SB 362 enforcement is active — non-compliant brokers face fines up to $200/day per consumer. Get compliant now →

Privacy Policy for DropComply

Last Updated: April 19, 2026

1. Introduction

DropComply provides an automated compliance engine for the California Delete Act (SB 362). Because our business is fundamentally built on data privacy and consumer protection, we hold ourselves to the highest standards of transparency, security, and integrity. This Privacy Policy describes how we collect, use, and protect your information.

2. Information We Collect

We categorize the information we handle into two distinct groups:

  • Account & Waitlist Information: When you join our early access waitlist or create an account, we collect your business name, corporate email address, and professional contact information. This data is used solely to manage your access, communicate product updates, and facilitate your onboarding.
  • Processing Information (Consumer Data): As a Service Provider under the California Consumer Privacy Act (CCPA) and the California Delete Act, we process consumer identifiers (names, emails, IDs) provided by our clients for the sole purpose of executing automated deletion requests as required by law.

3. How We Use Information

  • Waitlist Management: We use your business email to keep you informed about our launch timeline and feature rollouts.
  • Compliance Services: We use processing information strictly to execute deletion workflows. We do not sell, license, or monetize the consumer data you process through our platform. We act strictly as a data processor under your instructions.

4. Our Security Posture

We understand that security is non-negotiable for regulated entities. Our platform is architected with a “Privacy by Design” philosophy:

  • Data Encryption (AES-256): All sensitive data, including your waitlist registration details and consumer records, is encrypted at rest using industry-standard AES-256 and in transit using TLS 1.3 to ensure total confidentiality.
  • Audit Integrity (SHA-256): We utilize SHA-256 cryptographic hashing to create immutable audit trails. This ensures that every deletion request is timestamped and tamper-proof, providing definitive proof of compliance for future CPPA audits.
  • Access Controls: We employ strict role-based access controls (RBAC) to ensure only authorized personnel and verified client accounts can access system configurations or processed data.

5. Data Retention

  • Consumer Requests: We retain records of deletion requests only as long as necessary to provide proof of compliance and satisfy audit requirements.
  • Account Data: We retain your account and waitlist information for as long as you maintain an active relationship with DropComply, or until you exercise your right to erasure.

6. Your Rights

We respect your privacy rights, including your right to access, correct, or delete the personal information we hold about you. If you have questions regarding your data or wish to exercise these rights, please contact us at privacy@dropcomply.com.

7. Changes to this Policy

We may update this policy periodically to reflect changes in our practices or regulatory requirements. We will notify you of any material changes via the email associated with your account.