Legal

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy explains how DropOnAir collects, uses, and protects personal data, and the rights you have under the EU General Data Protection Regulation (GDPR) and applicable Dutch law.

1. Who we are

DropOnAir is a company registered in the Netherlands (Chamber of Commerce / KVK number 42031321). For personal data we process about our own customers and website visitors, DropOnAir is the data controller. You can reach us about privacy matters at info@droponair.com.

2. Controller and processor roles

When you, as a customer, use DropOnAir to handle personal data of your own end users, you are the data controller for that data and DropOnAir acts as a data processor on your behalf. That processing is governed by our Data Processing Agreement (DPA), available on request.

This Privacy Policy describes the data for which DropOnAir is the controller, primarily account, billing, support, and website data.

3. Data we collect

  • Account data Name, email address, organisation details, and authentication information you provide when creating and managing an account.
  • Billing data Plan, billing contact, and transaction records. Card details are handled directly by our payment processor and are not stored by us.
  • Usage and technical data Aggregate usage metrics (such as message and call volumes used for metering), API request metadata, log data, IP address, and device or browser information used to operate and secure the Service.
  • Support data The content of tickets, emails, and other communications you send us.
  • Website data Information collected through essential and limited analytics cookies described in our Cookie Policy.

4. Encrypted content and our relay model

The platform operates as an encrypted relay. For end-to-end encrypted traffic, we transport encrypted payloads between participants and do not hold the encryption keys or have access to the plaintext content of messages, calls, or attachments. We process the routing and delivery metadata needed to relay that traffic and to meter usage.

5. How we use data

  • to provide, maintain, and secure the Service;
  • to authenticate accounts and prevent abuse and fraud;
  • to meter usage and process billing;
  • to provide support and respond to your requests;
  • to send service and administrative communications; and
  • to comply with legal obligations.

6. Legal bases

Under the GDPR we rely on the following legal bases:

  • Contract, to provide the Service you have signed up for;
  • Legitimate interests, to secure, improve, and operate the Service, balanced against your rights;
  • Legal obligation, to meet accounting, tax, and other legal requirements; and
  • Consent, where required, for example for certain cookies, which you can withdraw at any time.

7. Sharing and subprocessors

We do not sell personal data. We share data only with service providers that help us operate the Service, under appropriate contractual safeguards. These include providers for cloud infrastructure and hosting, payment processing, and email and support tooling. A current list of subprocessors is available to customers on request via info@droponair.com. We may also disclose data where required by law.

8. International transfers

Where personal data is transferred outside the European Economic Area, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with additional measures where needed.

9. Data retention

We keep account and billing data for as long as your account is active and as required to meet legal and accounting obligations. Operational and usage data is retained for the periods needed to run and secure the Service. Retention of customer end-user data handled through the platform is configurable per plan and is governed by your settings and the DPA. When data is no longer needed, it is deleted or anonymised.

10. Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and monitoring. The end-to-end encrypted relay model means that, for encrypted traffic, we do not have access to message content or keys. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your rights

Subject to applicable law, you have the right to access, rectify, or erase your personal data, to restrict or object to processing, to data portability, and to withdraw consent where processing is based on consent. To exercise these rights, contact info@droponair.com.

If your personal data is processed by a DropOnAir customer (where you are their end user), please contact that customer, who is the controller for that data.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

12. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

13. Children

The Service is intended for developers and organisations, not for children. We do not knowingly collect personal data from children.

14. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice. The "last updated" date above reflects the latest version.

15. Contact

For any privacy question or request, contact info@droponair.com.