dropscope
← Back to home

Privacy Policy

Last updated: May 17, 2026

DropScope is an expired-domain intelligence service. This policy explains exactly what data we collect, why, how long we keep it, and who else sees it. The short version: we collect only what we need to log you in and score the domains you ask us to analyse — nothing more.

Who we are

DropScope is operated by the DropScope team. You can reach us any time at hello@dropscope.app. For privacy-specific requests, use privacy@dropscope.app.

What data we collect

  • Account data — email address, a bcrypt-hashed password, optional display name, and plan tier. We never store passwords in plaintext.
  • Domain analysis history — the domains you've submitted for analysis and the resulting DropScore, sub-scores, archive snapshots, WHOIS records, backlinks, and blacklist results. This is the product.
  • Saved filters & watchlists — the searches and groups you create inside your account.
  • Server logs — minimal request logs (path, status, latency) kept for 14 days to debug outages. No IP addresses or fingerprints are persisted alongside your account.

What we don't collect

No social-graph data, no third-party advertising cookies, no behavioural profiling. The landing page works without an account; if you analyse a domain without signing in, we keep only the public domain record (not tied to you).

Third-party services in the analysis pipeline

When you analyse a domain, DropScope forwards the domain name only to the following providers:

  • Internet Archive (Wayback Machine) — to fetch historical snapshots.
  • RDAP / WHOIS registries — to look up registrar and registration dates.
  • OpenPageRank (Domcop) — to fetch authority score.
  • Google Safe Browsing — to check phishing / malware reputation.
  • Azure AI Foundry — to generate the plain-language domain summary. We send only the structured signals (age, authority, spam score, etc.), never your account data.

These providers see the domain you submitted; they do not see your email, password, or any other account information.

Cookies and local storage

We use a single first-party token stored in your browser's localStorage to keep you signed in. We don't use tracking cookies. We don't run third-party analytics on the marketing site.

How long we keep data

  • Account data: as long as your account exists. Deleted on request within 7 days.
  • Domain records: kept indefinitely so your historical reports remain available — but you can ask us to wipe specific domain rows tied to your account.
  • Server logs: 14 days, then permanently rotated out.

Your rights

You can export your account data or request deletion at any time by emailing privacy@dropscope.app. We honour GDPR / CCPA-style requests within 30 days regardless of where you live.

Security

DropScope runs on a Kubernetes cluster with TLS everywhere, Vault-managed secrets, daily database backups, and access logs. We've made best-effort engineering decisions but no system is unbreakable — if you discover a vulnerability, please email security@dropscope.app before disclosing publicly.

Children's privacy

DropScope is intended for SEO professionals, domain investors, and indie builders. We don't knowingly collect data from anyone under 16.

Changes to this policy

We'll update this page when anything material changes and post a short note in the changelog.