Privacy Policy.

Effective date: 1 June 2026 · Last updated: 3 June 2026 · Version 2.1

This Privacy Policy explains how BlueBlue Ltd, trading as Dripply, collects, uses, shares, and protects your personal data when you use the Dripply mobile application and related services ("Dripply", "we", "us", "our"). It applies to all users of the Dripply app on iOS and Android.

Dripply is a calm, anti-social app for remembering the cafés, places, and small moments you'd otherwise forget. We do not track your location. We do not build advertising profiles. We do not sell your data. This policy explains exactly what we do collect, and why.

1. Who we are

BlueBlue Ltd is a private limited company registered in England and Wales (company number 17244246). Our registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For any privacy-related questions, requests, or complaints, contact us at hello@dripply.co.uk. We are the data controller for personal data processed through the Dripply app.

2. What personal data we collect

2.1 Account data

When you create a Dripply account, we collect:

Email address (used as your login and for service communications)
Username and display name (chosen by you)
Optional profile photo (uploaded by you)
Home city (selected from our list of supported UK cities)
Account creation date and authentication metadata

2.2 Moments and content

When you save a moment in Dripply, we collect and store:

Place data (name, address, Google Place ID, place coordinates from Google Places - never your phone's GPS)
Optional photo you upload
Optional caption (text up to 140 characters)
Mood tag (Calm, Happy, Focused, Tired, or Social) and drink type (Coffee, Tea, or Bite) selected by you
Timestamp of the moment
Like and report counts associated with your content

2.3 What we do NOT collect

We want to be clear about what stays off our systems:

We do not request, access, or store your device GPS location
We do not track your activity across other apps or websites
We do not use Apple's advertising identifier (IDFA) or any cross-app tracking - so iOS users will never see an App Tracking Transparency prompt for Dripply
We do not collect contacts, calendar, microphone, or any sensor data
We do not build advertising or behavioural profiles about you

2.4 Technical data

For app stability and security, we automatically collect:

Crash reports and basic device information (model, OS version, app version) via Firebase Crashlytics - used only to identify and fix bugs
Anonymous installation identifier (Firebase Installation ID) - used for receiving push notifications and basic service delivery
Approximate aggregated usage data (e.g. daily active users, total moments saved per city) - anonymous, used only for product decisions, never tied to your individual profile in reports

2.5 Payment data

If you subscribe to Dripply+, the payment itself is processed by Apple (App Store) or Google (Google Play). We never see or store your payment card details. RevenueCat Inc. helps us verify your subscription status and provides us with an anonymous subscription identifier.

2.6 Website forms data

When you interact with forms on our website (dripply.co.uk), we collect the email address you provide. This applies to:

City vote form - when you vote for your city to be added to Dripply, we collect your email so we can notify you when Dripply launches there.
Newsletter signup - only if you actively tick the opt-in checkbox; we never subscribe you by default.
Contact / account deletion request form - when you contact us about deletion or any other matter, we receive your email address through the form.

Email addresses submitted through website forms are stored and managed by EmailOctopus (see Section 5). They are used only for the specific purpose you provided them, and you can unsubscribe at any time.

3. How we use your data

We use the data described above to:

Provide the core Dripply service (let you save moments, view your timeline, browse city feeds)
Authenticate you and keep your account secure
Display moments you choose to share publicly to other users in the same city feed
Send transactional emails (email verification, password reset, account deletion confirmation, important service notices)
Operate community moderation (handle reports, hide content that violates our Community Guidelines)
Process Dripply+ subscriptions and grant premium features
Improve app stability via anonymised crash reports
Comply with legal obligations (e.g. responding to lawful requests)

We do not use your data for behavioural advertising, or sale to third parties.

4. Legal basis for processing (UK & EU GDPR)

We rely on the following lawful bases under Article 6 of the UK GDPR and EU GDPR:

Contract - to provide the Dripply service you've signed up for
Legitimate interests - for security, fraud prevention, moderation, basic anonymised analytics, and improving the app
Consent - only for optional things like marketing emails (which you must opt in to; the default is unchecked)
Legal obligation - where we must process data to comply with the law

5. Who we share data with

We share limited personal data with carefully chosen processors who help us run Dripply. They act under written contracts and may only process your data on our instructions.

Google LLC (Firebase) - authentication, database, storage, cloud functions, push notifications, crash reporting, Places API
RevenueCat Inc. - subscription management for Dripply+
Resend Inc. - sending transactional and administrative emails
Netlify Inc. - hosting our marketing website and the deep link redirect files (Apple App Site Association and Android assetlinks.json) required by iOS Universal Links and Android App Links
EmailOctopus (trading name of Three Hearts Digital Ltd, a UK company registered at 86-90 Paul Street, London, EC2A 4NE, company number 09897211) - email marketing service used to handle city vote notifications, optional newsletter signups, and form-based contact emails submitted through dripply.co.uk. EmailOctopus is registered with the UK Information Commissioner's Office (ICO) and stores data on Amazon servers within the European Union (Ireland).
Apple Inc. and Google LLC - when you make a Dripply+ subscription purchase through the App Store or Google Play

We do not sell, rent, or trade your personal data with advertisers, data brokers, or any third parties for marketing purposes.

6. Deep links and link sharing

When you share a moment from Dripply, we generate a link hosted on our own domain (dripply.co.uk via Netlify). On iOS this works as a Universal Link, on Android as an App Link, using the standard app_links package for Flutter. If the recipient has Dripply installed, the link opens the app directly. If not, they're redirected to our website.

We do not use a third-party deep linking provider. The redirect files are static, hosted on Netlify, and contain no tracking or analytics. Netlify, as our website host, may log basic technical access information (IP address, browser type) for security and standard hosting purposes - see our Cookie Policy for details.

7. Public vs private content

When you save a moment, it is published to the city feed corresponding to the place you saved (e.g. Bristol). Your username, profile photo, place name, caption, photo, mood, and drink type are visible to other users browsing that feed.

Your home city, email address, and account settings are never visible to other users.

You can delete any of your own moments at any time. Once deleted, they are removed from feeds, your timeline, and our database (some backups may persist for up to 30 days for disaster recovery).

8. Children

Dripply is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has created an account, we will delete it.

9. Your rights

Under UK GDPR and EU GDPR, you have the right to:

Access - request a copy of the personal data we hold about you
Rectification - ask us to correct inaccurate or incomplete data
Erasure (right to be forgotten) - ask us to delete your data (Article 17)
Restriction - ask us to limit how we process your data
Portability - ask us to send you your data in a portable format
Object - object to processing based on legitimate interests
Withdraw consent - at any time, for processing based on consent (e.g. marketing emails)

To exercise any of these rights, email hello@dripply.co.uk. We will respond within 30 days. You can also delete your account directly from the app's Settings → Delete Account (we offer a 30-day grace period during which you can cancel the deletion).

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we've mishandled your data.

10. How long we keep your data

Active accounts - for as long as your account exists
Deleted accounts - permanently removed within 30 days of deletion confirmation (anonymised audit logs may be retained for legal compliance)
Moderation reports and audit logs - up to 12 months, retained without personal identifiers where possible
Crash reports - up to 90 days
Backups - up to 30 days

11. International transfers

Some of our service providers (including Google LLC, RevenueCat Inc., Resend Inc., and Netlify Inc.) are based in the United States, which means your personal data may be transferred outside the United Kingdom and European Economic Area. EmailOctopus (Three Hearts Digital Ltd) is UK-based and stores data within the European Union (Amazon Ireland), so no additional international transfer mechanisms apply.

Where this happens, we rely on appropriate safeguards including the UK International Data Transfer Addendum and Standard Contractual Clauses approved by the European Commission, ensuring your data receives the same level of protection as it would within the UK or EU.

12. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, Firebase Security Rules, and access controls. No system is 100% secure, but we work hard to protect your data and to act quickly if anything goes wrong.

13. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app or by email at least 14 days before the changes take effect. The 'Last updated' date at the top of this document indicates the most recent version.

14. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, contact us:

BlueBlue Ltd (trading as Dripply)
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: hello@dripply.co.uk