Privacy Policy
DropStreak is operated by the publisher of the DropStreak Apple App Store and Google Play Store listings (the "Publisher" — also the data controller for this policy).
What we collect
- Email address from Apple or Google sign-in (or Apple's hide-my-email relay address if you use it).
- Display name, only if your sign-in provider supplies one.
- A randomly-generated user ID.
- Your Catching list — the EANs you've tagged.
- Subscription state (Free or Pro) if you start a subscription.
- A push-notification token, while notifications are enabled on your device.
- In-app feedback you submit, with app version, OS version, device model, and a triage snapshot (current screen, sign-in state, subscription tier, watchlist count).
- Crash and error reports, with the stack trace and the same triage snapshot. No screen contents, photos, location, or contacts.
How we use it
- Identify you across sessions so your Catching list persists.
- Send push notifications when products you're watching come back in stock.
- Manage your subscription via Apple/Google billing.
- Diagnose bugs and act on feedback.
Third parties we share data with
| Service | What is shared | Purpose |
|---|---|---|
| Apple ("Sign in with Apple") | Email (or relay address), Apple user ID | Authentication |
| Google ("Sign in with Google", FCM) | Email, Google user ID, FCM token | Authentication, push notifications |
| Firebase Cloud Messaging | FCM token, notification payload (product name + retailer link) | Push delivery |
| Error-monitoring service (Sentry) | Crash stack traces, triage context | Bug diagnosis |
| Subscription-billing service (when Pro is wired) | App user ID, store transaction ID | Subscription state management |
| Database hosting provider | All stored data above | Database hosting (data resides in the EU) |
| Application hosting provider | All in-flight traffic | Application hosting (data resides in the EU) |
All third parties listed are under contractual data-processing terms. Data is encrypted in transit (HTTPS / TLS).
Retention
- Account + Catching list — until you delete the account.
- Feedback reports — kept while relevant for triage.
- Crash reports — typically 30 days, then deleted automatically.
Your rights (GDPR + Norwegian Personal Data Act)
You can request access to, correction of, or deletion of your personal data, request a machine-readable export, or object to specific processing. The fastest way to stop all processing is to delete your account from inside the app.
You can also lodge a complaint with Datatilsynet, or the data protection authority in your country.
Children
DropStreak is not directed at children under 16. We do not knowingly collect data from such children; contact us and we'll delete it if we discover any.
Contact
Email privacy@dropstreak.app. The "Last updated" date at the top of this page reflects the most recent revision.
© 2026 DropStreak.