Privacy Policy
Learn how we protect your personal information
Effective Date: May 26, 2026
This Privacy Policy describes how referraldrop (hereinafter "we," "us," or "our") collects, uses, and shares personal data of users ("you" or "users") of our website, https://referraldrop.com/, and our browser extension for Chrome and Firefox.
1. Data Controller:
The data controller responsible for the processing of your personal data is:
referraldrop
2. Personal Data We Collect:
We collect the following types of personal data:
- Identity Data: Names, usernames, avatars.
- Contact Data: Email addresses.
- Technical Data: IP addresses, live browsing activity on our website, cookies and session data, and technical request data from the browser extension (such as user-agent and country derived from the request).
- Account Data: Passwords (hashed), country.
- User Content: Referral codes submitted by users, information provided through the contact form.
- Authentication Data: Information collected through third-party authentication services (Google, Twitter, Discord, Reddit) during sign-in/registration.
- Extension Data: Hostname of your active browser tab, search queries entered in the extension popup, a pseudonymous session identifier stored locally in your browser, optional copy/view actions on referral codes, and temporary per-tab match cache in the browser until the tab is closed.
- Advertising Data: Information potentially processed in connection with Google AdSense (if used).
3. How We Collect Your Personal Data:
We collect personal data in the following ways:
- Directly from you: When you register an account, fill out forms (such as the contact form or referral code submission forms), and provide information in your user profile.
- Automatically: Through cookies and other tracking technologies when you browse our website, including your IP address and browsing activity.
- Through the browser extension: When you install and use our Chrome or Firefox extension, we read the hostname of your active tab through the browser tabs API (not the full text or media of the page), send it to referraldrop.com to check for matching referral codes, and may receive search queries and optional analytics when you copy or view a code. Extension API requests are sent without site login cookies (credentials: omit).
- Through Third-Party Authentication Services: When you choose to sign in or register using your Google, Twitter, Discord, or Reddit account, those services may share certain information with us as per their privacy policies.
- From Third Parties: Through Google AdSense when used.
4. Purposes of Processing Your Personal Data:
We use your personal data for the following purposes:
- To provide and maintain our services, including enabling users to find and share referral codes.
- To show referral codes for the site you are visiting through the browser extension, display toolbar badges when codes are available, and improve the extension.
- To manage your account and personalize your experience on our website.
- To send you newsletters and updates (if you have subscribed).
- To analyze and improve our website and services.
- To respond to your inquiries and provide customer support.
- To ensure the security of our website and prevent fraudulent activities.
- For advertising purposes (through Google AdSense).
5. Browser Extension (Chrome / Firefox):
If you install the referraldrop browser extension:
- Current site: We read the hostname of your active tab (not page content) and send it to referraldrop.com to check whether we have referral codes for that site and to show a toolbar badge.
- Search: If you search in the extension popup, your search query is sent to referraldrop.com.
- Local storage: The extension may store a random anonymous session identifier in your browser (localStorage) to group optional analytics events.
- Session cache: The extension may temporarily cache match results per tab in the browser (chrome.storage.session or equivalent) until the tab is closed.
- Analytics: If you copy or view a referral code in the extension, we may record the code ID, drop ID, action type, anonymous session ID, and technical data (such as IP address, browser user-agent, and country derived from the request) on our servers.
We do not sell extension data. We use it only to provide referral-code lookup and related service improvements. We do not read or modify the content of web pages you visit beyond obtaining the tab URL through the browser tabs API.
6. Cookies and Tracking Technologies:
We use essential cookies for the proper functioning of our website. You can manage your cookie preferences through your browser settings.
7. Sharing Your Personal Data with Third Parties:
We may share your personal data with the following categories of third parties:
- Google: For advertising when we use Google AdSense. Please review Google's privacy policies for more information on how they process your data.
- Third-Party Authentication Providers: Google, Twitter, Discord, and Reddit, when you use their services to sign in or register. The data shared is subject to their respective privacy policies.
- Service Providers: We may engage other service providers to assist with website hosting, maintenance, and other operations. We will ensure these providers are contractually obligated to protect your data.
8. International Data Transfers:
If we use services (e.g. Google AdSense) that process personal data of users in the EEA from outside the EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
We will clearly disclose any such transfers in this privacy policy.
9. Data Retention:
User accounts and associated personal data will be deleted after 2 years of inactivity. We may retain certain data for longer periods if required by law or for legitimate business purposes (e.g., security, fraud prevention).
When you delete your account in Settings, we permanently erase your profile, authentication data, referral codes, bookmarks, notifications, and other data linked to your account. We anonymize activity logs that referenced your account (for example, click and view events). Limited records such as redacted email send logs may be kept where necessary for legal or security obligations.
10. Security of Your Personal Data:
We have implemented security measures, including encryption and secure servers, to protect your personal data against unauthorized access, disclosure, alteration, or destruction.
11. Your Rights Under GDPR:
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
- Right to Access: You have the right to request information about the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
- Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data. You can delete your account at any time under Settings → Account → Delete Account, or contact us via our contact form for other erasure requests.
- Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
- Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
To exercise any of these rights, please contact us using the information provided in Section 12.
12. Contact Information for Privacy Matters:
If you have any questions or concerns about this Privacy Policy or our data processing practices, or if you wish to exercise your rights, please contact us at:
https://referraldrop.com/contact [email protected]
13. Children's Privacy:
Our website and browser extension are not intended for children under the age of 16. We do not knowingly collect personal data from individuals under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information.
14. Data Breach Notification:
Under GDPR, we have a legal obligation to notify the relevant supervisory authority (in Germany, the Bayerisches Landesamt für Datenschutzaufsicht - BayLDA) of a personal data breach without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where required, we will also notify affected users.
15. Updates to this Privacy Policy:
We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. We will post any changes on this page and, if the changes are significant, we may provide a more prominent notice. The date of the last update will be indicated at the top of the policy.