Privacy Policy

Last updated: January 2026

HotDrop ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you use our platform.

Information We Collect

Information from Google OAuth

When you sign in with Google, we collect:

• Your name and email address
• Your profile picture
• Your YouTube channel ID and subscriber count (to verify creator status)

Information from Other OAuth Providers

If you connect additional platforms, we may collect:

• Twitch: Username, follower count, and profile information
• Additional platforms as they become available

Information You Provide

• Profile information (bio, display name, custom avatar)
• Content you create (posts, Stories, messages, comments)
• Circle memberships and participation
• Media Kit information you choose to display

Automatically Collected Information

• Device information (device type, operating system)
• Usage data (features used, interactions, timestamps)
• Log data (IP address, browser type, access times)

How We Use Your Information

We use your information to:

• Verify your creator status through connected platforms
• Provide and improve HotDrop's features
• Display your public profile and Media Kit
• Enable communication between users (messaging, Circles)
• Send important account notifications
• Protect against fraud and abuse
• Analyze aggregate usage to improve the platform

Sharing and Disclosure of Information

We Do NOT:

• Sell your personal data to third parties
• Share your data with advertisers
• Use your data for targeted advertising
• Allow third-party apps to access your data without your explicit consent

We May Share Information With:

Service Providers: We use trusted third-party services to operate HotDrop:

• Supabase: Database and authentication infrastructure (stores your account data)
• Cloudinary: Media storage and processing (stores images and videos you upload)
• Expo/Apple/Google: Push notification delivery

These providers are contractually bound to protect your data and may only use it to provide services to us.

Legal Requirements: We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of HotDrop, our users, or others.

Business Transfers: If HotDrop is acquired or merged, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

Sharing of Google User Data

HotDrop shares Google user data only with service providers that are necessary to operate the platform and only for the purposes described in this Privacy Policy.

Specifically, Google user data may be shared with:

• Supabase (database and authentication infrastructure) — to store account records securely
• Cloud infrastructure providers — to host HotDrop's backend services
• Apple, Google, and Expo — solely to deliver push notifications if you enable them

We do not share Google user data with advertisers, data brokers, analytics platforms for ad targeting, or any unrelated third parties.

Google user data is never sold, never rented, and never used for advertising or marketing purposes.

HotDrop's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Data Protection and Security

We treat Google user data as sensitive personal data and apply industry-standard safeguards to protect it.

Our data protection measures include:

• Encryption in Transit: All data, including Google OAuth data, is encrypted using TLS/HTTPS during transmission.
• Encryption at Rest: Sensitive user data is encrypted while stored in our databases.
• Access Controls: Access to user data is restricted to authorized personnel only and logged for auditing.
• OAuth Token Security: OAuth access tokens are stored securely and are never exposed to other users or third parties.
• Least-Privilege Principle: We request only the minimum OAuth scopes required to provide HotDrop functionality.
• Security Monitoring: We monitor systems for unauthorized access and regularly review security practices.

Data Retention and Deletion

Google User Data Retention

We retain Google user data only for as long as necessary to provide HotDrop's services.

• Google account data (name, email, profile image): Retained while your HotDrop account remains active.
• YouTube channel ID and subscriber count: Used for creator verification and refreshed periodically. Historical verification data is not retained longer than necessary.
• OAuth access tokens: Stored securely and revoked automatically when access is removed or your account is deleted.

General Data Retention

• Account Data: Retained while your account is active
• Content You Create: Retained until you delete it or your account
• Usage Logs: Retained for up to 12 months for security and analytics

Deletion of Google User Data

You may delete your Google user data at any time by:

• Deleting your HotDrop account — Request full account deletion by emailing support@joinhotdrop.com
• Revoking HotDrop's access — Remove HotDrop's access via your Google Account Permissions

Upon account deletion:

• Google user data is permanently deleted from active systems within 30 days
• Residual encrypted backups may persist for up to 90 days for disaster recovery
• No Google user data is retained beyond this period unless required by law

Deleting Other Content

You can delete specific content (posts, Stories, messages) directly within the app at any time.

Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to certain processing
• Export your data in a portable format

To exercise these rights, contact us at support@joinhotdrop.com.

Children's Privacy

HotDrop is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it promptly.

Third-Party Links

HotDrop may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending you a notification if required by law

Your continued use of HotDrop after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: support@joinhotdrop.com