Privacy Policy

How we collect, use, and protect your information

Last updated: 25 May 2026

Privacy Summary

DriplyPay is a creator intelligence platform that tracks payment intent on external platforms (clicks, not amounts) and processes payments through DriplyPay Wallet. We collect minimal information needed to provide analytics and monetization services. We don't sell your data and don't access your external financial accounts.

What We Track

  • • External payment clicks (intent, not amounts)
  • • DriplyPay Wallet transactions (full details)
  • • Profile views and traffic sources
  • • Device/browser information
  • • Geographic location (country/region)

What We Don't Track

  • • External payment amounts (PayPal, CashApp, etc.)
  • • External financial account information
  • • External transaction details
  • • Income from external payment platforms

1. Information We Collect

Account Information

  • Email address (for account creation and authentication via Supabase Auth)
  • Password (encrypted and stored securely by Supabase)
  • Username and display name
  • Profile bio and description text
  • Location (optional, user-provided)

Profile Content

  • Profile image and banner image (stored in Supabase Storage)
  • Social media platform links you choose to display
  • Payment platform links and handles (but NOT payment credentials)
  • Theme preferences and customization settings
  • Profile visibility and section toggles

Analytics Information

  • Profile view counts and timestamps
  • External payment button clicks (intent tracking, not amounts)
  • DriplyPay Wallet transaction data (amount, status, fees, attribution)
  • Social link click events and story interactions
  • QR code scan events
  • Traffic source and referrer information
  • Device type, browser information, and user agent
  • IP address and derived geographic location (country/region level)
  • Session tracking for analytics correlation
  • UTM campaign parameters (when provided)
  • Platform-to-payment correlation metrics

Note: For external platforms (PayPal, CashApp, etc.), we track payment intent (clicks) but not actual amounts or transaction details. For DriplyPay Wallet payments, we track complete transaction data to provide analytics and process payments.

Subscription Information

  • Subscription plan and status for DriplyPay Pro/Agency (managed through Stripe)
  • Billing information for platform plans (stored securely by Stripe, not by us)
  • Trial periods and subscription history
  • Beta access codes (when applicable)

DriplyPay Wallet Information

  • Creator monetisation status and payout profile details
  • Transaction history (tips, content purchases, subscriptions)
  • Payment amounts, fees, and net revenue
  • Platform attribution for each transaction
  • Customer information (email, name for transactions)
  • Payment processor transaction references

DriplyPay Wallet fan payments (tips, pay-per-view, creator subscriptions) are processed through authorised third-party payment service providers. DRIPLYPAY is the merchant of record. We receive and store transaction data to provide analytics, facilitate creator payouts, and apply a 12.5% platform fee. DriplyPay Pro/Agency plans are billed separately via Stripe.

Content Monetization Information

  • Uploaded content files (photos, videos, PDFs, audio, courses)
  • Content metadata (titles, descriptions, pricing)
  • Age verification data (if explicit content is enabled)
  • Subscriber lists and subscription tier settings
  • Content view analytics and engagement metrics
  • Purchase history and content access records
  • Child safety scan results and incident metadata (restricted internal records only — not shared with other users)

Uploaded images and videos are scanned using PhotoDNA technology licensed by Microsoft at no cost before publication. We do not store raw PhotoDNA hash values or expose match details to uploaders.

2. How We Use Your Information

Core Platform Services

  • Create and display your public profile at driplypay.com/yourusername
  • Route visitors to your chosen payment platforms and social links
  • Authenticate your account and maintain security
  • Store and serve your profile images via our CDN
  • Apply your selected theme and customization preferences

Analytics & Intelligence

  • Track profile views and visitor engagement patterns
  • Analyze payment button clicks to show platform performance
  • Provide cross-platform analytics (which social platforms drive most payment intent)
  • Generate traffic source insights and geographic analytics
  • Create creator intelligence reports for Pro subscribers
  • Identify optimal posting times and audience behavior patterns

Communication & Support

  • Send essential service updates and security notifications
  • Provide customer support and respond to inquiries
  • Send billing-related communications (for Pro subscribers)
  • Notify about new features or important platform changes

Platform Improvement

  • Analyze usage patterns to improve our service
  • Debug technical issues and optimize performance
  • Develop new analytics features and insights
  • Ensure platform security and prevent abuse
  • Scan uploaded images and videos for known CSAM using PhotoDNA before publication

Our Privacy Commitment

  • • We never sell, rent, or share your personal information for marketing
  • • We never access your external payment accounts (PayPal, CashApp, etc.)
  • • For external links, we track payment intent (clicks) — not amounts
  • • For DriplyPay Wallet, we process and record transaction data to fulfil payments and provide analytics
  • • We use data to help you succeed, never to create anxiety or surveillance

2.5. Lawful Basis for Processing (UK/EU)

Under the UK GDPR and EU GDPR, we process your personal data based on the following lawful bases:

Contractual Necessity

Processing required to provide DriplyPay services: account creation, profile hosting, payment processing via DriplyPay Wallet, analytics delivery, and subscription management.

Legitimate Interests

Platform security, fraud prevention, service improvement, and essential analytics. We balance our interests against your rights and only process data where our interests do not override yours.

Consent

Optional analytics cookies, marketing communications, and any processing beyond what is necessary for the service. You can withdraw consent at any time.

Legal Obligations

Compliance with tax laws, financial regulations, law enforcement requests, child safety reporting obligations (including NCMEC where applicable), and data protection requirements.

3. What Makes DriplyPay Different

Hybrid Payment Model

For external payment links (PayPal, CashApp, etc.), we route visitors to those platforms—we never see your financial transactions or account balances. For DriplyPay Wallet fan payments, authorised payment service providers process card transactions on our behalf and we track full transaction data to provide analytics and creator payouts.

Intent-Based Analytics

For external platforms, we track payment intent (clicks) rather than actual money. For DriplyPay Wallet, we track complete transaction data including amounts. This gives you strategic insights with full platform attribution.

Cross-Platform Intelligence

We're the first platform to track social media → payment correlation. See which of your Instagram vs TikTok posts actually drive payment intent.

Privacy by Design

Our core business model doesn't depend on selling data or advertising. We make money from Pro subscriptions, keeping your privacy and our incentives aligned.

3. Information Sharing

Your profile information is designed to be public and will be visible to:

  • Anyone who visits your DriplyPay profile
  • Search engines (for profile discovery)

We may share information in these limited circumstances:

  • With your explicit consent
  • To comply with legal requirements or law enforcement
  • To protect our rights, property, or safety
  • In connection with a business transfer or merger

4. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Secure hosting infrastructure

However, no method of transmission over the internet is 100% secure.

5. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data
  • Object to processing of your information
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@driplypay.com or through your account settings.

6. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and security
  • Preference storage
  • Basic analytics
  • Service functionality
See our Cookie Policy for details →

7. Third-Party Services & Infrastructure

Core Infrastructure Partners

Supabase (Database & Authentication)

Handles user authentication, profile data storage, and image hosting. Subject to Supabase's privacy policy and security standards.

Stripe (Pro & Agency platform billing only)

Processes DriplyPay Pro and Agency subscription payments only. We don't store payment card information — Stripe handles billing data securely.

Payment service providers (creator fan payments)

Process tips, pay-per-view purchases, and creator subscription payments on behalf of DRIPLYPAY. These providers handle card authorisation, recurring billing where applicable, and share transaction data with DriplyPay for fulfilment and analytics.

Identity verification provider

Government ID age verification for creators and viewers accessing age-restricted content. Verification is handled by our identity provider; we store verification status, not copies of your ID document.

Microsoft PhotoDNA (child safety screening)

Scans uploaded images and videos for known CSAM hash matches before publication. DriplyPay uses PhotoDNA technology licensed by Microsoft at no cost. Media is sent for hash matching only; match details are kept confidential and are not disclosed to uploaders or other users.

Vercel (Hosting & CDN)

Hosts our application and serves your profile images globally for fast loading.

External Payment & Social Platforms

DriplyPay routes visitors to external platforms (PayPal, CashApp, Instagram, etc.) but we don't control their privacy practices. When you click a payment or social link, you'll be directed to that platform and subject to their privacy policies.

Important: We only store the public links/handles you provide. We never access your accounts on these platforms or see any transaction details.

Data Processing Agreements

All our infrastructure partners are bound by strict data processing agreements and maintain enterprise-grade security standards. We only work with providers who offer equivalent or better privacy protections than we provide.

8. Data Retention & Deletion

Active Accounts

We retain your profile and analytics data for as long as your account is active. This allows us to provide continuous analytics insights and maintain your profile's performance history.

Account Deletion

When you delete your account:

  • Immediate: Your public profile becomes inaccessible
  • Within 7 days: Profile data, images, and settings are permanently deleted
  • Within 30 days: Analytics data and click history are anonymized or deleted
  • Billing data: Handled by Stripe according to their retention policies

Analytics Data Retention

  • Profile views: Retained for analytical insights (anonymized after 2 years)
  • Click events: Retained for platform performance analytics (anonymized after 1 year)
  • Geographic data: Aggregated and anonymized for trend analysis
  • Session data: Automatically expires after 30 days

Legal & Compliance

We may retain certain information longer when required by law, for security purposes, or to resolve disputes. This includes basic account information for legal compliance and anonymized analytics for platform improvement.

9. International Users & Compliance

Global Service, Australian Operation

DRIPLYPAY (ABN 48 125 462 102) is a registered Australian business based in Queensland, serving users globally. Your data is processed according to Australian privacy laws and our privacy-first principles.

Age Requirements

You must be at least 18 years old to use DriplyPay. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected data from someone under 18, we will delete that information promptly.

EU & California Users

EU Users (GDPR): You have additional rights under GDPR including data portability and the right to be forgotten. Contact us to exercise these rights.

California Users (CCPA): You have rights to know what personal information we collect and to request deletion. We don't sell personal information.

Data Transfers

Your information may be transferred to and stored in countries other than your own for service provision. For transfers from the UK/EU, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with adequate data protection (such as the UK adequacy decision). Our infrastructure partners (Supabase, Stripe, Vercel, and our payment service providers) maintain their own compliance mechanisms.

Your Right to Complain

UK Users: If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

EU Users: You may also contact your local data protection authority if you believe your rights have been violated.

Australian Users: You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "last updated" date.

For significant changes, we may provide additional notice through email or platform notifications.

10.5. Data Breach Notification

DriplyPay takes data security seriously. In the event of a data breach that affects your personal information, we will:

  • Notify affected users as soon as practicable, and within 30 days of becoming aware of the breach, where required by the Australian Privacy Act (Notifiable Data Breaches scheme)
  • Report eligible data breaches to the Office of the Australian Information Commissioner (OAIC) as required by law
  • Provide clear information about what data was affected, the likely consequences, and the steps we are taking in response
  • Take immediate action to contain the breach and prevent further unauthorised access

If you believe your account has been compromised, please contact us immediately at privacy@driplypay.com with the subject line "Security Concern".

Contact Us About Privacy

If you have any questions about this Privacy Policy, your data rights, or how we handle your information, please contact us:

General Privacy Questions

privacy@driplypay.com

Response within 48 hours

Data Rights Requests

privacy@driplypay.com

Include "Data Request" in subject line

Your Data Rights Include:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing of your information
  • Withdraw consent at any time

Quick Access: Most data management can be done directly in your account settings at driplypay.com/profile-editor. For complete account deletion, contact us directly.