PopUp
Log inCreate shop

Privacy Policy

Last updated: June 28, 2026

1. Introduction

PopUp("PopUp," "we," "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use https://www.popupdrop.coand related services (the "Service"). It should be read with our Terms of Service.

2. Information we collect

Information you provide

  • Account data: email address, password (hashed), username, display name, avatar, and profile preferences.
  • Authentication: if you use Google sign-in, we receive information from Google such as your name, email, and profile image as permitted by your Google account settings.
  • Seller data: shop names, descriptions, images, stream settings, product listings, and payout onboarding data you provide to Stripe.
  • Transaction data: items purchased or sold, order status, shipping addresses, tracking numbers, and communications related to orders.
  • User content: chat messages, bids, follows, reminder opt-ins, and live-stream metadata.
  • Support: information you send when contacting us.

Information collected automatically

  • Device and usage data: IP address, browser type, device identifiers, pages viewed, and approximate location derived from IP.
  • Cookies and similar technologies: session cookies required for login and security; see Section 8.
  • Realtime presence: viewer counts and room participation during live shops.
  • Error diagnostics: crash and performance data when monitoring is enabled.

Information from third parties

  • Stripe: payment status, Connect account status, and fraud signals.
  • Google: basic profile data when you choose Google sign-in.

3. How we use information

We use personal information to:

  • Create and secure accounts, authenticate users, and prevent fraud and abuse.
  • Operate shops, checkout, auctions, payouts, and order fulfillment workflows.
  • Provide live streaming, chat, reminders, and notifications you request.
  • Communicate about orders, shops, security, and Service updates.
  • Improve, debug, and analyze the Service.
  • Comply with law, enforce our Terms, and protect users and PopUp.

We do not sell your personal information. We do not use your data for third-party advertising based on cross-site tracking.

4. How we share information

We share information in these circumstances:

  • Between buyers and sellers: order and shipping details needed to complete transactions.
  • Service providers who process data on our behalf, including:
    • Supabase — database, authentication, file storage, realtime.
    • Stripe — payments and seller payouts.
    • Vercel — application hosting.
    • Resend — transactional email.
    • Google — OAuth sign-in (if you choose it).
    • Cloudflare Turnstile — bot protection on signup/login.
    • LiveKit — native live video when enabled.
    • Sentry — error monitoring when configured.
  • Legal and safety: when required by law, subpoena, or to protect rights, safety, and security.
  • Business transfers: in connection with a merger, acquisition, or asset sale, subject to this Policy.

Public shop pages, usernames, listings, and chat visible during live events may be viewable by other users.

5. Retention

We retain personal information for as long as needed to provide the Service, resolve disputes, enforce agreements, and meet legal, tax, and accounting obligations. Order and payout records may be kept for several years as required for financial compliance. Chat history may be stored but only recent messages are displayed in the room UI. You may request deletion as described in Section 10; some data may be retained where required by law or legitimate business needs.

6. Security

We use technical and organizational measures appropriate to a marketplace application, including encrypted transport (HTTPS), access controls, and database row-level security. No method of transmission or storage is 100% secure. You are responsible for safeguarding your account credentials.

7. International users

PopUp is operated from the United States. If you access the Service from outside the U.S., your information may be processed in the U.S. and other countries where our providers operate, which may have different data protection laws than your country. By using the Service, you consent to this transfer where permitted by law.

8. Cookies and similar technologies

We use:

  • Essential cookies for authentication sessions and security (including Supabase auth cookies).
  • Turnstile tokens when captcha is enabled on login/signup.

You can control cookies through browser settings, but disabling essential cookies may prevent you from logging in.

9. Communications

We send transactional messages (order confirmations, shipping updates, live alerts, drop reminders) as part of the Service. You may receive emails or push notifications based on actions you take (e.g., opting into reminders or enabling web push). You can disable push in your browser or device settings. We do not send unrelated marketing email without consent where required by law.

10. Your privacy rights

Depending on where you live, you may have the right to:

  • Access personal information we hold about you.
  • Correct inaccurate information.
  • Delete certain information, subject to legal exceptions.
  • Opt out of certain processing where applicable.
  • Not receive discriminatory treatment for exercising privacy rights.

California residents (CCPA/CPRA)

California residents may request to know, delete, or correct personal information. We do not sell personal information. To submit a request, email legal@popupdrop.co. We will verify your request as required by law.

European Economic Area, UK, and Switzerland

Where GDPR or similar laws apply, our legal bases include contract performance, legitimate interests (security, improvement, fraud prevention), and consent where required. You may have rights to access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your local supervisory authority.

To exercise any rights, contact legal@popupdrop.co. We will respond within timelines required by applicable law.

11. Children

The Service is not directed to children under 13 (or 16 in certain jurisdictions), and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we will delete it as required.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version with an updated "Last updated" date and provide additional notice for material changes where required.

13. Contact

Privacy questions or requests: legal@popupdrop.co.