Privacy Policy

Effective Date: 15 July 2026

1. Introduction

Droblet Ltd. ("Droblet", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered trade compliance platform.

We comply with the EU General Data Protection Regulation (GDPR) and UK GDPR, ensuring the highest standards of data protection for our users.

2. Data Controller

Droblet Ltd.

Email: privacy@droblet.ai

Address: Droblet Ltd.

3. Information We Collect

3.1 Personal Information

  • Name, email address, phone number
  • Company name and business information
  • Billing and payment information
  • Account credentials and authentication data

3.2 Trade and Customs Data

  • Customs declarations and trade documents
  • HS codes and tariff classifications
  • Shipment details and commercial invoices
  • Bills of lading and shipping manifests

3.3 Technical Information

  • IP addresses and device information
  • Browser type and operating system
  • Usage data and interaction logs
  • API usage and integration data

4. How We Use Your Information

  • To provide and maintain our trade compliance services
  • To process customs declarations and validate HS classifications
  • To comply with legal obligations and regulatory requirements
  • To improve our AI models and platform functionality
  • To communicate with you about service updates and support
  • To detect and prevent fraud and security incidents

5. Legal Basis for Processing (GDPR)

Contract Performance

Processing necessary to fulfill our services under your agreement.

Legal Obligation

Compliance with customs regulations, tax laws, and data protection requirements.

Legitimate Interest

Improving our services, security monitoring, and fraud prevention.

Consent

Marketing communications and non-essential cookies (where applicable).

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Customs Authorities: When required for customs declarations and compliance
  • Service Providers: Cloud hosting, payment processing, and analytics (see our Subprocessors list)
  • Business Partners: ERP systems, TMS platforms with your explicit consent
  • Legal Requirements: When required by law or to protect our rights

7. International Data Transfers

Your personal data is stored and processed on UK-based infrastructure (Amazon Web Services, London region — eu-west-2). We do not transfer your personal data outside the United Kingdom.

If we introduce storage or processing outside the UK in future, we will update this policy and put appropriate safeguards in place before any such transfer takes place.

8. Your Rights

Under GDPR and UK GDPR, you have the following rights:

✓ Right to Access

Request a copy of your personal data

✓ Right to Rectification

Correct inaccurate information

✓ Right to Erasure

Request deletion of your data

✓ Right to Restriction

Limit how we process your data

✓ Right to Portability

Receive data in a structured format

✓ Right to Object

Object to processing for certain purposes

To exercise your rights, contact us at: privacy@droblet.ai

9. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations. Customs-related data may be retained for up to 7 years, or longer where required by applicable laws and regulatory obligations. For more details, see our Data Retention Policy.

10. Security Measures

We implement technical and organisational measures to protect your data, including:

  • Personal data — including account details and contact information such as names, addresses, email addresses and phone numbers — is encrypted at rest using AES-256-GCM.
  • Database connections are encrypted in transit using TLS (sslmode=require).
  • Data is hosted on UK-based servers (Amazon Web Services, London region — eu-west-2).
  • Access to personal data is recorded in audit logs.

We do not currently hold ISO 27001 or SOC 2 certification, and have not yet completed a formal third-party penetration test. We will update this policy if that changes. For further details, see our Security Overview.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through our platform.

13. Contact Us

Privacy Inquiries: privacy@droblet.ai

General Support: support@droblet.ai

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with data protection laws.