Dropouts Technologies Back to site
Legal

Privacy Policy

Last updated: 2 May 2026 Effective: 2 May 2026 Applies to: dropouts.in & all our published apps

00The short version

This is the long-form policy that lawyers in three jurisdictions made us write. Before you scroll, here's the honest summary in plain English.

We're in the selling apps business, not the selling your data business. We don't sell or rent your personal data to anyone. Full stop.

  • We collect the minimum we need to run our apps and respond to you.
  • Most of our apps process data on-device. When data leaves your phone, we tell you why.
  • You can ask for a copy of your data, ask us to delete it, or change your mind, any time.
  • If you're in the EU, UK, EEA, Switzerland or California, your local laws apply on top of this policy. We honour them.

01Scope & per-app privacy notice

This policy is a generic umbrella. It covers our website (dropouts.in) and every iOS, iPadOS, watchOS and Android app published by Dropouts Technologies LLP, unless a specific app ships its own policy that overrides parts of this one.

Important: read the App Store privacy details for the specific app you use. Each of our apps publishes its own App Privacy card on its App Store listing (Apple's "Data Used to Track You", "Data Linked to You" and "Data Not Linked to You" panels). Those App Store disclosures are accurate and authoritative for that specific app. If anything in this generic umbrella policy looks broader than what an app actually does, the App Store privacy card for that app is what governs in practice.

You can see all our apps and their privacy cards on our developer page: apps.apple.com/developer/dropouts-technologies-llp.

We've written this generic umbrella so we don't have to re-publish a near-identical policy for every app, and so you have one stable URL to read. If a specific app's behaviour ever differs, that app's App Store card is the source of truth, and you can ask us at [email protected] for clarification.

02Who we are

The data controller for the personal data described in this policy is:

Dropouts Technologies LLP
605, Teerth Technospace
Mumbai-Bangalore Highway, Baner
Pune, Maharashtra 411045, India

For privacy questions and rights requests, write to [email protected]. We aim to reply within seven working days.

We do not have a designated Data Protection Officer because we are not required to appoint one under Article 37 GDPR (we are not a public authority and our core activities do not consist of large-scale, systematic monitoring of data subjects or processing special categories of data on a large scale). Privacy queries from any jurisdiction can be sent to the address above.

03What information we collect

In short We collect what you give us (e.g. an email if you write to us), what your device tells our server (e.g. a crash log), and what's needed to make a feature work. Most of our apps do most of their work locally on your device.

3.1 Information you give us

  • Contact details: your email address (and anything else in the message) when you email us, fill in a form, or open a support ticket.
  • App content you choose to send to us: notes, photos, files or settings only when a specific feature explicitly asks you to upload them (e.g. cloud sync). Most app content stays on your device.
  • Account info: a few of our apps offer optional sign-in. If you sign in, we receive what the sign-in provider gives us (typically email and a stable user identifier). We never receive your password.
  • Subscription & purchase records: if you buy an in-app subscription, Apple or Google (not us) processes the payment. We receive a transaction receipt to verify your subscription is active. We do not see card numbers.

3.2 Information collected automatically

  • Diagnostic & crash data: anonymised crash reports, performance metrics and feature-usage counters so we can find and fix bugs. We use Apple's built-in Analytics & Improvements framework where possible (which is opt-in on iOS).
  • Device & environment: device model, operating system version, app version, language and rough geographic region (country level). This is the standard envelope every server receives when an app makes a request, and it is used to format responses correctly and triage issues.
  • IP address: temporarily logged as part of standard server logging so we can prevent abuse, fight fraud and keep services online. Logs are typically retained for 30 days.

3.3 What we do not collect

  • We do not collect your contacts, photos library, microphone or location unless a specific feature you start needs it. iOS and Android will always ask you first.
  • We do not maintain advertising identifiers, build advertising profiles, or share data with ad networks. Where an app has no ads, that's the end of the story; where an app does carry advertising, the App Store privacy card for that app makes it explicit.
  • We do not collect special-category data under Article 9 GDPR (health, biometric, racial, religious, political, sexual orientation, etc.) except where an app's purpose is exactly that (for example, a medication tracker stores the medication you log). The relevant App Store card will say so, and storage in those cases is local to your device.

04Why we use your information

We process personal data for the following purposes only:

  1. To make the app work: deliver the feature you tapped, sync your settings if you asked us to, restore your purchase, send a notification you opted into.
  2. To support you: answer your email, debug a problem you reported, send you a fixed build.
  3. To keep the service safe: detect abuse, prevent fraud, rate-limit attacks, comply with court orders.
  4. To improve our apps: aggregate, anonymised analytics on which features are used, where crashes happen, how slow a screen feels.
  5. To meet legal obligations: tax, accounting, financial-reporting and similar laws that apply to a registered company.

We do not use your personal data for marketing emails, profiling, automated decisions with legal effect, or sale to third parties. Ever.

06Who we share information with

We share personal data only with the categories below, only to the extent necessary, and only under written contracts that bind them to confidentiality and adequate security (typically GDPR Article 28 data-processing agreements where applicable).

  • Cloud infrastructure providers: Amazon Web Services (AWS) and similar, who host our servers and store crash logs. AWS is GDPR-compliant and certified under common security standards (ISO 27001, SOC 2 Type II).
  • App distribution platforms: Apple (App Store, iCloud where used by an app) and Google (Play Store), who handle distribution, subscriptions and platform-level analytics.
  • Crash reporters & analytics: Apple's built-in tooling primarily; some apps may use a third-party crash reporter. The specific app's App Store privacy card lists what's used.
  • Email & communication providers: the mail platform we use to receive your @dropouts.in emails.
  • Professional advisers: lawyers, accountants and auditors, where strictly necessary and under professional confidentiality.
  • Authorities: where we are legally compelled by a valid court order, subpoena or similar instrument. We push back where we can.

We do not sell personal data within the meaning of the CCPA / CPRA, and we do not "share" personal data for cross-context behavioural advertising. We have no business model that involves doing so.

07International data transfers

We are based in India. Some of the providers we use (AWS, Apple, Google, our email host) may store or process data in the EU, UK, US or other regions.

Where personal data of EU/UK users is transferred outside the EEA / UK to a country without an EU adequacy decision, we rely on appropriate safeguards under GDPR Article 46, typically the European Commission's Standard Contractual Clauses (2021/914) and, for UK transfers, the UK Information Commissioner's International Data Transfer Addendum. We also assess transfer impact under the Schrems II framework.

You can request a copy of the safeguards in place by writing to [email protected].

08How long we keep your information

We keep personal data only as long as necessary for the purpose we collected it.

  • Support emails: up to 24 months after the last reply, then deleted, unless we need them longer for a legal claim.
  • Crash logs & aggregated analytics: 12 months, after which they are aggregated into statistics and the original event records are deleted.
  • Server access logs (including IP): 30 days, except where a security investigation is open.
  • Subscription / purchase records: as long as required under applicable tax and accounting law (typically 7 years in India).
  • Optional cloud-synced app content: until you delete it from the app or close the account.

When we no longer need the data, we delete it or irreversibly anonymise it.

09How we keep your information safe

We use a layered approach: encryption in transit (TLS 1.2+), encryption at rest for backups, principle-of-least-privilege access controls, security-patch management, and short retention windows. We also rely on platform-level protections from Apple and Google.

No system is unbreakable. If a personal-data breach happens that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33, and we will notify affected users without undue delay where Article 34 applies.

10Cookies & tracking technologies

The dropouts.in website is a static marketing site and currently uses no cookies, no advertising trackers, no fingerprinting and no analytics that set persistent identifiers. You don't see a cookie banner because there is nothing to consent to.

Our apps do not use web cookies. Some apps store small preference files locally on your device using the platform's standard storage APIs (UserDefaults on iOS, SharedPreferences on Android). Those stay on your device, are deleted when you uninstall the app, and are never transmitted to us.

If we ever introduce optional analytics or marketing cookies on the website, we will add a clear consent banner that meets the ePrivacy Directive and GDPR consent standard (granular, freely-given, specific, informed, unambiguous, and as easy to refuse as to accept).

11Children

Our services are not directed at children. We do not knowingly collect personal data from children:

  • Under 16 in the EU/EEA (or the lower age your member state has set under GDPR Article 8, which can be 13–16).
  • Under 13 in the United States (per COPPA) and the United Kingdom.
  • Under 18 for certain India-specific obligations under the Digital Personal Data Protection Act, 2023.

If you believe a child has provided us personal data, write to [email protected] and we will delete it promptly.

12Your rights (EU, UK, EEA, Switzerland)

If GDPR or the UK GDPR applies to you, you have all of the following rights, free of charge, and we will respond within one calendar month (extendable by two months for complex requests, with notice).

Right of access (Art. 15) Ask for a copy of the personal data we hold about you.
Right to rectification (Art. 16) Ask us to correct inaccurate or incomplete data.
Right to erasure (Art. 17) "Right to be forgotten." Ask us to delete your data, subject to a few legal exceptions.
Right to restrict (Art. 18) Ask us to pause processing while we sort out a dispute about accuracy or lawful basis.
Right to portability (Art. 20) Get a copy of the data you provided in a machine-readable format, and ask us to send it elsewhere where technically feasible.
Right to object (Art. 21) Object to processing based on legitimate interests, including profiling. We will stop unless we show compelling legitimate grounds that override your rights.
Right to withdraw consent (Art. 7(3)) Where processing is based on consent, withdraw at any time without affecting the lawfulness of earlier processing.
Right to lodge a complaint (Art. 77) Complain to your national data-protection authority. The full list is at edpb.europa.eu/about-edpb/about-edpb/members. Swiss residents: edoeb.admin.ch. UK residents: ico.org.uk.

To exercise any right, email [email protected] with the subject line "Privacy request". We may need to verify your identity before responding, especially for access or deletion requests, to make sure we are not handing your data to someone else.

13Your rights (United States)

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, Texas, or another US state with a comprehensive privacy law, you have the right to:

  • Know / access what personal information we have collected, used, disclosed and (where applicable) sold.
  • Delete personal information, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt out of "sale" or "sharing" for cross-context behavioural advertising. We don't do either, so there's nothing to opt out of, but the right exists and we honour it.
  • Limit use of "sensitive personal information" beyond what is necessary to provide the service.
  • Be free from retaliation for exercising these rights. We will not deny service, charge a different price, or provide a different level of quality because you exercised a right.

Send a request to [email protected]. You may use an authorised agent. We will respond within 45 days, extendable by another 45 days with notice.

14Automated decisions & profiling

We do not make decisions about you based solely on automated processing that produces legal effects or similarly significant effects (Article 22 GDPR). We do not build behavioural advertising profiles or sell scores about you to anyone.

Some apps include on-device features that use machine learning (for example, identifying a vehicle in a photo). These run locally on your device, do not send personal data to our servers for that purpose, and are described on the relevant App Store privacy card.

15Changes to this policy

We update this policy when our practices change, when the law changes, or when a clearer way to say something occurs to us. The "Last updated" date at the top reflects the most recent version. For material changes, we will post a prominent notice on this page and, where we have your email and the change affects you, we will email you. If you keep using the services after a material change, you accept the updated policy.

16Contact us

For privacy questions, requests under any of the rights above, or to escalate a concern:

Email: [email protected]
Postal address: Dropouts Technologies LLP, 605 Teerth Technospace, Mumbai-Bangalore Highway, Baner, Pune, Maharashtra 411045, India.

If you write to us with "Privacy request" in the subject line, your email will be routed straight to the right person. Thank you for reading all the way down here. Most people don't.