Back
Privacy Policy for GDrip
Last Updated: January 2025
Thank you for using GDrip ("we," "us," or "our"). This Privacy Policy outlines how we collect, use, and protect your personal and non-personal information when you use our email automation service.
By accessing or using our service, you agree to the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our service.
1. Information We Collect
1.1 Personal Data
We collect the following personal information from you:
Account Information:
- Name: To personalize your experience and communicate with you
- Email Address: For account management, service updates, and support
- Payment Information: Processed securely through Stripe (we do not store payment details on our servers)
Gmail Integration Data:
- Gmail API Tokens: Stored securely to enable email sending functionality
- Gmail Account Information: Basic account details needed for API integration
Contact Data:
- Contact Lists: Email addresses and contact information you upload for campaigns (only from consenting recipients)
- Campaign Data: Email templates, sending schedules, and campaign settings
- Consent Records: Documentation of recipient consent for email communications
1.2 Non-Personal Data
We collect non-personal information including:
- IP addresses and device information
- Browser type and version
- Usage statistics and analytics
- Service performance metrics
- Email delivery and open rate data
2. Purpose of Data Collection
We collect and use your data for:
- Providing email automation services for legitimate business communications
- Processing payments and managing subscriptions
- Sending service updates and notifications
- Providing customer support
- Improving our service functionality
- Ensuring compliance with email regulations and consent requirements
- Analyzing service performance and usage patterns
- Verifying consent for email recipients
3. CONSENT-BASED EMAILING COMPLIANCE
3.1 Consent Verification
We are committed to ensuring all email communications are sent only to recipients who have given explicit consent. This includes:
- Recipients who have opted in to your email list
- Existing customers who have agreed to receive marketing communications
- Business contacts who have given explicit permission
- Recipients who have engaged with your business and provided their email address
3.2 Consent Documentation
We help you maintain proper consent records by:
- Requiring documentation of consent for all recipients
- Providing tools to track consent sources and dates
- Ensuring compliance with CAN-SPAM Act, GDPR, and CCPA
- Supporting immediate unsubscribe mechanisms
3.3 Prohibited Data Collection
We do not support or allow:
- Collection of email addresses without consent
- Use of purchased or harvested email lists
- Scraping of email addresses from websites
- Sending emails to recipients without explicit permission
4. Use of Google User Data
4.1 Gmail API Scope Usage
gdrip.co only requests the gmail.send scope. This scope is used solely to send emails that the user composes and approves inside gdrip.co.
We do not read, modify, or store the contents of your Gmail inbox, drafts, or labels.
All emails are delivered through the Gmail API and automatically appear in your Gmail "Sent" folder.
4.2 Storage of Tokens
When you connect your Gmail account, we securely store your OAuth tokens in encrypted form.
These tokens are used only to authenticate your requests to send emails.
You can revoke access at any time by disconnecting your account in gdrip.co or from your Google Account Security settings.
4.3 Data Retention
gdrip.co only sends emails when you explicitly schedule or initiate them.
We do not send messages without user action.
Users can disconnect their Google account at any time.
4.4 Sharing of Data
We do not sell, share, or provide your Gmail data to third parties.
Data is only transmitted to Google for the purpose of sending messages you approve.
5. Data Sharing and Third Parties
We do not sell, trade, or rent your personal information. We may share data with:
- Stripe: For payment processing (payment data only)
- Gmail API: For email sending functionality (as described above)
- Service providers: For hosting, analytics, and support (under strict confidentiality agreements)
6. Data Security
We implement industry-standard security measures:
- Encryption of sensitive data in transit and at rest
- Secure storage of Gmail API tokens using industry-standard encryption
- Regular security audits and updates
- Access controls and authentication
- Secure data centers and infrastructure
- Principle of least privilege for all data access
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your data by contacting us. Some data may be retained for legal or regulatory compliance.
8. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate information
- Request deletion of your data
- Opt out of marketing communications
- Export your data
- Withdraw consent for data processing
- Revoke Gmail API access at any time through your Google Account settings
9. Children's Privacy
GDrip is not intended for children under 13. We do not knowingly collect personal information from children under 13.
10. International Data Transfers
Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers.
11. Updates to Privacy Policy
We may update this Privacy Policy periodically. Significant changes will be communicated via email or through our service.
12. Contact Information
For privacy-related questions or requests, please contact us through our website.
13. Compliance
We comply with applicable data protection laws including GDPR, CCPA, and CAN-SPAM Act. We also comply with Google's API Services User Data Policy and maintain transparency about our data usage practices.
14. Gmail API Compliance
Our use of Gmail API complies with Google's requirements:
- We only request the minimum scopes necessary for our service functionality
- We do not access user data beyond what is explicitly needed
- We provide clear information about how we use Gmail API permissions
- We maintain user control and transparency over data usage
- We follow Google's principle of least privilege
- We ensure all emails are sent only to consenting recipients
15. Privacy-First Data Processing
15.1 Local Data Processing
We prioritize your privacy by processing sensitive data locally when possible:
- Contact lists are processed in your browser before sending
- Email templates are stored locally in your browser session
- Campaign data is encrypted before transmission
- We minimize data retention and storage
15.2 Data Minimization
We collect and store only the minimum data necessary:
- Campaign metadata (not email content)
- Delivery status and analytics
- Account information for service provision
- Consent documentation for recipients
- No permanent storage of contact lists or email content
15.3 Encryption and Security
All data is protected with:
- End-to-end encryption for sensitive information
- Secure token storage with industry-standard encryption
- Regular security audits and penetration testing
- Compliance with SOC 2 Type II standards
16. Consent Management
16.1 Consent Collection
We support proper consent collection by:
- Providing tools to document consent sources
- Requiring clear indication of what emails recipients will receive
- Supporting double opt-in mechanisms
- Maintaining consent audit trails
16.2 Unsubscribe Management
We ensure proper unsubscribe handling:
- Immediate processing of unsubscribe requests
- Clear unsubscribe mechanisms in all emails
- Support for list-unsubscribe headers
- Compliance with CAN-SPAM unsubscribe requirements
By using GDrip, you consent to the terms of this Privacy Policy and authorize us to use the Gmail API scopes described above for the purposes outlined in this policy. You also agree to only send emails to recipients who have given explicit consent to receive commercial emails from you.