Privacy Policy
Effective Date: 15 July 2026
1. Introduction
Droblet Ltd. ("Droblet", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered trade compliance platform.
We comply with the EU General Data Protection Regulation (GDPR) and UK GDPR, ensuring the highest standards of data protection for our users.
2. Data Controller
Droblet Ltd.
Email: privacy@droblet.ai
Address: Droblet Ltd.
3. Information We Collect
3.1 Personal Information
- Name, email address, phone number
- Company name and business information
- Billing and payment information
- Account credentials and authentication data
3.2 Trade and Customs Data
- Customs declarations and trade documents
- HS codes and tariff classifications
- Shipment details and commercial invoices
- Bills of lading and shipping manifests
3.3 Technical Information
- IP addresses and device information
- Browser type and operating system
- Usage data and interaction logs
- API usage and integration data
4. How We Use Your Information
- To provide and maintain our trade compliance services
- To process customs declarations and validate HS classifications
- To comply with legal obligations and regulatory requirements
- To improve our AI models and platform functionality
- To communicate with you about service updates and support
- To detect and prevent fraud and security incidents
5. Legal Basis for Processing (GDPR)
Contract Performance
Processing necessary to fulfill our services under your agreement.
Legal Obligation
Compliance with customs regulations, tax laws, and data protection requirements.
Legitimate Interest
Improving our services, security monitoring, and fraud prevention.
Consent
Marketing communications and non-essential cookies (where applicable).
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your information with:
- Customs Authorities: When required for customs declarations and compliance
- Service Providers: Cloud hosting, payment processing, and analytics (see our Subprocessors list)
- Business Partners: ERP systems, TMS platforms with your explicit consent
- Legal Requirements: When required by law or to protect our rights
7. International Data Transfers
Your personal data is stored and processed on UK-based infrastructure (Amazon Web Services, London region — eu-west-2). We do not transfer your personal data outside the United Kingdom.
If we introduce storage or processing outside the UK in future, we will update this policy and put appropriate safeguards in place before any such transfer takes place.
8. Your Rights
Under GDPR and UK GDPR, you have the following rights:
✓ Right to Access
Request a copy of your personal data
✓ Right to Rectification
Correct inaccurate information
✓ Right to Erasure
Request deletion of your data
✓ Right to Restriction
Limit how we process your data
✓ Right to Portability
Receive data in a structured format
✓ Right to Object
Object to processing for certain purposes
To exercise your rights, contact us at: privacy@droblet.ai
9. Data Retention
We retain your data for as long as necessary to provide our services and comply with legal obligations. Customs-related data may be retained for up to 7 years, or longer where required by applicable laws and regulatory obligations. For more details, see our Data Retention Policy.
10. Security Measures
We implement technical and organisational measures to protect your data, including:
- Personal data — including account details and contact information such as names, addresses, email addresses and phone numbers — is encrypted at rest using AES-256-GCM.
- Database connections are encrypted in transit using TLS (
sslmode=require). - Data is hosted on UK-based servers (Amazon Web Services, London region — eu-west-2).
- Access to personal data is recorded in audit logs.
We do not currently hold ISO 27001 or SOC 2 certification, and have not yet completed a formal third-party penetration test. We will update this policy if that changes. For further details, see our Security Overview.
11. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through our platform.
13. Contact Us
Privacy Inquiries: privacy@droblet.ai
General Support: support@droblet.ai
You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with data protection laws.