Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

We collect and process the following categories of personal data:

Account Data

When you create an account, we collect your name, email address, and password (securely hashed). This information is necessary to provide you access to our service and manage your subscription.

Usage Data

We collect information about how you use TypenDrop, including:

• Prompts you submit for page generation
• Generated content and templates
• Feature usage and interaction patterns
• Session duration and frequency
• Credits consumed and generation history

WordPress Connection Data

To enable page deployment to your WordPress site, we collect:

• WordPress site URL
• Application password or API credentials (encrypted at rest)
• Connected site metadata

Important: Your WordPress credentials are encrypted using industry-standard encryption and are only used to authenticate with your WordPress installation.

Payment Data

Payment processing is handled by our payment provider (Stripe via Autumn). We do not store your full credit card details on our servers. We receive and store:

• Transaction identifiers
• Subscription status and plan details
• Billing history and invoice data
• Last four digits of payment method (for display purposes)

Device and Technical Data

We automatically collect certain technical information, including:

• IP address (anonymized for analytics)
• Browser type and version
• Operating system
• Device type
• Referring URLs

Analytics and Marketing Data

With your consent, we collect analytics data through Google Analytics and conversion tracking through Meta Pixel and Google Ads. See our Cookie Policy for details.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

Contract Performance (Art. 6.1.b)

Processing necessary to provide our service to you, including:

• Account creation and management
• Page generation and deployment
• Subscription and billing management
• Customer support

Consent (Art. 6.1.a)

Processing based on your explicit consent, which you may withdraw at any time:

• Analytics cookies (Google Analytics)
• Marketing cookies (Meta Pixel, Google Ads)
• Marketing communications and newsletters

Legitimate Interest (Art. 6.1.f)

Processing necessary for our legitimate business interests, balanced against your rights:

• Service security and fraud prevention
• Service improvement and bug fixing
• Usage analytics (aggregated and anonymized)
• Legal compliance and dispute resolution

4. Purposes of Processing

We use your personal data for the following purposes:

• Service Delivery: Generating AI-powered Elementor pages based on your prompts
• WordPress Integration: Deploying generated content to your connected WordPress sites
• Account Management: Managing your account, preferences, and subscription
• Billing: Processing payments and managing subscriptions
• Support: Responding to your inquiries and providing customer support
• Improvement: Analyzing usage patterns to improve our AI models and user experience
• Security: Detecting and preventing fraud, abuse, and security threats
• Communications: Sending service-related notifications and, with consent, marketing updates
• Legal Compliance: Fulfilling legal obligations and responding to lawful requests

5. Data Recipients

We share your personal data with the following categories of recipients:

Service Providers

We never sell your personal data to third parties for their own marketing or other purposes.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. When we transfer your data outside the EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
• Data Processing Agreements: Binding agreements with all processors
• Technical Measures: Encryption in transit and at rest
• Transfer Impact Assessments: Regular evaluation of transfer risks

You may request a copy of the safeguards we use by contacting us at privacy@typendrop.com.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

8. Your Rights (GDPR Art. 15-22)

Under the GDPR and applicable data protection laws, you have the following rights:

Right of Access

You can request a copy of all personal data we hold about you, along with information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when it's no longer necessary for the purposes collected, or when you withdraw consent.

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances, such as while we verify accuracy or assess a deletion request.

Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service provider.

Right to Object

You can object to processing based on legitimate interest. We will stop processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@typendrop.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority. In Italy, this is the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in Transit: All data transmitted using TLS 1.3
• Encryption at Rest: Sensitive data encrypted using AES-256
• Access Controls: Role-based access with principle of least privilege
• Secure Authentication: Passwords hashed using bcrypt, optional 2FA
• Infrastructure Security: Hosted on SOC 2 compliant platforms
• Regular Audits: Periodic security assessments and monitoring
• Incident Response: Documented procedures for breach response

10. Cookies and Tracking

We use cookies and similar technologies on our website. These include:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Google Analytics for usage insights (with consent)
• Marketing Cookies: Meta Pixel, Google Ads for advertising (with consent)

For comprehensive information about the cookies we use and how to manage them, please see our Cookie Policy.

11. Children's Privacy

TypenDrop is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately at privacy@typendrop.com, and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will notify you via email for significant changes
• We may display a prominent notice within the application

We encourage you to review this policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority: You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):