Privacy Policy
Last updated: June 9, 2026
1. Who we are
Rowdrop (referred to as we, us, or our) is a web application that lets you create embeddable forms that write submissions directly to your Notion database. Our website is rowdrop.us. For privacy inquiries, contact us at [email protected].
2. What we collect
We collect only what is necessary to provide the service:
- Account information: Your email address and a hashed (bcrypt) version of your password. We never store your password in plain text.
- Form configuration: Your Notion integration token, Notion database ID, and field mappings you define when creating a form. These are stored to power your forms.
- Billing information: If you upgrade to Pro, your payment is processed by Stripe. We store your Stripe customer ID but never your card details. Those stay with Stripe.
- Submission analytics: We store aggregate submission counts (total and daily) per form to provide the analytics dashboard. We do not store the content of individual submissions.
3. What we do NOT collect or store
- Form submission content: When someone fills out your Rowdrop form, their response is forwarded directly to your Notion database. We do not store or retain the content of individual submissions.
- File upload content: If your form includes file upload or signature fields, submitted files and signature images are stored in Cloudflare R2 (secure cloud storage) and linked into your Notion database as permanent URLs. These files remain in our Cloudflare R2 storage for as long as the associated form exists. Deleting a form does not automatically delete previously uploaded files. To request deletion of specific files, email [email protected].
- Ad trackers and fingerprinting: We do not use advertising trackers, cross-site ad networks, or fingerprinting tools, and we do not sell your data. We do use privacy-first product analytics — see the next item and Section 5.
- Privacy-first analytics: We use PostHog to understand basic website and product usage (such as page views and which features are used). It is configured to be privacy-respecting: it is cookieless (it sets no analytics cookies and writes nothing to your browser's storage), it does not record your screen or sessions, it does not capture the text you type, and it does not run on public form pages. Page-view URLs are stripped of query strings before being recorded. Analytics requests are routed through our own domain. See Section 5 for details.
- Marketing cookies: We use no marketing or advertising cookies. We set a single secure, HTTP-only authentication cookie to keep you logged in. We also store a theme preference (light/dark mode) in your browser's localStorage. This preference is stored locally on your device and is never transmitted to our servers.
- In-progress form drafts: When someone fills out a Rowdrop form, their in-progress answers are saved temporarily in their own browser's localStorage (under a key like
rowdrop:draft:[form id]) so they don't lose work if they navigate away. This data stays in the browser, is never transmitted to or stored on our servers, and is automatically deleted when the form is successfully submitted.
4. How we use your data
- To authenticate you and keep your session secure
- To store and serve your form configurations
- To process payments and manage your subscription via Stripe
- To send transactional emails, including: account welcome emails, submission notifications (when someone fills out your form), team invitations, and confirmation emails to form submitters if you enable that option
- To provide aggregate submission analytics in your dashboard
Legal basis for processing (GDPR): We process your personal data under the following legal bases: (a) Performance of contract (Article 6(1)(b)): authentication, form storage, payment processing, and transactional emails are necessary to provide the service you signed up for. (b) Legitimate interests (Article 6(1)(f)): security monitoring, fraud prevention, and privacy-first product analytics to improve the service. Because our analytics is configured to be cookieless and does not store or read information on your device, no cookie consent is required under the ePrivacy Directive. We do not rely on consent as a legal basis for any core service processing.
5. Third-party services
- Upstash Redis: We use Upstash to store your account and form configuration data. Upstash is SOC 2 compliant.
- Stripe: We use Stripe for payment processing. Stripe is PCI DSS compliant. See Stripe's Privacy Policy.
- Notion: Form submissions are sent to Notion via their API using the token you provide. See Notion's Privacy Policy.
- Resend: We use Resend to deliver transactional emails (welcome emails, submission notifications, team invitations, and confirmation emails to form submitters). Email addresses processed by Resend are used only for delivery. When form creators enable confirmation emails to submitters, the submitter's email address is shared with Resend for delivery. See Resend's Privacy Policy.
- Cloudflare R2: If you use file upload or signature fields in your forms, files and signature images submitted by your form users are stored in Cloudflare R2 and retained as described in Section 7. See Cloudflare's Privacy Policy.
- PostHog (analytics): We use PostHog (PostHog, Inc., United States) for privacy-first website and product analytics. PostHog receives page views (with query strings removed), basic product-usage events, and device/browser metadata. For signed-in users, analytics events are associated with your account ID. We configure PostHog to be cookieless (no analytics cookies or browser storage), with session recording and autocapture disabled, and we do not run analytics on public form pages. Analytics traffic is proxied through our own domain. See PostHog's Privacy Policy.
- Custom branding: Form creators may display a custom logo hosted at an external URL. When such a form loads, your browser loads that image from the external host, which may receive your IP address. Rowdrop does not control third-party image hosts configured by form creators.
- Webhooks (creator-configured): Form creators may configure a webhook URL (for example, a Zapier, Make, or Slack endpoint). When configured, Rowdrop forwards the content of each form submission to that URL on the creator's behalf. The destination is controlled entirely by the form creator, not by Rowdrop. Form creators are responsible for ensuring any third-party destination they configure complies with applicable privacy laws.
If you are a business using Rowdrop to process personal data on behalf of your own customers, see our Data Processing Agreement.
As a form platform, Rowdrop may process personal data submitted by your form users on your behalf. You, as the form owner, are the data controller for that data. You are responsible for ensuring you have a lawful basis to collect it and for complying with applicable privacy laws.
If your forms collect handwritten signatures or other potentially sensitive personal information, you as the form owner are solely responsible for obtaining any legally required consent from your form submitters and for complying with applicable laws (including state biometric privacy laws such as Illinois BIPA and the California CPRA). Rowdrop does not independently verify that you have obtained such consent.
6. Notion integration token
When you provide a Notion integration token to connect your database, that token is stored securely and used to: (a) forward form submissions to your specified Notion database, and (b) if you use the Notion Templates feature, create new databases in your Notion workspace as you direct. We do not use your token for any other purpose. You can revoke the token at any time from your Notion workspace settings, which will disable any forms that use it.
7. Data retention
- Account and form data: Retained while your account is active, then deleted within 30 days of an account deletion request.
- File uploads and signatures: Files and signature images uploaded through your forms are stored in Cloudflare R2 and retained until you delete the form or request deletion. They are not automatically deleted after forwarding. To request deletion, email [email protected].
- Billing records: Stripe retains payment records for up to 7 years for legal and financial compliance. We retain your Stripe Customer ID for the same period.
- Submission analytics: Aggregate submission counts are retained while your form exists and deleted when you delete the form.
- Product/website analytics: Privacy-first usage analytics held by PostHog are retained for up to 12 months. On an account deletion request, we also delete analytics records associated with your account ID.
You can permanently delete your account and all associated data at any time from your dashboard under Danger zone. Account deletion is immediate and cancels any active subscription. Alternatively, email us at [email protected] and we will process your request within 30 days.
8. Your rights (EEA / GDPR)
If you are located in the European Economic Area, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (right to be forgotten)
- Object to or restrict processing of your data
- Data portability (receive your data in a machine-readable format)
To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.
9. Your rights (CCPA / CPRA - California residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights:
- Right to know: You may request information about the categories and specific pieces of personal information we collect, use, and share. The categories we collect are: identifiers (email, account ID), commercial information (subscription/billing records held by Stripe), and internet or network activity (privacy-first analytics such as page views and product-usage events).
- Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to opt out of sale or sharing: We do not sell or share personal information with third parties for cross-context behavioral advertising.
- Right to correct: You may request correction of inaccurate personal information.
- Right to limit use of sensitive personal information: We do not collect sensitive personal information beyond what is necessary to provide the service.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
To exercise these rights, email us at [email protected]. We will respond within 45 days as required by law. Because we do not sell or share personal information, there is no opt-out required, but you may contact us to confirm this at any time.
10. Do Not Track
Rowdrop does not currently respond to browser Do Not Track (DNT) signals, as there is no industry-standard interpretation of DNT. We do not engage in cross-site tracking.
11. Security
We use industry-standard security practices: bcrypt password hashing, HTTPS-only, secure HTTP-only cookies, and access controls on our infrastructure. No system is 100% secure, but we take reasonable measures to protect your data.
12. Changes to this policy
We may update this policy from time to time. We will notify you of material changes by email to your registered address at least 14 days before the changes take effect. The date at the top of this page reflects the most recent update.
13. Contact
Questions about this policy? Email us at [email protected].