📣 Changedrop

Privacy Policy

Last updated: April 2025

Overview

Changedrop ("we", "our") takes your privacy seriously. This policy explains what data we collect, why we collect it, and how we handle it. We collect only what we need to operate the Service. We never sell your data.

1. Data we collect

Account data

When you sign up, we store your email address and company/project name. This is used to identify your account and communicate with you.

Content you create

Changelog posts, roadmap items, project settings, and any other content you publish through Changedrop is stored on our servers.

Subscriber emails

When a visitor subscribes to your changelog, we store their email address linked to your project. These are used solely to send update notifications on your behalf.

Analytics events

We record anonymous events (page views, post views, reactions, subscriptions) to power your analytics dashboard. No personally identifiable information is stored in analytics events — we record approximate device type and country, but not IP addresses or precise location.

Billing data

Payment details are handled entirely by Stripe. We store only your Stripe customer ID and subscription status — never your card number or full payment details.

2. How we use your data

  • To provide and operate the Service
  • To send transactional emails (magic links, billing receipts, subscriber notifications)
  • To show you analytics about your changelog performance
  • To contact you about your account or changes to the Service
  • To improve the product based on usage patterns (using anonymised data only)

We do not use your data for advertising. We never sell it to third parties.

3. Third-party services

We use the following sub-processors to operate Changedrop:

SupabaseDatabase and authentication Privacy policy
StripePayment processing Privacy policy
ResendTransactional email delivery Privacy policy
AnthropicAI draft generation (Pro feature) Privacy policy
VercelApplication hosting Privacy policy

4. Cookies and local storage

We use cookies to maintain your login session. The embeddable widget uses browser localStorage (not cookies) to track which posts you've seen and your anonymous session ID for reaction deduplication. No cross-site tracking occurs.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, we delete all associated data within 30 days. Subscriber email addresses are deleted when you delete the project they belong to, or when a subscriber unsubscribes.

6. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data (posts, subscriber list) from your dashboard settings

To exercise any of these rights, email us at hello@changedrop.app. We will respond within 30 days.

7. Security

All data is encrypted in transit (HTTPS) and at rest. We use Supabase with row-level security policies so each user can only access their own data. We do not store passwords — authentication is handled via magic links.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you by email if we make material changes. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

Questions or concerns about this policy? hello@changedrop.app