Legal
Privacy Policy
Last updated: July 18, 2026
This Privacy Policy explains how SupplierDrop (“we”, “us”, “our”) collects, uses, and protects your personal information when you use our website and product sourcing service (the “Service”). By using the Service, you agree to the practices described here.
1. Information we collect
- Account information — your name, email address, and password (stored as a secure hash by our authentication provider; we never see or store your plain-text password). If you sign in with Google, we receive your name, email, and profile photo from Google.
- Sourcing activity — the products you request, optional notes you attach to requests, and the timestamps of your activity, so we can process your requests and show you their status.
- Technical data — standard log information such as IP address, browser type, and pages visited, used for security and to operate the Service.
2. How we use your information
- to provide and operate the Service, including processing your sourcing requests;
- to contact you about your requests — including via WhatsApp when you initiate a WhatsApp conversation;
- to secure the Service, prevent abuse, and enforce our Terms;
- to improve the Service, using aggregated, non-identifying usage information;
- to send you service-related notices (we do not sell your data or send third-party marketing).
3. WhatsApp communication
When you tap “Source on WhatsApp”, your device opens WhatsApp with a pre-filled message containing the product details and any note you wrote. That conversation happens on WhatsApp and is governed by WhatsApp's own terms and privacy policy. We record the sourcing request itself (product, note, time) in your account so you and our team can track its status.
4. Where your data lives
Your data is stored with Google Firebase (Authentication and Cloud Firestore) in Google Cloud data centres in the United States, protected by industry-standard encryption in transit and at rest. Access is restricted by security rules: you can only read your own profile and requests, and only authorised administrators can access management data.
5. Sharing
We share personal information only:
- with suppliers, to the extent needed to fulfil a sourcing request you initiated;
- with service providers that host and operate our infrastructure (Google Firebase, Render);
- when required by law or to protect our legal rights.
We never sell your personal information.
6. Data retention and deletion
We keep your account data while your account is active. You can request deletion of your account and associated personal data at any time by contacting us; we will delete it within 30 days except where we must retain records to comply with legal obligations.
7. Your rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, contact us using the details below and we will respond within a reasonable timeframe.
8. Security
We use reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, role-based access controls enforced at the database level, and least privilege administrative access. No method of transmission or storage is 100% secure, but we work to protect your information appropriately.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced by email or through the Service. The “Last updated” date at the top shows the current version.
10. Contact
Privacy questions or requests: husnainumer07@gmail.com