Privacy Policy

Effective as of: 6 November 2025

DRIP TECH LTD ("Drip Tech", "DripGod", "we", "us" or "our") is committed to protecting your privacy and keeping the DripGod experience fair, safe and transparent.

This Privacy Policy explains how we collect, use, disclose and protect your personal information when you:

• use the DripGod mobile application (currently iOS; Android when available),
• visit our websites (including www.dripgod.io and any promotion-specific pages),
• participate in Roasts, leaderboards, referrals or prize draws ("Draws").

If you do not agree with this Policy, please do not use the Services.

1. Who We Are & Scope

Controller

DRIP TECH LTD
71–75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
Email: support@dripgod.io

We are subject to UK data protection law (UK GDPR, Data Protection Act 2018). Where we target or serve users in the European Economic Area (EEA), we comply with the EU GDPR.

For certain features (e.g. Draws, analytics, anti-fraud) we also process data about users in the United States and other countries, and comply with applicable local laws (including U.S. state privacy laws and biometric/privacy requirements where relevant).

Where Draws are offered, they are governed by separate Official Rules for each promotion. Those rules work together with this Policy.

2. What Information We Collect

We collect information you provide directly, information from your device (including camera), and information we generate to keep DripGod fair and secure.

2.1 Account & Eligibility Data

We collect:

• Email address or social login ID
• Username / display name
• Age or date of birth (to confirm you are 18+)
• Country / state / region of residence
• Password / authentication data (if applicable)

We use this to create and secure your account, operate the app, and determine eligibility for Draws and prizes.

2.2 Biometric & Liveness Data (Roasts)

Our core feature ("Roast") requires a live mirror selfie captured inside the app.

We may collect:

• Selfie images / frames you capture during a Roast
• Liveness signals (e.g. slight movement, depth, angle, lighting change)
• Limited facial geometry / pattern data or similar technical signals used to:
  • confirm that a real person is present now (not a screenshot / AI / printed image),
  • help enforce "one real person ↔ one account",
  • support 18+ checks and content safety,
  • prevent bots, farms and fraud in Roasts and Draws.

We do not:

• use your face data for generalized facial recognition against public databases,
• sell, lease or trade biometric identifiers,
• use liveness/biometric data for targeted advertising.

In some jurisdictions, these signals may be considered biometric information. Where required (e.g. UK/EEA, certain U.S. states), we rely on your explicit consent for biometric/liveness processing, obtained via a separate in-app prompt before your first liveness check (see Section 6).

If you do not consent, features that require liveness (e.g. verified Roasts, certain Draw entries) will not be available.

2.3 User-Generated Content ("UGC")

We collect content you create or submit, including:

• Mirror selfies / outfit photos used for Roasts
• Captions, comments and other text
• Collages and looks you choose to share
• Style scores and related in-app ratings linked to your content

Your UGC may appear in:

• feeds (e.g. "Top Looks"),
• leaderboards,
• in-app winner / highlight sections.

We may remove or restrict content that appears to:

• depict minors,
• violate our community rules (hate, NSFW, illegal content, extremist symbols, etc.),
• be fraudulent or manipulated to game the system.

If a Roast is blocked for violations, you may receive 0 Drips and the Coin used may not be refunded, as allowed by our Terms of Use.

2.4 Drips, Coins & Gameplay Data

We track:

• number and timing of Roasts,
• style scores,
• Drips you earn (including streak and "Golden" bonuses, referrals, in-app actions),
• Drips you spend to enter Draws (entries),
• Coins you receive and spend to trigger Roasts,
• streaks and related bonuses.

Important: Drips, Coins and Entries are virtual items with no cash value. They are not money, not deposits, not securities, and not redeemable or withdrawable. They represent a limited, revocable license to access in-app features (details in Terms of Use).

2.5 Device, Usage & Anti-Fraud Data

We may collect:

• Device type, OS version, language, app version
• IP address and approximate location
• Device identifiers and advertising IDs (where permitted by your settings)
• Log data (timestamps, request metadata, performance)
• Anti-fraud and anti-bot signals (e.g. device fingerprint, patterns of logins, emulator use)

We use this to:

• secure your account,
• detect bots, farms, multi-account abuse and other fraud,
• apply geographic eligibility or content restrictions,
• improve performance and stability.

2.6 Prize & Winner Information

If you are a potential or confirmed winner, we may collect:

• Legal name
• Shipping address, phone, email
• Proof of age / identity / residency (where needed)
• Tax information (e.g. SSN/TIN and W-9 for certain U.S. prizes ≥ $600)
• Any information needed for sanctions / eligibility screening or regulatory compliance

If you do not provide required winner information or do not meet eligibility checks, you may forfeit the prize under the Official Rules.

2.7 Payment Data (Future Paid Features Only)

As of the Effective Date:

• Drips and Coins are not sold for real money.
• If we introduce paid features in the future:
  • payments will be processed by third-party payment providers (e.g. Apple, Google, Stripe, PayPal),
  • we will receive limited payment metadata (e.g. transaction ID, product, amount),
  • we will not store full card numbers,
  • this Policy and our Terms will be updated,
  • paid features will not increase your odds of winning random Draws beyond what is allowed in the Official Rules.

We do not currently collect payment card details directly.

3. How We Use Your Information (Purposes & Legal Bases)

We use your information to:

3.1 Provide & Maintain the Services

• Create and manage your account
• Let you capture Roasts and get AI style scores
• Award Coins and Drips, run streaks and bonuses
• Let you enter Draws using Drips
• Operate leaderboards, feeds and other in-app features

Legal bases: contract (providing requested services); legitimate interests (operate and improve our products).

3.2 Keep DripGod Fair & Safe

• Verify liveness and authenticity
• Enforce 18+ age restriction and content rules
• Detect and prevent bots, farms, fake accounts, multi-account abuse
• Enforce Draw rules and entry caps
• Investigate and prevent fraud, misuse or security incidents

Legal bases: legitimate interests (security, fraud prevention, platform integrity); legal obligations (where applicable).

3.3 Run Draws & Promotions

• Track eligible entries (Drips and AMOE)
• Ensure "no purchase necessary" compliance
• Randomly select winners
• Verify eligibility (age, residency, sanctions)
• Fulfil prizes and handle tax/reporting obligations
• Publish or disclose winner details as allowed/required by Official Rules and law

Legal bases: contract (Official Rules); legal obligations (tax, sanctions, consumer protection); legitimate interests (fair operation of promotions).

3.4 Communicate With You

• Service messages (account, security, wins, streaks, feature changes)
• Changes to this Policy, our Terms, or Official Rules
• Support responses

Legal bases: legitimate interests; legal obligations.

Marketing messages (where offered) are based on your consent or applicable opt-out rights; you can disable them at any time.

3.5 Analytics & Product Improvement

• Understand usage, retention and feature performance
• Debug, prevent crashes and improve UX
• Measure effectiveness of campaigns

Legal bases: legitimate interests; consent where required for certain analytics/ads cookies or IDs.

3.6 AI Roast & Automated Processing

AI-generated scores and feedback are:

• subjective and for entertainment purposes only,
• not medical, legal, employment, credit or other professional assessments,
• not used to make decisions with legal or similarly significant effects on you.

We do not rely on solely automated decisions to deny you statutory rights or equivalent significant effects.

4. Cookies, SDKs & Tracking

We use cookies, SDKs and similar technologies to:

• keep you logged in,
• remember settings,
• measure app and campaign performance,
• support limited analytics and, where applicable, advertising/attribution.

On our websites and in our mobile application, we use third-party cookies, SDKs and pixels to support analytics, attribution and product improvement. These partners include, for example:

• Branch – deep linking and attribution of installs and campaigns;
• Mixpanel – product and behavioral analytics;
• Firebase (Google) – analytics, crash reporting and push notifications;
• Meta (Facebook SDK) – attribution and measurement of the effectiveness of our advertising campaigns.

These providers process device identifiers, IP address, technical events and usage data either as our processors or, in some cases, as independent controllers (depending on their role and applicable law). Our use of these technologies is based on our legitimate interests in analytics, security and service improvement and, where required, on your consent. You can manage your preferences via any cookie banner or preference center we provide, as well as through your device, OS and in-app privacy settings.

Where required by law, we request your consent for non-essential cookies/SDKs. You can manage settings via:

• in-app privacy controls (where available),
• your device and OS settings,
• browser cookie/tracking settings on our websites.

5. How Long We Keep Your Information

We keep personal data only as long as reasonably necessary for the purposes in this Policy, including legal, accounting and reporting requirements.

High level:

• Account data: retained while your account is active and for up to 12 months after last activity, unless longer is required for legal claims, fraud prevention or compliance.
• UGC & Roasts: kept while your account is active; may be deleted or anonymised when you delete content or your account, subject to backups and legal holds.
• Prize / winner data: kept as required for prize fulfilment, audit and tax (typically up to 7 years, depending on jurisdiction).
• Logs & anti-fraud data: kept for security and fraud-prevention for a period proportionate to risk (e.g. months to a few years), then deleted or anonymised.
• Biometric & liveness data follow an additional specific schedule (Section 6).

6. Biometric & Liveness Data — Special Notice

Where our liveness checks or facial geometry data are considered biometric information (e.g. in Illinois under BIPA and similar laws), we apply the following commitments:

We collect such data only for:

• real-time liveness verification,
• account integrity (one real person per account),
• age/safety checks,
• anti-fraud for Roasts and Draws,
• verifying potential winners.

We do not:

• sell, lease, trade or otherwise profit from biometric identifiers or biometric information;
• share them with third parties for advertising.

Retention & deletion:

• We maintain a written retention and deletion schedule.
• We permanently delete or irreversibly de-identify biometric/liveness data upon the earliest of:
  • when the initial purpose for collection is satisfied; or
  • within three (3) years of your last interaction with the Services involving such data,
  unless a longer period is required by law or necessary in connection with an active fraud/security investigation or legal claim.

Consent:

• Where required (e.g. UK/EEA, certain U.S. states), we rely on your explicit, separate consent before first liveness capture.
• You may withdraw this consent at any time through in-app settings or by contacting us. If you do, features requiring liveness may no longer be available, and we will delete related biometric/liveness data (subject to legal/fraud-related retention).

7. How We Share Your Information

We do not sell your personal information for money.

We share information only with:

• Service providers & processors
  Cloud hosting, storage, image processing, analytics, anti-fraud, customer support, moderation, email/push, security and similar vendors, bound by contractual safeguards.
• Payment providers (only if/when paid features exist)
  To process your payments and prevent fraud.
• Prize fulfilment & logistics partners
  To deliver prizes or experiences to verified winners.
• Analytics & attribution partners
  To measure installs, performance and campaigns, subject to your consent/opt-out where required. Some such sharing may be considered a "sale" or "share" under certain U.S. state laws (see Section 10–11).
• Professional advisors
  Lawyers, auditors, insurers for compliance, risk and dispute handling.
• Authorities & law enforcement
  Where required by law, court order, or to protect our rights, users, or others.
• Business transfers
  In connection with a merger, acquisition or sale of assets, your information may be transferred as part of that transaction subject to similar protections.

We do not grant third parties the right to use your biometric/liveness data or sensitive identity data for their own independent advertising or profiling.

8. International Transfers

We are based in the UK and may process data in the UK, EEA, U.S. and other countries.

When transferring personal data from the UK/EEA to countries without an adequacy decision, we use lawful safeguards such as:

• UK/EU Standard Contractual Clauses,
• and, where appropriate, additional technical and organisational measures.

Details can be requested via support@dripgod.io.

If and when we appoint an EU representative under GDPR Art. 27, we will add their contact details here.

9. Your Rights

Your rights depend on where you live. In all cases, you can contact us at support@dripgod.io, and we will respond in line with applicable law.

9.1 UK / EEA

You may have the right to:

• access your personal data,
• correct inaccurate data,
• delete your data ("right to be forgotten"),
• restrict or object to certain processing,
• data portability (for certain data),
• withdraw consent where processing is based on consent (e.g. biometric marketing or optional emails).

You can also complain to your local data protection authority. In the UK, this is the ICO.

9.2 United States (including State Privacy Laws)

Depending on your state, you may have rights to:

• know what categories of personal information we collect and use,
• access specific pieces of personal information,
• correct inaccuracies,
• delete certain information,
• opt out of:
  • "sale" of personal information,
  • "sharing" for cross-context behavioral advertising or targeted advertising.

We do not sell your personal information for money, but we may "share" identifiers with analytics/attribution or ad partners in a way that some laws treat as "sale" or "sharing".

To exercise your rights:

• use in-app privacy / "Do Not Sell or Share" controls where available, or
• email support@dripgod.io with your request.

We will also honour valid Global Privacy Control (GPC) or similar browser-based opt-out signals on our web properties as required by law.

We will not discriminate against you for exercising your privacy rights.

9.3 Other Regions

We will respect applicable local rights in other countries (e.g. access/deletion) in line with this Policy and local law.

10. Do Not Sell or Share My Personal Information

Where required by law (e.g. in certain U.S. states):

• we provide a mechanism to opt out of any processing that may be considered a "sale" or "sharing" of your personal information for targeted advertising;
• we treat supported GPC / universal opt-out signals as valid opt-out instructions for that browser/device, to the extent required.

Opting out does not affect strictly necessary processing (e.g. security, fraud prevention, core features).

11. Security

We use technical and organisational measures designed to protect your information, including:

• encryption in transit and at rest (where appropriate),
• access controls and role-based permissions,
• network security measures and logging,
• periodic security reviews.

No system is perfectly secure, but we aim to detect and mitigate risks promptly.

12. Data Breaches

If we become aware of a data breach that is likely to result in a significant risk to your rights and freedoms, we will:

• investigate and mitigate the incident,
• notify affected users and relevant authorities as required by applicable law.

13. Children

DripGod is for adults 18+ only.

We do not knowingly:

• allow users under 18 to create accounts,
• accept Roasts or selfies from minors,
• let minors enter Draws.

If we learn that a minor has provided personal data, we will delete that data and may terminate the account. Please contact support@dripgod.io if you believe a minor is using DripGod.

14. Draws, Promotions & Winners

For each Draw, we publish Official Rules explaining:

• eligibility (e.g. age, territory),
• "no purchase or payment necessary" conditions,
• AMOE details,
• entry caps per person/household,
• prize descriptions and approximate retail value,
• winner selection and notification,
• any required skill-testing questions (e.g. for Canada),
• how we may announce winners.

This Policy applies to personal data processed for administering Draws. Where the Rules conflict with this Policy on non-privacy points, the Rules govern that Draw; for privacy matters, this Policy controls unless local law says otherwise.

15. User Content, Publicity & External Marketing

Our Terms of Use describe the licence you grant us for UGC.

Short version:

• We may show your UGC in-app (feeds, leaderboards, winner sections) as part of operating and promoting the Service itself.
• For external marketing (ads, website showcases, social campaigns) that clearly features your image or handle, we will:
  • rely on your licence where permitted by law and/or
  • request separate, explicit consent where required (especially in stricter jurisdictions),
  • provide a way to withdraw that consent going forward.

16. Changes to This Policy

We may update this Policy from time to time.

• We will post the updated version with a new "Effective as of" date.
• If we make material changes, we will provide additional notice in-app or by email where appropriate.
• Your continued use of DripGod after changes take effect means you accept the updated Policy. If you do not agree, you should stop using the Services and request deletion of your account.