Privacy Policy

This explains how DropManager (Webroots) handles personal data. It is a GDPR-oriented template; review with counsel and a DPA with your sub-processors before launch.

Roles

For your account data, DropManager is the controller. For the group/message data you process to run your sales, you (the seller) are the controller and DropManager acts as your processor.

What we process

• Account: email, login/session data.
• Sales operations: WhatsApp group and message content, sender phone numbers/display names, orders, stock, and ledgers — to recognise and tally orders.
• Payments: metadata about payment links and status (funds and card data are handled by Mollie/Stripe, not us).
• Customers: names and addresses you add for fulfilment.

AI processing

Order messages are sent to Anthropic’s API to parse intent. Only the text needed to interpret an order is sent. No advertising or profiling is performed.

Sub-processors

• Supabase — database, auth, realtime (EU region recommended).
• Anthropic — order-intent parsing.
• Fly.io — the WhatsApp worker.
• Mollie / Stripe — payment processing.

Legal basis & retention

We process data to perform our contract with you and on the basis of legitimate interests in operating the Service. Data is retained while your account is active and deleted or anonymised on request, subject to legal retention duties.

Your rights

Under the GDPR you may request access, correction, deletion, restriction, portability, and object to certain processing. Group members can exercise rights via the seller as controller. Contact us to help facilitate requests.

Data requests & questions: arno@webroots.nl