Skip to main content

Privacy Policy

Last updated: April 21, 2026

Summary

We collect your name, email, audio recordings, and basic usage data to run DropaSound. We never sell your data. You can delete your account and all your data at any time. We do not knowingly collect data from anyone under 13.

1. Who We Are

DropaSound is a product of Vibe Works Studio LLC ("we", "us", "our"). Vibe Works Studio LLC operates the DropaSound website and service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Data We Collect

We collect the following categories of personal data:

Account information

Name, email address, username, profile bio, and avatar image. Collected when you register and when you update your profile.

Audio content

Voice recordings you create and upload using the DropaSound studio. These are stored securely on Cloudflare R2 object storage.

Usage data

IP address at login, browser type, pages visited, play counts, and feature usage. Used to improve the Service and detect abuse.

Payment data

Payment card information is collected and processed directly by Stripe Inc. We never see or store your full card number. We store only your Stripe customer ID, subscription status, and last four digits of your card for display purposes.

Communications

If you contact us via the contact page we retain the content of your message and your contact details to respond to you.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide, operate, and maintain the Service
  • To authenticate your identity and secure your account
  • To process subscription payments via Stripe
  • To send transactional emails such as email verification, password resets, and subscription receipts
  • To send service announcements that are necessary to operation
  • To detect and prevent fraud, abuse, and violations of our Terms
  • To improve and develop new features of the Service
  • To comply with our legal obligations

We do not use your data for advertising. We do not sell your data to any third party. We do not use your voice recordings for any purpose other than hosting and serving them to you and other users.

4. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing personal data is:

  • Contract — processing necessary to provide the Service you have signed up for
  • Legitimate interests — security, fraud prevention, and service improvement
  • Legal obligation — compliance with applicable laws
  • Consent — where we have specifically requested your consent such as marketing communications

5. Children's Privacy

Important — COPPA Compliance

DropaSound does not knowingly collect personal information from children under 13 years of age in accordance with the Children's Online Privacy Protection Act (COPPA). Users in the European Union must be at least 16 years old.

If we discover or are notified that we have inadvertently collected personal data from a child under the minimum age we will:

  • Immediately suspend the account
  • Permanently delete all personal data associated with that account
  • Delete all audio recordings and user-generated content
  • Cancel any active subscription and issue a full refund

If you believe a child under the minimum age has registered on DropaSound please contact us immediately via our contact page with the subject line Underage Account Report. We will respond within 48 hours and take immediate action.

6. Cookies

DropaSound uses a minimal number of cookies:

  • Session cookie — a single essential cookie used to keep you logged in during your session. This cookie is required for the Service to function and cannot be disabled.
  • CSRF token cookie — a security cookie that protects your account from cross-site request forgery attacks.

We do not use any third-party tracking cookies, advertising cookies, or analytics cookies. We do not use Google Analytics or any similar tracking service.

7. Third-Party Services

We use a limited number of trusted third-party services to operate DropaSound:

Stripe

Payment processing for Pro subscriptions

Privacy policy →

Cloudflare R2

Secure storage of audio files

Privacy policy →

Your email provider (SMTP)

Sending transactional emails

We do not share your personal data with any other third parties except where required by law.

8. Data Retention

  • Account data is retained until you delete your account
  • Audio files are deleted within 30 days of account deletion
  • Payment records are retained for 7 years as required by financial regulations
  • Login IP logs are retained for 90 days for security purposes
  • Deleted account data is purged from all backups within 90 days

9. Your Rights

Depending on your location you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate personal data
  • Right to erasure — request deletion of your personal data ("right to be forgotten")
  • Right to portability — receive your data in a machine-readable format
  • Right to object — object to processing of your data in certain circumstances
  • Right to restrict processing — request that we limit how we use your data

You can exercise most of these rights directly from your account:

  • Update your profile information on your profile page
  • Delete your account and all data from your profile settings
  • Download your audio files from your profile page

For other requests please contact us via our contact page. We will respond within 30 days. EU residents may also lodge a complaint with their national data protection authority.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data including:

  • All data transmitted over HTTPS with TLS encryption
  • Passwords stored using bcrypt hashing — never in plain text
  • Audio files stored in private cloud storage with access controls
  • Payment data handled exclusively by PCI-DSS compliant Stripe
  • Regular security reviews of our codebase and infrastructure

In the event of a data breach that affects your personal data we will notify you by email within 72 hours of becoming aware of it, in accordance with GDPR requirements.

11. International Data Transfers

Vibe Works Studio LLC is based in the United States. If you are accessing the Service from the European Union or other regions with laws governing data collection and use, your data may be transferred to and processed in the United States. We take steps to ensure that such transfers comply with applicable data protection laws and that your data remains protected to the standard required in your home jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. California Residents — CCPA Rights

If you are a California resident the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

  • Right to Know — you have the right to request that we disclose what personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it
  • Right to Delete — you have the right to request deletion of your personal information subject to certain exceptions
  • Right to Correct — you have the right to request correction of inaccurate personal information
  • Right to Opt Out of Sale — DropaSound does not sell your personal information. This right therefore does not apply, but we commit to never selling your data
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights
  • Right to Limit Use of Sensitive Data — you may request that we limit our use of sensitive personal information to only what is necessary to provide the Service

Categories of personal information collected in the last 12 months

Identifiers: Name, email address, username, IP address
Audio/Visual data: Voice recordings you create
Commercial information: Subscription and payment history
Internet activity: Pages visited, features used, play counts
Geolocation data: General location derived from IP address

To exercise your CCPA rights please contact us via our contact page with the subject line CCPA Request. We will respond within 45 days as required by law. We may need to verify your identity before processing your request.

You may also designate an authorised agent to make requests on your behalf. Authorised agents must provide proof of authorisation.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to report an underage account, please contact us:

Via our contact page — we aim to respond within 2 business days.