Privacy Policy

Last updated: November 11, 2025

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and explains Your privacy rights and how the law protects You. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

Words with initial capital letters have meanings defined below. The following definitions apply regardless of whether they appear in singular or plural.

Definitions

• Account means a unique account created for You to access our Service or parts of our Service.
• Business, for the purpose of the CCPA, refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of processing.
• Company (referred to as either “the Company”, “We”, “Us” or “Our”) refers to TagOnDrop. For the purpose of the GDPR, the Company is the Data Controller.
• Consumer, for the purpose of the CCPA, means a natural person who is a California resident.
• Cookies are small files placed on Your Device containing details of Your browsing history and other data.
• Country refers to Victoria, Australia.
• Data Controller, for the purposes of the GDPR, refers to the Company which determines the purposes and means of processing Personal Data.
• Device means any device that can access the Service such as a computer, phone, or tablet.
• Do Not Track (DNT) is a preference You can set in some web browsers to inform websites that You do not want to be tracked.
• Personal Data is any information that relates to an identified or identifiable individual. For GDPR, this includes names, IDs, location data, online identifiers, and factors specific to identity. For CCPA, it includes information that identifies, relates to, describes, or could reasonably be linked to You.
• Sale, for the purpose of the CCPA, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a Consumer’s personal information to another business or a third party for valuable consideration.
• Service refers to the TagOnDrop website and application.
• Service Provider means any person or company that processes data on behalf of the Company. Under GDPR, Service Providers are Data Processors.
• Usage Data refers to data collected automatically, generated by use of the Service or by the Service infrastructure itself.
• Website refers to TagOnDrop, accessible from https://tagondrop.com and https://my.tagondrop.com.
• You means the individual using the Service, or the company or other legal entity on behalf of which such individual uses the Service. Under GDPR, You may be the Data Subject.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide certain personally identifiable information that can be used to contact or identify You. This may include:

• Email address
• First and last name
• Organization details

Usage Data

Usage Data is collected automatically when using the Service. It may include Your IP address, browser type and version, pages visited, time and date of visits, time spent, device identifiers, and diagnostics. On mobile, it may include device type, OS, device IDs, and browser type.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies (beacons, tags, scripts) to track activity and store information. You can instruct Your browser to refuse Cookies, but some parts of the Service may not function. We use both session and persistent Cookies:

• Necessary / Essential Cookies (Session, administered by Us): enable core functionality and prevent fraudulent use.
• Policy / Notice Acceptance Cookies (Persistent, administered by Us): remember consent choices.
• Functionality Cookies (Persistent, administered by Us): remember preferences such as login or language.
• Tracking and Performance Cookies (Persistent, administered by third parties): analyze traffic and usage to improve the Service and test new features.

For more information about cookies and choices, see our Cookies section or policy if provided.

Use of Your Personal Data

The Company may use Personal Data for:

• Providing and maintaining the Service, including monitoring usage.
• Managing Your Account and access to features available to registered users.
• Contract performance for subscriptions and any other agreements.
• Contacting You by email or other channels for operational notices and updates.
• Marketing about similar goods or services unless You opt out.
• Managing requests You submit.
• Business transfers such as mergers or acquisitions.
• Other purposes such as data analysis, trend identification, campaign effectiveness, and improving the Service.

Sharing Your Personal Information

• With Service Providers to monitor and analyze usage or to contact You.
• For business transfers in connection with mergers, acquisitions, or asset sales.
• With Affiliates who will be bound by this Privacy Policy.
• With business partners to offer certain products, services, or promotions.
• With other users in public areas where information may be visible to others.
• With Your consent for any other purpose.

Retention of Your Personal Data

We retain Personal Data only as long as necessary for the purposes set out in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Usage Data is generally retained for a shorter period unless needed for security, functionality improvement, or legal compliance.

Transfer of Your Personal Data

Your information may be transferred to and maintained on servers outside Your jurisdiction. We will take reasonable steps to ensure Your data is treated securely and in accordance with this Policy and that no transfer occurs unless adequate controls are in place.

Disclosure of Your Personal Data

Business Transactions

If We are involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data becomes subject to a different policy.

Law Enforcement

We may disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities.

Other Legal Requirements

• Comply with a legal obligation
• Protect and defend Our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public
• Protect against legal liability

Security of Your Personal Data

No method of transmission or storage is 100% secure. We use commercially acceptable means to protect Personal Data but cannot guarantee absolute security.

Detailed Information on Processing

Some Service Providers may access Your Personal Data to provide analytics, communications, infrastructure, or security.

Analytics

• Google Analytics — Privacy policy: https://policies.google.com/privacy. Opt-out add-on available.
• Matomo — Privacy policy: https://matomo.org/privacy-policy
• Clicky — Privacy policy: https://clicky.com/terms
• Statcounter — Privacy policy: https://statcounter.com/about/legal/
• Mixpanel — Terms: https://mixpanel.com/terms/, Opt-out: https://mixpanel.com/optout/

Email Marketing

We may send newsletters or product updates. You can opt out via the unsubscribe link. We may use providers including Mailchimp, AWeber, GetResponse, and SendGrid (Twilio). See their respective privacy policies.

Security and Abuse Prevention

• Google reCAPTCHA may be used to protect forms. Privacy: Google Privacy Policy.

GDPR Privacy

Legal Bases

• Consent
• Contract performance
• Legal obligations
• Vital interests
• Public interest
• Legitimate interests

Your Rights

• Access, update, or delete Personal Data
• Correction
• Objection to processing
• Erasure
• Data portability
• Withdraw consent

CCPA Privacy

Categories Collected (past 12 months)

• A: Identifiers — collected
• B: Customer Records (Cal. Civ. Code 1798.80(e)) — may be collected
• F: Internet or similar network activity — collected
• Other categories listed in CCPA — not collected unless specified

Sources

• Directly from You (forms, account setup)
• Automatically from Your use of the Service (logs, telemetry)
• From Service Providers (analytics, infrastructure)

Use and Disclosure

Personal information may be used or disclosed for business or commercial purposes listed above. When disclosed, recipients are bound to confidentiality and use limits.

Sale and Share

We do not sell Personal Data of known minors under 16. You may opt out of “sale” or “sharing” as defined by CCPA by contacting Us.

Your CCPA Rights

• Notice
• Access / portability
• Deletion (with exceptions)
• Opt-out of sale/share
• Non-discrimination

To exercise rights, contact: [email protected]. We will verify requests as required by law.

Do Not Track

Our Service does not respond to DNT signals. You can set DNT in Your browser; third-party sites may respect it according to their policies.

Children’s Privacy

Our Service does not address anyone under 13. If You believe a child has provided Personal Data, contact Us. If we learn that we collected such data without parental consent, we will delete it.

Australian Privacy Act — International Transfers

Where disclosure is subject solely to Australian privacy laws, You acknowledge some recipients may not be regulated by the Privacy Act or Australian Privacy Principles, and redress may not be available under that Act.

Links to Other Websites

Our Service may contain links to third-party sites not operated by Us. Review their privacy policies. We have no control over and assume no responsibility for their content or practices.

Changes to this Privacy Policy

We may update this Policy from time to time. We will post the new Policy on this page and update the “Last updated” date. Review this Policy periodically.

Contact Us

If you have questions about this Privacy Policy, contact: [email protected]