Privacy Policy
Last updated: 30 June 2026
1. Who we are
Dripli is operated by Stackedge (Barcelona, Spain). We are the data controller for the personal data you provide when using our service. Contact: hello@getstackedge.com.
2. What data we collect
Account data
- Name and email address (provided at sign-up via Clerk)
- Billing information (processed by our payment provider. We do not store card numbers)
- Account preferences and settings
Usage data
- Actions taken in the app (campaigns created, sequences launched, etc.)
- Analytics on sequence performance (open rates, reply rates)
- Error logs for debugging
Lead data (data you upload or import)
- LinkedIn profile URLs, names, email addresses, companies, job titles
- Message history and reply classifications
- Intent signal data (job changes, funding events, hiring signals)
This data belongs to you. We store it on your behalf to operate the Service. We do not use it for our own purposes, share it with third parties, or train AI models on it.
What we do NOT collect
- Your LinkedIn password. The Chrome extension runs in your browser session. We never see or store your LinkedIn credentials.
- Your personal LinkedIn messages (only the replies to Dripli campaigns are processed)
- Browsing history outside of LinkedIn when the extension is active
3. How we use your data
- To provide and operate the Service
- To send transactional emails (sign-up confirmation, billing receipts)
- To respond to support requests
- To improve the Service (aggregated, anonymised usage analytics only)
- To comply with legal obligations
We do not use your data for advertising, sell it to third parties, or use it to train AI models.
4. Third-party services
We use the following sub-processors to operate Dripli:
- Clerk (clerk.com): authentication and user management
- Vercel (vercel.com): hosting and infrastructure
- Neon (neon.tech): database (EU region)
- OpenAI (openai.com): AI features (Campaign Copilot, reply classification). Message content may be sent to OpenAI for processing. OpenAI does not use this data to train their models under our API agreement.
- Apify (apify.com): intent signal data (hiring, funding)
- Hunter.io (hunter.io): email enrichment (optional)
- Inngest (inngest.com): background job processing
All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security standards.
5. Data retention
- Active accounts: data is retained for the duration of your subscription
- After cancellation: data is retained for 30 days, then permanently deleted
- After account deletion: data is permanently deleted within 30 days
- Billing records: retained for 7 years as required by Spanish tax law
6. Your rights under GDPR
If you are in the EU or EEA, you have the following rights:
- Access: request a copy of the personal data we hold about you
- Rectification: request correction of inaccurate data
- Erasure: request deletion of your data ("right to be forgotten")
- Portability: receive your data in a machine-readable format (CSV export is available in the dashboard)
- Objection: object to processing based on legitimate interests
- Restriction: request that we limit processing of your data
To exercise any of these rights, email hello@getstackedge.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
7. Legal basis for processing
- Contract performance: processing your account data to provide the Service
- Legitimate interests: usage analytics to improve the Service
- Legal obligation: billing records for tax compliance
- Consent: marketing communications (you can unsubscribe at any time)
8. Cookies
Dripli uses essential cookies required for authentication (session tokens managed by Clerk). These are strictly necessary to operate the Service.
With your consent, we also use Google Analytics (GA4) to measure site usage and improve the product. Analytics cookies are optional. You can accept or decline them via the cookie banner on your first visit. You can change your choice at any time by clearing site data in your browser.
We do not use advertising cookies or third-party tracking pixels beyond GA4 when you have given consent.
9. Data security
- All data is encrypted in transit (HTTPS/TLS)
- Database is encrypted at rest
- SMTP passwords (for email multichannel) are encrypted with AES-256 before storage
- Access to production systems is restricted to authorised personnel only
- We use Clerk for authentication. Passwords are never stored by Dripli
10. Data transfers
Our primary infrastructure is in the EU (Neon EU region, Vercel EU). Some sub-processors (OpenAI, Clerk, Inngest) process data in the United States. These transfers are covered by appropriate safeguards including Standard Contractual Clauses (SCCs) under GDPR.
11. Your lead data and GDPR
When you import or generate lead data (LinkedIn profiles, email addresses, etc.), you are the data controller for that personal data. You are responsible for ensuring you have a lawful basis for processing it under GDPR or any applicable law.
Dripli acts as a data processor on your behalf. We process lead data only as directed by you (running sequences, classifying replies, etc.) and do not use it independently.
12. Children
Dripli is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you by email for material changes. The "Last updated" date at the top of this page reflects the most recent version.
14. Contact
Privacy questions or data requests: hello@getstackedge.com
Stackedge · Barcelona, Spain