects, and generated artwork created in our studio.
Order information: Shipping address, selected products, quantities, and order preferences (collected via Stripe Checkout).
Newsletter subscriptions: Email address, name, and subscription preferences if you subscribe to a seller's newsletter.
Communications: Any messages or information you send to us via email or support channels.

2.2 Information Collected Automatically

Device and browser information: Browser type, operating system, and device type (via standard HTTP headers).
IP address: Used transiently for rate limiting and geolocation. We do not store IP addresses in our database, except as part of newsletter consent records for GDPR compliance.
Geolocation: Approximate country-level location derived from your IP address (via Vercel Edge), stored in a cookie for regional pricing and compliance purposes.
Usage data: Pages visited, features used, AI generation counts, and credits consumed during each billing period.
Referrer information: The URL that referred you to our Service.

2.3 Information from Third Parties

Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture from Google.
Stripe: Payment confirmation, subscription status, and Connect account status. We do not receive or store your full credit card number.
Printful: Order fulfillment status, tracking numbers, and shipping carrier information.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: Operating the design studio, marketplace, and print-on-demand fulfillment.
Account management: Creating and maintaining your account, authenticating your identity, and managing subscriptions.
Order processing: Processing purchases, coordinating print fulfillment with Printful, and delivering tracking updates.
AI generation: Sending your prompts and images to AI service providers to generate designs on your behalf.
Seller payouts: Calculating commissions, tracking earnings, and processing payouts via Stripe Connect.
Communications: Sending transactional emails (order confirmations, magic link sign-ins) and responding to support inquiries.
Improvement and analytics: Understanding how the Service is used to improve features, fix bugs, and develop new products.
Security and fraud prevention: Rate limiting, CSRF protection, and detecting abusive behavior.
Legal compliance: Meeting tax, financial, and regulatory obligations.

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

Legal Basis	Processing Activity
Contract performance	Account creation, order processing, seller payouts, subscription management
Legitimate interests	Service improvement, analytics, fraud prevention, security
Consent	Newsletter subscriptions, optional seller tracking pixels, marketing communications
Legal obligation	Tax reporting, financial record-keeping, law enforcement requests

5. Third-Party Services

We share your information with the following categories of service providers, solely to operate the Service. We do not sell your personal data to any third party.

5.1 Authentication

Google OAuth: Provides social login. Receives and returns your name, email, and profile picture. Subject to Google's Privacy Policy.
Resend: Sends magic link authentication emails and transactional emails. Receives your email address. Subject to Resend's Privacy Policy.

5.2 Payments

Stripe: Processes payments and seller payouts. Receives order details, amounts, your email, and shipping address. Stripe collects payment card information directly; we never see or store your full card number. Subject to Stripe's Privacy Policy.

5.3 Print Fulfillment

Printful: Fulfills print-on-demand orders. Receives design files, product details, your shipping address, and email for order notifications. Acts as a data processor on our behalf. Subject to Printful's Privacy Policy.

5.4 Hosting and Infrastructure

Vercel: Hosts our website and provides edge computing, blob storage (for images), and KV storage (for caching). Subject to Vercel's Privacy Policy.
Upstash (QStash): Manages background job queues for asynchronous processing. Subject to Upstash's Privacy Policy.
PostgreSQL database: Stores account data, orders, listings, and usage records in a managed database.

6. AI Services & Generated Content

Our design studio uses artificial intelligence to generate images based on your prompts. When you use AI generation, the following data may be sent to one or more AI service providers:

Your text prompt (which may be enhanced with style and technique templates)
Reference images or source images you upload (sent as image data)
Style preferences, aspect ratio, and other generation parameters

We use the following AI providers:

Google Vertex AI & Imagen: Subject to Google Cloud Privacy Notice.
Google Gemini: Subject to Google AI Terms.
OpenAI: Subject to OpenAI's Privacy Policy.
Stability AI: Subject to Stability AI's Privacy Policy.

We log your prompts and generation results internally for analytics, quality improvement, and credit accounting. Prompt logs are associated with your user ID and include the text of your prompt and the number of images generated.

7. Seller Stores & Tracking

Sellers on Dripper.ai can create storefronts that may include optional third-party tracking pixels. If a seller has configured tracking pixels on their store, the following third-party scripts may load when you visit that seller's store pages:

Google Analytics 4 (GA4)
Meta (Facebook) Pixel
TikTok Pixel
Pinterest Tag
Google Ads Conversion Tracking
Snapchat Pixel
Twitter (X) Pixel
Bing UET (Microsoft Advertising)
Reddit Pixel

These tracking pixels are configured and controlled by individual sellers, not by Dripper.ai. They may collect data such as product page views, add-to-cart events, and purchase conversions. Each pixel is governed by its respective provider's privacy policy. Dripper.ai does not control how sellers use these tracking tools.

Embed widget: Our embeddable product widget (embed.js) does not set cookies, does not use localStorage, and does not collect any visitor data. It only fetches and displays product information.

8. Cookies & Local Storage

8.1 Cookies

Cookie	Purpose	Duration	Type
Session token	Authentication (keeps you signed in)	30 days	Essential
CSRF token	Security (prevents cross-site request forgery)	Session	Essential
detected_country	Geolocation (regional pricing and compliance)	30 days	Functional

We use only essential and functional cookies. We do not use advertising or analytics cookies on the main Dripper.ai platform. Seller stores may set additional cookies via their configured tracking pixels (see Section 7).

8.2 Local Storage

React Query cache: Caches category and product data locally to improve performance. Expires after 24 hours.
Session ID: A randomly generated identifier for cart persistence across page loads.
Pending purchase data: Temporarily stores cart items during checkout for seller tracking pixel conversion events. Cleared after use.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share data only in the following circumstances:

Service providers: As described in Sections 5 and 6, with vendors who help us operate the Service.
Order fulfillment: Shipping address and order details are shared with Printful to produce and deliver your order.
Seller-configured pixels: If you visit a seller store with tracking pixels enabled, those third-party scripts may collect data as described in Section 7.
Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
With your consent: We may share information in other circumstances if you give us explicit consent.

10. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Policy:

Account data: Retained while your account is active. Deleted upon account deletion request.
Order and transaction records: Retained for 7 years after the transaction date for tax and legal compliance.
AI generation logs: Retained for up to 90 days for analytics and quality improvement, then anonymized or deleted.
Seller financial records: Retained for 7 years for tax reporting obligations.
Newsletter subscriber data: Retained until unsubscription or deletion request. Consent audit trails are retained for 3 years after unsubscription for compliance.
Uploaded assets: Image files stored in Vercel Blob are deleted when you delete the associated design, listing, or account.

Account Deletion

You can delete your account at any time from your account settings. Account deletion permanently removes your profile, projects, designs, library items, prompt logs, and order records from our database. Active Stripe subscriptions and Connect accounts are also canceled. Certain data may be retained as required by law (e.g., financial records for tax compliance).

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data (subject to legal retention requirements).
Restriction: Request that we limit processing of your data in certain circumstances.
Data portability: Request your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
Lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at support@dripper.ai. We will respond within 30 days (or sooner if required by applicable law).

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to know: You can request the categories and specific pieces of personal information we have collected about you.
Right to delete: You can request deletion of your personal information, subject to certain exceptions.
Right to correct: You can request correction of inaccurate personal information.
Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of personal information collected: Identifiers (name, email), commercial information (order history), internet activity (usage data, pages visited), geolocation data (country), and professional information (seller tax forms).

To submit a request, email support@dripper.ai with the subject line "California Privacy Request." We will verify your identity before processing the request.

13. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 17, you may use the Service only with the consent of a parent or legal guardian.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a child under 13, please contact us at support@dripper.ai.

14. Email Marketing & CAN-SPAM

Transactional emails: We send transactional emails related to your account (magic link sign-in, order confirmations). These are not marketing emails and are necessary for the operation of the Service.

Seller newsletters: Sellers may operate email newsletters for their stores. If you subscribe to a seller's newsletter, we use a double opt-in process: you will receive a confirmation email, and your subscription only becomes active after you confirm. You can unsubscribe at any time via the unsubscribe link in each email.

In compliance with CAN-SPAM, GDPR, and applicable email marketing laws:

We record your consent with a full audit trail (timestamp, IP, user agent, and the exact consent text shown).
Every marketing email includes a clear unsubscribe mechanism.
We honor unsubscribe requests promptly (within 10 business days or sooner).
Marketing emails identify the sender and include a valid physical mailing address.

15. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

HTTPS encryption for all data in transit.
JWT-based session management with HttpOnly, Secure, and SameSite cookie attributes.
CSRF token validation on all state-changing operations.
Rate limiting to prevent abuse and brute-force attacks.
OAuth token storage with encryption at the application layer.
Role-based access controls for administrative functions.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

16. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from your jurisdiction.

For transfers from the EEA, UK, or Switzerland, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission.
The EU-U.S. Data Privacy Framework (where applicable).
Adequacy decisions where available.

By using the Service, you acknowledge that your data may be processed in the United States and other jurisdictions as described in this Policy.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

18. Contact Us

If you have questions or concerns about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us:

LearningBerry LLC (DBA Dripper.AI)

2811 Ponce de Leon Boulevard, Suite 1150

Coral Gables, FL 33134

United States

Email: support@dripper.ai