Welcome to Dropstars, a web application that provides an online reviews and marketing solution owned and and operated by Scozzese Srl. (“we”, “us”, “our”).
This Privacy Policy (for Merchants and Website Visitors) (the “Policy”), which is incorporated into our Terms of Service and our Websites Terms of Service, describes what personal information we collect and the policies and procedures we use regarding your personal information (“You”, “Merchant” and “Website Visitor”) through our dropstars.app and https://dropstars.ai/help/ websites and also through our web application (Together – the “Service”).
We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR and the California Privacy Rights Act (CPRA).
We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR and the California Privacy Rights Act (CPRA).
This Policy may be amended from time to time. We will post any change to this Policy on our Service at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.
If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at support@dropstars.ai or through our online contact form, at: https://dropstars.app/get-in-touch.
| Scenario | Purposes | Categories of information processed |
|---|---|---|
| When you install or access the Service | To identify you and to operate the Service and provide you with its features and functionality; To provide you with technical support and assistance, such as to send you updates and other communications related to the Service. | Information we obtain from your Shopify account: your full name, address, e-mail address and cell phone number. We also obtain details of your Shopify store. |
| When you use the Service – your device information, analytics | For security and monitoring purposes, To understand how you interact with the Service so that we can personalize, develop and improve it | Meta Data – information about your computer or mobile device, your operating system and your browser. Analytics Information – information about your use of the Service. For example, we may record the frequency and scope of your use, action taken while using the Service and the interactions you make with the Service. We also collect Analytic information about your store. |
| Contacting us with an inquiry through our Service or when you ask to obtain a referral link to share with others | To operate the Service and provide you with its features and functionality, responding to your inquiry, our business development | Inquiry Information – Full Name, Email, URL, Business type, and any additional information you may add. You do not have a legal obligation to provide your Inquiry Information; however, if you choose to not share this information with us, we may not be able to respond to your inquiry. |
| When you consent to use your information for marketing purposes | Our marketing purposes | We will use your Information to send you marketing communications about our services, including updates about new services that we believe may be suitable to you. You may opt-out from our marketing communications. You may ‘opt-out’ of using your information for marketing communications by sending an email to: support@dropstars.ai, or as otherwise provided in our marketing communications. By doing so, we will only delete or stop processing the information which is required to contact you for marketing communications, while the rest of the Information which is necessary to provide you with the Service will continue to be processed and used. |
| Use of cookies on the Service | Facilitate a Service feature that the Website Visitor specifically requested, analyze the Service usage to evaluate and improve its performance, improve Website Visitor experience on the Service, inform and serve personalized ads more relevant to the Website Visitor interests | IP address from which you access the Service, time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Service. |
We collect the personal information from several sources:
We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.
| Scenario | Purposes | Third parties involved |
|---|---|---|
| If you violate the law, we will share your information with competent authorities | Responding to, handling, and mitigating suspected violations of law in connection with our business. | Competent authorities, legal counsels, and advisors. |
| If a judicial, governmental, or regulatory authority requires us to disclose your information. | Complying with a binding request from a competent authority. | Competent authorities. |
| If the operation of the Service or our business is organized within a different framework, or through another legal structure or entity. | Enabling a structural change in the operation of the Service and our business. | The target entity of the merger or acquisition, legal counsels, and advisors. |
We retain your information for the duration we need it to operate the Service and our business, to interact with you, and thereafter as needed for record-keeping matters.
We will retain your information for the duration needed to support our ordinary business activities operating the Service and interacting with you. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years.
We implement measures to secure your information
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.
Dropstars is the data Controller for the personal information described in this Policy, such as personal information it collects from its Website Visitors.
Dropstars is the data Processor for the personal information it processes on the User Behalf, as described in our Data Processing Addendum and our Privacy Policy (for Merchant’s Customers).
| Name | Address |
|---|---|
| Scozzese Srl | Scozzese Srl, Via Papa Giovanni XXIII N° 79, 25015 Desenzano del Garda, Brescia – VAT IT03920690983 DPO: Matteo Lanza support@dropstars.ai |
If we transfer your information from within the EU to the United States or other countries, which are not recognized by the European commission as having adequate protection for personal data, we will endeavor to do so under the terms of a data transfer agreement which contain standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.
| Purpose or Scenario | Legal Basis |
|---|---|
| Operate the Service and provide its features and functionality | Performance of our Terms of Service contract with you and our legitimate interest in the operation of the Service |
| Provide you with technical support and assistance | Our legitimate interest in promoting our business by updating Merchants and Website Visitors of new features of the Service and other information pertaining to the Service |
| Marketing purposes | Explicit consent |
| Security and monitoring purposes | Our legitimate interests in monitoring and securing our Service |
| Develop and improve the Service | Our legitimate interest in understanding how the Service is used in order to develop and improve it |
| To allow you to subscribe to the Service and link your chosen plan to your account | Performance of our contract, our legitimate interest in providing you with the Service you requested |
| Responding to your inquiry or referral request | To operate the Service and provide you with its features and functionality, responding to your inquiry, our business development |
| When you provide us with your feedback and reviews | Our legitimate interest in developing and enhancing our business and the Service, responding to your feedback or reviews |
| Use of cookies on the Service | Our legitimate interests in providing you with the Service you requested, tailoring the Service to your preferences |
| Marketing and third party cookies | Consent |
| Responding to, handling, and mitigating suspected violations of law in connection with our business | Legitimate interests in defending and enforcing against violations and breaches that are harmful to our business |
| Complying with a binding request from a competent authority | Legitimate interests in complying with mandatory legal requirements imposed on us |
| Enabling a structural change in the operation of the Service and our business | Legitimate interests in our business continuity |
If you are in the EU or the UK, you have the following rights under the GDPR:
Right to Access and receive a copy of your personal information that we process.
Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
Right to easily and at any time withdraw your consent to us processing your personal data to email you our marketing purposes or to the use of non-essential cookies on our Service. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.
Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.
Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click (http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061).
If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here
If you are an individual residing in California, we provide you with the following information pursuant to the California Privacy Rights Act (CPRA). We do not sell or share your personal information for cross-behavioral advertising and have not done so in the past 12 months.
| Categories of personal information (under the CPRA) | Specific types of personal information collected | Specific business or commercial purpose for collecting personal information from consumers |
|---|---|---|
| Identifiers | Full name, address, e-mail address and cell phone number, details of your Shopify store, IP address |
|
| Professional or employment-related information | Information you provide as part of your Inquiry Information |
|
| Internet or other electronic network activity information, | Time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Service |
|
| Internet or other electronic network activity information, | Time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Service |
|
Disclosures to third parties
The chart below explains what is the personal information we disclosed for a business purpose to third parties in the preceding 12 months.
| Categories of personal information (under the CPRA) | Categories of third parties to whom we disclose your information and the specific business or commercial purpose for the disclosure |
|---|---|
| Identifiers |
|
| Internet or other electronic network activity information |
|
Knowing the personal information we collect about you
You have the right to know:
Right to deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
Please note that we may not delete your personal information if it is necessary to:
We also will deny your request to delete if it proves impossible or involves disproportionate effort, or if another exception to the CPRA applies. We will provide you with a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to delete your information.
Right to correct inaccurate personal information
If we receive a verifiable request from you to correct your information and we determine the accuracy of the corrected information you provide, we will correct inaccurate personal information that we maintain about you.
In determining the accuracy of the personal information that is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested personal information.
We also may require that you provide documentation if we believe it is necessary to rebut our own documentation that the personal information is accurate.
We may deny your request to correct in the following cases:
We will provide you a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to correct your information.
Protection against discrimination
You have the right to not be discriminated against by us because you exercised any of your rights under the CPRA. Exercising your CPRA rights by yourself or through an authorized agent
If you would like to exercise any of your CPRA rights as described in this Policy, please contact us by e-mail at: support@dropstars.ai or through our online contact form, at: https://dropstars.io/get-in-touch.
We will ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require and the nature of your request.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require.
You may also designate an authorized agent to make a request under the CPRA on your behalf. To do so, you need to provide the authorized agent with written permission to do so and the agent will need to submit to us proof that they have been authorized by you. We will also require that you verify your own identity, as explained below.
If you are a Merchant’s Customer and would like to exercise any of your CPRA rights regarding the Information we collect about you on behalf of the Merchant, as described in our Data Processing Addendum and our Privacy Policy (for Merchant’s Customers), please note that we are merely a service provider for that information that follows the Merchant’s instructions. You should submit the request directly to the Merchant, not us.
Do Not Track
Our Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Data about a Merchant’s and Website Visitors’ online activities over time and across third-party web sites or online services. We do allow third parties who provide us with analytics tools, to collect Personal Data about a Merchant’s and Website Visitors’’ online activities when a Merchant or a Website Visitor uses the Service.
Collect videos and photos to accelerate the buying process for new customers
© Dropstars 2025
