Dropship Spy Dropship/Spy

Legal

Privacy Policy

Last updated May 10, 2026

Who we are

Dropship Spy ("we", "us") is operated by Glaves & Co. We can be reached at hello@dropship-spy.com. This policy explains what personal data we collect when you use dropship-spy.com, why we collect it, and how we keep it safe.

What we collect

  • Account data: email address, display name, and (for Google sign-in) a Google account identifier. Stored in Firebase Auth + Firestore.
  • Billing data: name on card, last 4 digits, card brand, billing country, invoice history. Stored by Stripe; we never see or store full card numbers.
  • Research data: the product names and URLs you submit, the AI's responses, and the sources cited. Stored against your account so you can reopen past research.
  • Usage data: page views and conversion events (sign up, begin checkout, trial started) via Google Analytics 4 — only after you accept our cookie banner.
  • Operational data: server logs (IP address, request timestamps, user agent) kept for up to 30 days for security and debugging.

What we do with it

  • Authenticate you and provide the product.
  • Charge your subscription via Stripe and email you transactional updates (welcome, trial ending, cancellation).
  • Store your research history so you can revisit it.
  • Improve the product — understand which features are used, fix bugs, prevent abuse.
  • Comply with legal obligations (tax records, fraud prevention).

We do not sell your data, share it with advertisers, or use it to train third-party AI models.

Sub-processors

We rely on the following third parties to run the service:

  • Vercel — application hosting (US/EU regions).
  • Google Firebase — authentication and database (US).
  • Stripe — payment processing (US/EU).
  • Anthropic — Claude API for the research engine. Your queries pass through Anthropic; per their policy they do not train on API traffic.
  • SerpAPI, RapidAPI, Apify — anonymous data lookups (TikTok, AliExpress, Google Shopping, Trends, Amazon, Reddit). We send the query string only; not your account.
  • Resend — transactional email delivery.
  • Google Analytics 4 — usage analytics, gated by your cookie consent.

Cookies

We use a single dsspy_consent cookie/localStorage entry to remember whether you've accepted analytics cookies. Firebase Auth stores a session cookie so you stay signed in. If you accept analytics, Google Analytics drops _ga and related cookies. You can reject or revoke at any time via the consent banner.

Your rights (UK GDPR / EU GDPR / CCPA)

  • Access — request a copy of the data we hold on you.
  • Correction — fix anything that's wrong.
  • Deletion — close your account and we'll delete your data within 30 days, except where we're legally required to keep records (e.g. invoices for 6 years).
  • Portability — get your research history in JSON.
  • Objection / restriction — opt out of analytics any time.

Email hello@dropship-spy.com with your request. We respond within 30 days.

Data retention

  • Account & research data — kept while your account is active. Deleted within 30 days of account closure.
  • Billing records — kept for 6 years (UK tax requirement).
  • Server logs — 30 days.
  • Cancelled subscription metadata (status, cancel date) — kept indefinitely so we can re-activate accounts.

Security

All traffic is HTTPS. Firebase + Stripe + Vercel are SOC 2 compliant. Card numbers never touch our servers. We follow least-privilege principles for staff access. If we ever discover a breach affecting your data we'll notify you within 72 hours.

Changes

We update this policy when our practices change. Material changes are emailed to active subscribers at least 30 days before they take effect.

Contact

Questions about this policy? Email hello@dropship-spy.com.