20% OFF SUMMER SALE • ENDS JUN 5, 2026
Dripper.aiTerms of Service

Privacy Policy

Last updated: May 23, 2026

1. Introduction

Dripper.ai is operated by Dripper, LLC, a Delaware limited liability company ("Dripper.ai," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at dripper.ai and place an order for our print-on-demand apparel and accessories (the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address, name, and profile picture (via Google OAuth or email sign-in).
  • Order information: Shipping address, selected products, quantities, and order preferences (collected via Stripe Checkout).
  • Communications: Any messages or information you send to us via email or support channels.

2.2 Information Collected Automatically

  • Device and browser information: Browser type, operating system, and device type (via standard HTTP headers).
  • IP address: Used transiently for rate limiting and geolocation. We do not store IP addresses in our database.
  • Geolocation: Approximate country-level location derived from your IP address (via Vercel Edge), stored in a cookie for regional pricing and compliance purposes.
  • Usage data: Pages visited and features used.
  • Referrer information: The URL that referred you to our Service.

2.3 Information from Third Parties

  • Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture from Google.
  • Stripe: Payment confirmation and subscription status. We do not receive or store your full credit card number.
  • Printful: Order fulfillment status, tracking numbers, and shipping carrier information.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Operating dripper.ai and our print-on-demand catalog.
  • Account management: Creating and maintaining your account and authenticating your identity.
  • Order processing: Processing purchases, coordinating print fulfillment with Printful, and delivering tracking updates.
  • Communications: Sending transactional emails (order confirmations, magic link sign-ins) and responding to support inquiries.
  • Improvement and analytics: Understanding how the Service is used to improve features, fix bugs, and develop new products.
  • Security and fraud prevention: Rate limiting, CSRF protection, and detecting abusive behavior.
  • Legal compliance: Meeting tax, financial, and regulatory obligations.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

Legal BasisProcessing Activity
Contract performanceAccount creation, order processing
Legitimate interestsService improvement, analytics, fraud prevention, security
ConsentMarketing communications and consent-gated tracking pixels
Legal obligationTax reporting, financial record-keeping, law enforcement requests

5. Third-Party Services

We share your information with the following categories of service providers, solely to operate the Service. We do not sell your personal data to any third party.

5.1 Authentication

  • Google OAuth: Provides social login. Receives and returns your name, email, and profile picture. Subject to Google's Privacy Policy.
  • Resend: Sends magic link authentication emails and transactional emails. Receives your email address. Subject to Resend's Privacy Policy.

For Google sign-in, we request the standard OpenID Connect scopes openid, email, and profile so we can authenticate you and prefill your basic account record. We do not use Google sign-in to request Gmail, Drive, Calendar, or other Google Workspace data.

5.2 Payments

  • Stripe: Processes payments. Receives order details, amounts, your email, and shipping address. Stripe collects payment card information directly; we never see or store your full card number. Subject to Stripe's Privacy Policy.

5.3 Print Fulfillment

  • Printful: Fulfills print-on-demand orders. Receives design files, product details, your shipping address, and email for order notifications. Acts as a data processor on our behalf. Subject to Printful's Privacy Policy.

5.4 Hosting and Infrastructure

  • Vercel: Hosts our website and provides edge computing, blob storage (for images), and KV storage (for caching). Subject to Vercel's Privacy Policy.
  • PostgreSQL database: Stores account data and order records in a managed database.

6. First-Party Analytics & Marketing Pixels

We load the following first-party analytics and marketing tags on dripper.ai for site analytics and ad-attribution purposes:

  • Google Analytics 4 (GA4): page-view, session, and Web Vitals telemetry. Subject to Google's Privacy Policy.
  • Pinterest Tag: the Pinterest base pixel loads on dripper.ai for marketing-attribution and conversion-reporting purposes. Subject to Pinterest's Privacy Policy.
  • Google Ads Conversion Tracking (AW-18179565024): the Google Ads global site tag (gtag.js) loads on every page, and a purchase conversion event fires on the order-confirmation page (/orders/[session]) after a successful checkout. We use this to attribute paid-traffic conversions and measure ad performance.

    Enhanced Conversions (hashed PII): as part of the purchase conversion event, we pass the customer's email address and phone number to the Google tag (gtag.js) along with the transaction value, currency, and order ID. The Google tag applies SHA-256 hashing to the email and phone in the user's browser before transmission — plaintext email and phone are never sent over the network to Google.

Lawful basis (GDPR): for visitors in the EU, UK, Switzerland, and other jurisdictions requiring opt-in consent, all three of GA4, the Pinterest Tag, and the Google Ads conversion tag (including the Enhanced Conversions hashed-PII transmission) are processed under your consent (GDPR Art. 6(1)(a)) and are blocked until you accept the consent banner. For visitors outside opt-in-consent jurisdictions, we process this data on the basis of legitimate interests (GDPR Art. 6(1)(f)) in measuring and optimizing our advertising spend.

7. Cookies & Local Storage

7.1 Cookies

CookiePurposeDurationType
Session tokenAuthentication (keeps you signed in)30 daysEssential
CSRF tokenSecurity (prevents cross-site request forgery)SessionEssential
detected_countryGeolocation (regional pricing and compliance)30 daysFunctional
dr_consentStores your cookie-banner choice180 daysEssential
_ga, _ga_*Google Analytics 4 — visitor and session identificationUp to 2 yearsAnalytics (consent-gated in EU/UK)
_gcl_au, _gcl_aw, _gac_*Google Ads — conversion attribution90 daysAdvertising (consent-gated in EU/UK)
_pin_unauth, _pinterest_*Pinterest Tag — visitor identificationUp to 1 yearAdvertising (consent-gated in EU/UK)

Essential and functional cookies always load. Analytics and advertising cookies (GA4, Google Ads, Pinterest) load for ad-attribution and analytics purposes; in the EU, UK, Switzerland, and other opt-in-consent jurisdictions they are blocked until you accept the consent banner.

7.2 Local Storage

  • React Query cache: Caches category and product data locally to improve performance. Expires after 24 hours.
  • Session ID: A randomly generated identifier for cart persistence across page loads.

8. Data Sharing & Transfers

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share data only in the following circumstances:

  • Service providers: As described in Sections 5 and 6, with vendors who help us operate the Service.
  • Order fulfillment: Shipping address and order details are shared with Printful to produce and deliver your order.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With your consent: We may share information in other circumstances if you give us explicit consent.

9. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Policy:

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Order and transaction records: Retained for 7 years after the transaction date for tax and legal compliance.

Account Deletion

You can delete your account at any time by contacting us at support@dripper.ai. Account deletion permanently removes your profile and order history from our database. Certain data may be retained as required by law (e.g., financial records for tax compliance).

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Data portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
  • Lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at support@dripper.ai. We will respond within 30 days (or sooner if required by applicable law).

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know: You can request the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to correct: You can request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: We do not sell your personal information for money. However, because we run first-party marketing pixels (Google Ads conversion tag including Enhanced Conversions with hashed email/phone, Pinterest Tag, GA4) that may transmit identifiers used for cross-context behavioral advertising, California treats this as "sharing" under CPRA. You can opt out at any time by emailing support@dripper.ai.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of personal information collected: Identifiers (name, email), commercial information (order history), internet activity (usage data, pages visited), and geolocation data (country).

12. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 17, you may use the Service only with the consent of a parent or legal guardian.

If you believe we have inadvertently collected data from a child under 13, please contact us at support@dripper.ai.

13. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit.
  • JWT-based session management with HttpOnly, Secure, and SameSite cookie attributes.
  • CSRF token validation on all state-changing operations.
  • Rate limiting to prevent abuse and brute-force attacks.
  • OAuth token storage with encryption at the application layer.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

14. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-U.S. Data Privacy Framework where applicable.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us:

Dripper, LLC

1309 Coffeen Avenue STE 1200

Sheridan, WY 82801

United States

Email: support@dripper.ai