Privacy Policy
Last Updated: September 8, 2025
Version: 2.0
1. Introduction
Welcome to Drooky ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform that connects users with 3D printing partners.
This policy applies to:
- Our website (drooky.io)
- Our mobile applications (iOS and Android)
- Our services connecting you with 3D printing partners
2. Data Controller Information
Controller: Jose Antonio de Leon Vilar II
Address: [To be added]
Email: info@drooky.io
Data Protection Officer: info@drooky.io
3. What Data We Collect
3.1 Data You Provide Directly
- Account Information: Name, email address, password, phone number
- Profile Data: Delivery address, preferences, communication settings
- Payment Information: Processed securely through Stripe and PayPal
- 3D Models: Files you upload for printing
- Communications: Messages with partners, support inquiries
3.2 Data Collected Automatically
- Device Information: Device type, operating system, app version
- Location Data: GPS coordinates (with your consent)
- Usage Data: How you interact with our services
- Cookies: See Section 11 for details
4. Legal Bases for Processing
We process your data based on:
4.1 Contract Performance (Article 6(1)(b) GDPR)
- Creating and managing your account
- Connecting you with 3D printing partners
- Processing orders and payments
- Providing customer support
4.2 Legitimate Interests (Article 6(1)(f) GDPR)
- Improving our services
- Fraud prevention and security
- Direct marketing (with opt-out rights)
- Analytics and business intelligence
4.3 Consent (Article 6(1)(a) GDPR)
- Location data processing
- Marketing communications
- Non-essential cookies
5. Location Data Special Provisions
5.1 Mobile App Location Processing
- Requires explicit consent separate from OS permissions
- Options for precise vs. approximate location
- Real-time processing only
- 30-day maximum retention
- Can be disabled anytime in settings
Important: OS location permissions do not constitute GDPR consent. You can control location sharing in app settings.
6. Data Sharing
6.1 With 3D Printing Partners
We share necessary information to fulfill your orders:
- Contact details
- Delivery address
- Order specifications
6.2 With Service Providers
- Stripe, Inc. (payment processing - US)
- PayPal (Europe) S.ร r.l. et Cie, S.C.A. (payment processing)
- Google Ireland Limited (analytics)
- Meta Platforms Ireland Limited (social media)
We do NOT sell your personal information to third parties.
7. International Data Transfers
7.1 Transfer Mechanisms
For US-based services, we ensure protection through:
- EU-US Data Privacy Framework certification verification
- Standard Contractual Clauses (Commission Decision 2021/914)
- Transfer Impact Assessments for each provider
- Supplementary technical measures including encryption
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Active account + 30 days after deletion |
| Order data | 10 years (legal requirement) |
| Payment data | 10 years (tax requirement) |
| Location data | Maximum 30 days |
| Marketing consent | Until withdrawn |
| Support communications | 3 years |
9. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
- Lodge a complaint with supervisory authorities
To exercise these rights, contact: info@drooky.io
10. Cookies and Tracking
10.1 Essential Cookies (No consent required)
- Session management
- Security features
- Load balancing
10.2 Non-Essential Cookies (Consent required)
- Google Analytics
- Marketing cookies
- Social media integration
10.3 Your Cookie Rights
- Reject All option available
- Consent withdrawal as easy as granting
- Prior consent blocking implemented
- No pre-ticked boxes
11. Children's Privacy
Our services are not directed to individuals under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.
12. Security Measures
We implement appropriate technical and organizational measures including:
- Encryption in transit and at rest
- Access controls and authentication
- Regular security assessments
- Incident response procedures
- Employee training
13. Updates to This Policy
We may update this policy to reflect changes in law or our practices. Material changes will be notified via email or app notification.
14. Contact Us
For privacy questions or to exercise your rights:
Data Protection Officer
Email: info@drooky.io
Address: [To be added]
Supervisory Authority
You may lodge complaints with your local data protection authority.
Effective Date: September 8, 2025
ยฉ 2025 Drooky. All rights reserved.