Skip to main content
Last Updated: October 27, 2025 1. Introduction This Privacy Policy describes how and why Drippi Labs Inc. (“Drippi.ai,” “we,” “us,” or “our”) collects, stores, uses, and shares (“processes”) your information when you use our services (the “Services”). This includes when you:
  • Visit our website at https://www.drippi.ai, or any of our websites that link to this policy.
  • Create an account and use our Twitter/X promotional and lead scraping platform.
  • Engage with us in other related ways, including sales, marketing, or events.
Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@drippi.ai. 2. What Information We Collect We collect personal information from several sources to provide and improve our Services. The types of information we collect depend on how you interact with us. 2.1. Personal Information You Disclose to Us We collect personal information that you voluntarily provide to us when you register for an account, express an interest in our products, or contact us. This information includes:
  • Identifiers: Your name, email address, and username.
  • Professional Information: Your job title and company name.
  • Contact Preferences: Your preferences for receiving marketing communications.
  • Payment Data: We collect data necessary to process your payments, such as your payment instrument number and security code. All payment data is stored and processed by our third-party payment processor, Stripe. You can find their privacy policy here: https://stripe.com/privacy.
2.2. Information from Your Connected Twitter/X Accounts When you connect your Twitter/X account to our Services, you grant us permission to access and process data from that account. This is essential for the core functionality of our platform. This information includes:
  • Profile Information: Your Twitter/X username, profile picture, bio, and other public profile information.
  • Account Activity: We access your account to send direct messages and perform other automation tasks on your behalf as directed by you through the Services.
  • Direct Message Content: We process the content of the direct messages you send through our platform, including the text and the recipients’ information.
  • Analytics Data: We collect data about the performance of your outreach campaigns, such as send rates, reply rates, and other engagement metrics.
We do not control, and are not responsible for, the privacy practices of Twitter/X. We recommend you review their privacy policy to understand how they handle your data. 2.3. Information About Third Parties (Scraped Leads) When you use our lead generation and scraping features, you may collect publicly available information about third parties from Twitter/X. This information may include usernames, profile information, bios, follower counts, and public tweets or posts. Important Information About Third-Party Data:
  • Your Responsibility: You are solely responsible for ensuring that your use of our lead scraping features complies with applicable laws, including data protection laws, and Twitter/X’s terms of service. You must have a lawful basis for processing any personal information you collect through our Services.
  • Data Storage: Information about third parties that you scrape through our Services is stored in your account and is considered part of your Customer Data. We process this data on your behalf as a data processor.
  • Third-Party Rights: If you are a third party whose information has been collected by a Drippi.ai user through our lead scraping features, and you wish to exercise your privacy rights (such as requesting access, correction, or deletion of your information), please contact us at support@drippi.ai. We will work with the relevant user to address your request, or we may direct you to contact the user directly, as they are the data controller for the information they collect.
  • Retention: Scraped lead data is retained for as long as it remains in the user’s account. Users can delete this data at any time through their account settings.
2.4. Information We Collect Automatically When you visit, use, or navigate our Services, we automatically collect certain information. This information does not reveal your specific identity but may include device and usage information. This information includes:
  • Log and Usage Data: Service-related, diagnostic, usage, and performance information, including your IP address, browser type, device characteristics, operating system, and activity within the Services (e.g., features used, pages viewed).
  • Device Data: Information about the computer, phone, or tablet you use to access the Services, including IP address, device and application ID numbers, location, and hardware model.
  • Cookies and Tracking Technologies: We use cookies and similar technologies (like web beacons and pixels) to collect and store your information. For more details, please see our Cookie Policy.
3. How We Process Your Information We process your information for a variety of reasons, depending on how you interact with our Services. Our primary goal is to provide, improve, and administer our Services. We process your information to:
  • Provide and Manage the Services: We use your information to create and manage your account, process payments, and deliver the core functionality of our platform, including sending automated direct messages and scraping public lead information as you direct.
  • Communicate with You: We may use your information to respond to your inquiries, provide customer support, and send you service-related announcements, such as updates to our terms or policies.
  • Improve Our Services: We analyze usage data to understand how our Services are being used, identify trends, determine the effectiveness of our marketing campaigns, and develop new features.
  • Ensure Security and Prevent Fraud: We process your information as part of our efforts to keep our Services safe and secure, including monitoring for fraudulent activity and violations of our Terms of Service.
  • Comply with Legal Obligations: We may process your information to comply with applicable laws, regulations, court orders, or other legal processes.
  • Market Our Services: We may use your information to send you marketing communications about our products and services. You can opt-out of these communications at any time.
4. What Legal Bases Do We Rely On to Process Your Information? We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law. The legal bases we rely on depend on the Services you use and how you use them. We rely on the following legal bases:
  • Performance of a Contract: We process your personal information to provide you with our Services and to fulfill our contractual obligations to you as outlined in our Terms of Service. This includes creating your account, processing payments, and performing the automation tasks you request.
  • Legitimate Interests: We may process your information when we have a legitimate business interest in doing so, and those interests are not outweighed by your rights and interests. This includes improving our Services, ensuring security, preventing fraud, and for our marketing activities. When we process data from your Connected Twitter/X accounts for outreach and related activities, we do so based on our legitimate interest in providing a B2B marketing tool, and your legitimate interest in conducting such activities.
  • Consent: We may process your information for a specific purpose if you have given us your consent to do so. This may include sending you promotional communications or using certain cookies. You can withdraw your consent at any time.
  • Legal Obligations: We may process your information where it is necessary for compliance with a legal obligation, such as to respond to a court order or a request from a law enforcement agency.
5. When and With Whom Do We Share Your Personal Information? We may share your personal information in specific situations with the following categories of third parties.
  • Service Providers (Sub-processors): We share your information with third-party vendors, consultants, and other service providers who perform services on our behalf and require access to such information to do that work. These include payment processors, data analytics providers, cloud hosting services, and customer support tool providers. Our major sub-processors include:
    • Stripe: For payment processing.
    • Google Cloud Platform (GCP) / Firebase: For cloud hosting and infrastructure.
    • Intercom: For customer support and live chat.
    • Google Analytics: For website analytics.
    • Facebook / Meta: For advertising and marketing analytics.
  •   We have contracts in place with our service providers, which are designed to help safeguard your personal information. They are prohibited from using your personal information for any purpose other than to provide the services we have contracted them for.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena.
  • Vital Interests and Legal Rights: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
We do not sell or share your personal information with third parties for their direct marketing purposes. 6. International Data Transfers Your information may be transferred to - and maintained on - computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Specifically, our Services are hosted by Google Cloud Platform (GCP) / Firebase in the United States. If you are accessing our Services from the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please be aware that your information will be transferred to, stored, and processed in the United States. When we transfer your personal information to other countries, we will protect that information as described in this Privacy Policy. We take steps to ensure that international transfers of personal information are subject to appropriate safeguards. For transfers of personal data from the EEA, UK, and Switzerland, we rely on the Standard Contractual Clauses (SCCs) as a legal basis for the transfer. 7. How Long Do We Keep Your Information? We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). Generally, we will keep your personal information for the period of time in which you have an account with us. When your account is terminated, we will either delete or anonymize your information. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. 8. How Do We Keep Your Information Safe? We have implemented a system of organizational and technical security measures designed to protect the security of any personal information we process. These measures include:
  • Encryption: We use encryption (such as SSL/TLS) to protect your data in transit.
  • Access Controls: We limit access to your personal information to employees, contractors, and agents who have a business need to know.
  • Secure Infrastructure: Our services are hosted on secure servers provided by Google Cloud Platform (GCP) / Firebase.
However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Therefore, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. 8.1. Data Breach Notification In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will take the following actions:
  • Notification to You: We will notify affected users without undue delay and, where required by applicable law (such as GDPR), within 72 hours of becoming aware of the breach. Notification will be sent to the email address associated with your account.
  • Information Provided: Our notification will include:
    • A description of the nature of the breach
    • The categories and approximate number of individuals affected
    • The categories and approximate number of personal data records concerned
    • The likely consequences of the breach
    • The measures we have taken or propose to take to address the breach and mitigate its potential adverse effects
    • Contact information for further inquiries
  • Regulatory Notification: Where required by law, we will also notify the relevant data protection authorities of the breach within the timeframes required by applicable law.
  • Remediation: We will take immediate steps to contain and remediate the breach, including conducting a thorough investigation, implementing additional security measures, and working with law enforcement and cybersecurity experts as appropriate.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us at support@drippi.ai. 9. Do We Collect Information from Minors? We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at support@drippi.ai. 10. What Are Your Privacy Rights? In some regions, such as the European Economic Area (EEA), United Kingdom (UK), and California, you have rights that allow you greater access to and control over your personal information. These may include the right to:
  • Access Your Data: Request access to and obtain a copy of your personal information.
  • Request Rectification or Erasure: Request that we correct or delete your personal information.
  • Restrict Processing: Request that we restrict the processing of your personal information.
  • Data Portability: Request that we transfer your personal information to another organization.
  • Object to Processing: Object to our processing of your personal information.
To exercise any of these rights, please contact us at support@drippi.ai. 10.1. California Residents If you are a California resident, you are granted specific rights regarding access to your personal information under the California Consumer Privacy Act (CCPA). You have the right to request that we disclose what personal information we collect, use, and share, and to request that we delete your personal information. You also have the right to opt-out of the sale of your personal information. We do not sell your personal information. To exercise your rights under the CCPA, please contact us at support@drippi.ai or visit our “Do Not Sell My Personal Information” page. 10.2. European Economic Area (EEA) and UK Residents If you are a resident of the EEA or UK, you have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. 11. Do We Make Updates to This Notice? Yes, we will update this notice as necessary to stay compliant with relevant laws. We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date. If we make material changes to this notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information. 12. How Can You Contact Us About This Notice? If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) Jaen, by email at support@drippi.ai, by phone at (443) 994-1537, or by post to: Drippi Labs Inc.
Jaen
551 Rockwood Ct
Annapolis, MD 21401
United States