Privacy Policy

This Privacy Policy explains how Droopply processes personal data when photographers create galleries and clients select photos.

Data controller

The controller responsible for the processing of personal data in connection with Droopply is:

Karol Decyk
ul. E.Sz. Zarembiny 19/22
85-792 Bydgoszcz
Poland
Email: support@droopply.com

Short overview

Droopply is a tool for photographers that turns a Google Drive folder into a client gallery. Clients receive a gallery link and can mark their favorite photos. Droopply only processes data required for login, gallery creation, preview display, client selection, security, and operation of the service.

Google Drive access

Droopply is designed to work with the photographer's existing Google Drive workflow. The photographer selects a Google Drive folder from which images are processed for a gallery. Droopply uses read-only access to Google Drive only to read selected images, process technical file and folder references, and generate previews for the client gallery.

Droopply cannot use this access to change, delete, upload, move, rename, or share files in Google Drive. Clients never receive direct access to Google Drive content, Google Drive file IDs, OAuth tokens, or direct Drive links. OAuth tokens are stored server-side, are not made public, and are not shared with clients. The Google Drive connection can be disconnected at any time in the Droopply dashboard; this removes the server-side connection and, where technically possible, revokes it with Google.

Google API data and Limited Use

Google data is used only for the gallery functions described here: Google login, connecting Google Drive, reading selected folders, processing image references, and generating or delivering gallery previews.

Droopply does not sell Google data, does not use Google data for advertising, and does not share Google data with third parties except where required for necessary technical infrastructure such as Google/Firebase/Google Cloud. Droopply does not use Google Drive access for general analysis of personal Google data, does not provide a general Google Drive browser, and does not provide a backup service.

Google API Services User Data Policy Compliance

Droopply's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Droopply accesses Google Drive data using the drive.readonly scope only to provide the gallery functionality requested by the photographer. This includes reading selected Google Drive photo folders, generating optimized web previews, and allowing clients to view and select photos without accessing Google Drive directly.

Droopply does not:

sell Google user data
use Google user data for advertising
share Google user data with data brokers or unauthorized third parties
use Google user data to train, tune, or improve artificial intelligence models, large language models, or machine learning systems
expose Google Drive file IDs, OAuth tokens, direct Drive URLs, or original Drive files to gallery visitors

OAuth refresh tokens are stored server-side only. Users can disconnect Google Drive at any time inside Droopply. Disconnecting removes the stored Google Drive access credentials and prevents new Google Drive imports unless the user reconnects Google Drive.

Data processed

Account and login data of the photographer, such as Firebase User ID, email address, and display name.
Gallery metadata, settings, plan information, expiration dates, and client selection data.
Google Drive folder references, file IDs, file names, MIME types, and technical references required to create galleries.
Preview images generated from selected photos and stored or delivered through Droopply infrastructure.
Technical data required for operation, security, abuse prevention, and troubleshooting.

Storage and deletion

Galleries and preview files are time-limited according to the current product concept and plan: Free up to 48 hours, Basic up to 7 days, and Pro up to 30 days. Users can delete galleries, disconnect Google Drive, and delete their account. After expiry or deletion, related preview files should be deleted where technically intended and successfully possible. Legal retention obligations, technical security requirements, and legitimate documentation interests may require longer storage in individual cases.

Recipients and service providers

Personal data may be transmitted to or processed by technical service providers where this is necessary to operate Droopply. This includes Google/Firebase/Google Cloud services such as Google Sign-In, Google Drive API, Firebase Authentication, Cloud Firestore, Firebase Storage, and Cloud Functions.

User rights and contact

Users may have rights to access, correction, deletion, restriction of processing, data portability, objection, withdrawal of consent, and complaint to a competent data protection authority. Questions regarding data protection can be sent to support@droopply.com.