Effective date: March 25, 2026 Last updated: March 25, 2026
The short version: We collect minimal data. We do not track you. We do not sell or share your information with advertisers. We self-host our analytics and payment systems. You can delete your own data at any time -- no request, no approval, no waiting.
The full version is below.
DROPS is built on a simple principle: collect only what we need, explain everything we do, and give you real control over your information. Privacy is not an afterthought here -- it is a foundational design decision. We have built self-service privacy controls directly into the platform so that you can exercise your rights yourself, instantly, without depending on us to act on your behalf.
All core services -- analytics, email, and payment processing -- are operated on infrastructure we control. We do not rely on third-party advertising platforms, behavioural tracking networks, or data brokers. Where others default to collection, we default to restraint.
This document serves as both our Privacy Policy and our Terms of Use, governed by the laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec's Act respecting the protection of personal information in the private sector (Law 25).
For privacy inquiries, contact our designated privacy officer at contacts@drops.st.
We do not collect or store server logs, IP addresses, browser fingerprints, or browsing histories of our visitors. When you access this platform, your device transmits standard technical information (such as your IP address and browser type) as part of the normal operation of internet protocols. This transmission is inherent to how the internet works and is initiated by your device, your browser, and your internet service provider -- not by DROPS. You are solely responsible for the information your device transmits when accessing any website, and for taking appropriate measures (such as using a VPN or privacy-focused browser) to protect your own privacy in transit. DROPS accepts no liability for data transmitted by your device or intercepted by intermediary networks in the course of your access to this platform.
We want to be explicit about what we deliberately choose not to collect:
We use collected information strictly for these purposes:
We do not use your information for profiling, automated decision-making, behavioural advertising, or any purpose not listed above. If we ever need to use information for a new purpose, we will notify you and obtain consent before doing so.
We do not sell, rent, or trade your personal information to anyone.
We may disclose personal information only in these narrow circumstances:
No third-party advertising or analytics services receive any data from us. Transactional emails are sent from our own mail server -- no external email marketing platform is involved.
DROPS accepts cryptocurrency -- including Bitcoin (BTC) and Monero (XMR) -- as a form of payment. Here is what you should understand:
| Data Type | Retention Period |
|---|---|
| Anonymous analytics | Indefinite (cannot identify individuals) |
| Contact form submissions | 12 months from last communication |
| Account data | While account is active; deleted instantly on your request |
| Transaction records | Minimum 6 years (legal requirement) |
When retention periods expire, data is securely deleted or irreversibly anonymized. We do not retain personal information without a defined purpose.
We implement appropriate technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction:
No system is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security and encourage you to protect your own credentials and wallet keys.
In the event of a security breach involving personal information that creates a real risk of significant harm, we will:
Under Canadian privacy law, you have a number of rights regarding the personal information we collect, use, and disclose. DROPS has gone beyond the legal minimum by building self-service privacy controls directly into the platform, so that you can exercise most of these rights yourself, immediately, without waiting for a response from us.
You have the right to know what personal information we hold about you and to obtain a copy in a structured, commonly used, and machine-readable format. You may exercise this right at any time by using the data export function available in your account profile. This produces a complete, downloadable copy of all personal information associated with your account -- including profile data, order history, saved addresses, and activity records. No approval from DROPS or any shop operator is required.
You have the right to request the deletion of your personal information. You may exercise this right at any time by using the account deletion function in your account profile. When you initiate deletion:
You are not required to submit a written request, wait for a response, or provide justification. The control is in your hands.
You have the right to correct inaccurate or incomplete personal information. You may update your profile information, saved addresses, and contact details directly through your account settings at any time.
You may withdraw your consent to the collection, use, or disclosure of your personal information at any time. You may exercise this right by deleting your account through the self-service function described above, or by contacting us for specific processing activities. Withdrawing consent does not affect the lawfulness of any processing that occurred before withdrawal.
If you believe that your privacy rights have been violated, you may file a complaint with:
We encourage you to contact us first at contacts@drops.st so we may attempt to resolve your concern directly. We will respond within 30 days. There is no fee to exercise any of your rights.
Under PIPEDA, organizations are required to respond to access and erasure requests within 30 calendar days. DROPS does not rely on these timelines. The self-service controls described above allow you to exercise your rights of access, portability, and erasure instantly. We believe that a right you can exercise yourself, immediately, is more meaningful than a right that requires you to ask, wait, and hope for a timely response.
DROPS is designed with privacy controls embedded directly into the platform's architecture. These are not add-on features -- they are core components of the system, reflecting our commitment to privacy by design and by default as required under Quebec's Law 25 and consistent with the expectations of the Office of the Privacy Commissioner of Canada.
As a registered customer, you have the following self-service privacy controls available through your account profile:
| Control | What It Does | Approval Required | Timing |
|---|---|---|---|
| Export your data | Download a complete copy of all personal information we hold about you, in a machine-readable format | None | Immediate |
| Delete your account | Permanently erase your account and all associated personal information from our systems | None | Automatic |
| Delete saved addresses | Permanently remove individual shipping addresses from your profile | None | Instant |
| Update your information | Correct, update, or modify your personal information and preferences | None | Instant |
| Sign out | Destroy your active session and all session data | None | Instant |
No written request is required. No justification is required. These controls are available to you at all times while your account is active.
DROPS operates as a multi-tenant platform, meaning that individual shop operators use our platform to operate their own online stores. Shop operators have the following privacy controls available through their administrative panel:
These controls ensure that privacy compliance does not depend on DROPS acting as an intermediary or bottleneck. The shop operator -- who is closest to the customer relationship -- has the tools needed to act promptly and independently.
DROPS uses two distinct methods of removing personal information:
When you delete your account, the platform applies the appropriate method to each category of data: profile information, contact details, and directly identifying information are deleted; transactional records are anonymized to preserve record integrity. In all cases, the result is the same from your perspective: your personal information is permanently and irreversibly removed and cannot be used to identify you.
Anonymized data is not considered personal information under PIPEDA or Quebec's privacy legislation and is not subject to further access, correction, or erasure requests.
Once your account is deleted or your personal information is erased, the action cannot be undone. We do not maintain backup copies of erased data for the purpose of restoring deleted accounts. If you choose to use the platform again after deletion, you will need to create a new account, and your previous data will not be available.
We strongly recommend that you use the data export function to download a copy of your information before initiating account deletion.
Erasure from DROPS systems does not affect:
This platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from someone under 18, we will take prompt steps to delete that information. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at contacts@drops.st.
The following sections govern your use of the DROPS platform. By accessing or using drops.st, app.drops.st, or any associated subdomains, you acknowledge that you have read, understood, and agree to be bound by these terms.
DROPS is an experimental, early-stage e-commerce platform. The platform is provided on an "AS IS" and "AS AVAILABLE" basis, without warranty or condition of any kind, either express or implied. We make no warranties regarding availability, accuracy, reliability, fitness for a particular purpose, merchantability, or non-infringement.
The platform may be modified, suspended, or discontinued at any time without notice. Features, products, and transactional capabilities displayed may be experimental in nature and may not reflect the terms of any future commercial offering.
Nothing in these terms limits or excludes any rights you may have under applicable consumer protection legislation that cannot be limited or excluded by law.
DROPS is not a financial institution, money services business, virtual currency exchange, custodial wallet provider, or investment platform. We accept cryptocurrency solely as a form of payment for goods and services.
By transacting with cryptocurrency on this platform, you acknowledge:
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, DROPS shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or goodwill, arising from your use of or inability to use the platform, regardless of the theory of liability.
Our total aggregate liability for all claims arising from your use of the platform shall not exceed the greater of (a) the total amount paid by you to DROPS in the twelve months preceding the claim, or (b) CAD $100.
This limitation does not apply to losses arising from our fraud or wilful misconduct, or to any rights that cannot be limited or excluded under applicable consumer protection legislation.
By using this platform, you accept responsibility for:
You agree to indemnify and hold harmless DROPS from claims, damages, or expenses arising from your use of the platform or violation of these terms. This indemnification applies to your breach of these terms, your violation of applicable law, and your infringement of third-party rights.
For privacy inquiries, rights requests, complaints, or questions about these terms:
DROPS -- Privacy Officer Email: contacts@drops.st
The Privacy Officer is the designated person responsible for the protection of personal information under Quebec Law 25. We will acknowledge your inquiry and respond within 30 days.
This document is drafted in alignment with the ten fair information principles of PIPEDA and the requirements of Quebec's Law 25.