Privacy Policy
V0_25/06/2025
DropBrief.com is owned and operated by
GFBH GROUP LLC
Mailing address for all privacy matters:
4810 Long Beach Blvd, Long Beach, NJ 08008, USA
1. Introduction
This Privacy Policy explains how GFBH GROUP LLC ("DropBrief," "we," "us," or "our") collects, uses, shares and safeguards information when you visit www.dropbrief.com, interact with our Telegram bot, or otherwise use our services (collectively, the "Service").
By accessing or using the Service, you agree to the collection and use of information in accordance with this Policy.
2. Definitions
- •Personal Data ("PD") — information that identifies or can reasonably be linked to an individual.
- •Non-Personal Data ("NPD") — information that cannot be linked to a specific person.
- •Usage Data — data generated automatically by the Service (e.g., pages visited, bot commands issued).
(Definitions adapted from GDPR and U.S. privacy statutes, consistent with Zendrop's terminology)
3. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Identity & Contact | Name, email, Telegram @handle, billing address | You |
| Preferences | Target markets, product categories, price ranges | You |
| Payment | Stripe customer ID, last-4 of card (full card data never hits our servers) | Stripe |
| Usage | IP address, device type, referral UTM, pages viewed, bot commands | Automatic |
| Cookies / Local Storage | Session ID, analytics tags | Automatic via browser |
Identity & Contact
Examples: Name, email, Telegram @handle, billing address
Source: You
Preferences
Examples: Target markets, product categories, price ranges
Source: You
Payment
Examples: Stripe customer ID, last-4 of card (full card data never hits our servers)
Source: Stripe
Usage
Examples: IP address, device type, referral UTM, pages viewed, bot commands
Source: Automatic
Cookies / Local Storage
Examples: Session ID, analytics tags
Source: Automatic via browser
4. How We Use Your Data
- Provision of Service — deliver and personalise the weekly Dropship Brief.
- Billing & Account Management — process payments, send invoices, manage trials.
- Analytics & Improvement — understand usage patterns to enhance features.
- Marketing — e-mail or Telegram updates (you can opt out anytime).
- Legal & Security — detect fraud, enforce Terms of Service, comply with lawful requests.
Legal bases under the EU/UK GDPR: Contract, Legitimate Interest, Consent, Legal Obligation.
5. Sharing & Disclosure
| Recipient | Purpose | Safeguards |
|---|---|---|
| Stripe, Inc. | Payment processing | PCI-DSS compliant |
| Amazon Web Services / Vercel | Hosting, data storage | SOC-2 & ISO 27001 |
| Google Analytics 4 | Site usage analytics (IP anonymised) | Data processing addendum |
| OpenAI, LLC | Generate brief copy; only prompt text sent | Model access via TLS |
Stripe, Inc.
Purpose: Payment processing
Safeguards: PCI-DSS compliant
Amazon Web Services / Vercel
Purpose: Hosting, data storage
Safeguards: SOC-2 & ISO 27001
Google Analytics 4
Purpose: Site usage analytics (IP anonymised)
Safeguards: Data processing addendum
OpenAI, LLC
Purpose: Generate brief copy; only prompt text sent
Safeguards: Model access via TLS
We never sell Personal Data. We may disclose information if required by law, during a business transfer, or to protect rights and safety.
6. International Transfers
Data is stored in the United States. By using the Service, you consent to this transfer.
7. Retention
- •Account & profile data — until you delete your account or 5 years after last activity, whichever comes first.
- •Usage logs — 24 months.
- •Payment records — 7 years (IRS compliance).
8. Security
TLS 1.2+ encryption in transit; AES-256 at rest; least-privilege IAM; API keys held in AWS Secrets Manager. No method of transmission is 100% secure, but we follow industry best practice.
9. Your Rights
| Jurisdiction | Rights |
|---|---|
| EEA / UK (GDPR) | Access, Rectification, Erasure, Restriction, Portability, Objection, Automated-decision review |
| California (CCPA/CPRA) | Know, Delete, Correct, Opt-out of "sale/share", Limit use of sensitive data |
| Virginia / Colorado / Connecticut / Utah | Similar consumer rights as above |
EEA / UK (GDPR)
Access, Rectification, Erasure, Restriction, Portability, Objection, Automated-decision review
California (CCPA/CPRA)
Know, Delete, Correct, Opt-out of "sale/share", Limit use of sensitive data
Virginia / Colorado / Connecticut / Utah
Similar consumer rights as above
Submit any request via [email protected]; we will verify and respond within 30 days.
10. Cookies & Tracking Technologies
We use first-party cookies for authentication and third-party cookies (Google Analytics 4) for aggregated metrics. You may disable non-essential cookies through our banner or your browser settings.
11. Third-Party Links
Briefs contain links to external sites (e.g., AliExpress, Facebook Ad Library). We are not responsible for their privacy practices; consult their policies before providing Personal Data.
12. Children's Privacy
The Service is not directed to anyone under 16. We do not knowingly collect data from minors. Contact us if you believe a child has provided Personal Data.
13. Changes to This Policy
We may update this Policy. Material changes will be posted here and emailed to active subscribers at least 14 days before they take effect.