Privacy Policy

Last updated: March 29, 2026

Tengri Vertex, LLC ("Company," "we," "us," or "our") operates the PopsDrops platform ("Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service.

We are a Delaware limited liability company with our principal office in San Francisco, California.

1. Information We Collect

Information you provide

  • Account information: Name, email address, and profile photo (via Google OAuth or email signup)
  • Profile information: Bio, primary market, languages spoken, niches, and profile photo (creators); company name, industry, website, target markets, and description (brands)
  • Social media accounts: Platform handles and publicly available metrics (follower counts, engagement rates) for TikTok, Instagram, Snapchat, YouTube, and Facebook
  • Campaign data: Campaign briefs, content submissions, reviews, ratings, messages, and application details
  • Rate card: Per-platform, per-format pricing set by creators
  • Communications: Messages sent through the platform and support requests

Information collected automatically

  • Usage data: Pages visited, features used, actions taken, timestamps, and session duration
  • Device information: Browser type, operating system, and device type
  • Network information: IP address and approximate location (country/region level)
  • Language preferences: Browser language settings (used to deliver the platform in your preferred language)

Information we generate

  • Performance metrics: Calculated engagement rates, response times, completion rates, and platform-specific performance scores
  • AI-generated translations: Translations of campaign briefs and platform content into your preferred language
  • Embeddings: Mathematical representations of profiles and campaigns used for creator-campaign matching (not human-readable)
  • Creator tier: Classification (New, Rising, Established, Top) based on campaign history and ratings

2. How We Use Your Information

  • Provide the Service: Authenticate your identity, display your profile, match creators with campaigns, facilitate content review, and deliver translations
  • Communications: Send transactional emails (campaign updates, application status, content approvals) via AWS SES
  • Improvement: Analyze usage patterns to improve features, fix issues, and develop new functionality
  • Safety: Detect fraud, enforce our Terms of Service, and protect the security of the platform and its users
  • Legal compliance: Comply with applicable laws, regulations, and legal processes

We do not use your information for targeted advertising. We do not sell your personal information.

3. How We Share Your Information

With other users

Certain information is visible to other users as part of the Service's core functionality:

  • Creator profiles (name, bio, social accounts, rates, niches, markets, ratings, and performance metrics) are visible to brands
  • Brand profiles (company name, industry, and ratings) are visible to creators
  • Campaign briefs are visible to creators who apply or are invited
  • Reviews and ratings are visible to all users

With service providers

We share information with third-party service providers that help us operate the Service:

  • Supabase (database, authentication, storage) — stores your account data, campaign data, and files
  • Vercel (hosting, analytics) — hosts the application and collects anonymous usage analytics
  • Amazon Web Services (AWS SES) (email delivery) — processes transactional emails (receives your email address and message content)
  • Google Gemini API (AI translation) — processes text for translation (campaign briefs and UI strings, no personal identifiers sent)
  • Cohere (AI embeddings) — generates mathematical representations of profiles for matching (profile text sent, no direct identifiers)
  • Cloudflare (DNS, bot protection) — processes network requests and provides Turnstile bot verification on public forms
  • Upstash (rate limiting) — processes request metadata to prevent abuse

These providers are contractually obligated to use your information only to provide services to us and are bound by their own privacy policies.

For legal reasons

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If Tengri Vertex, LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Cookies and Tracking

We use minimal cookies:

  • Authentication cookies: Essential cookies set by Supabase Auth to maintain your login session. These are strictly necessary and cannot be disabled.
  • Language preference: A cookie storing your selected language so the platform displays in your preferred language across visits.
  • Analytics: Vercel Analytics collects anonymous, aggregated usage data (page views, performance metrics). No personally identifiable information is collected by analytics.

We do not use advertising cookies, social media tracking pixels, or third-party behavioral tracking. You can control cookies through your browser settings, though disabling essential cookies will prevent you from using the Service.

5. Data Retention

  • Active accounts: We retain your information for as long as your account is active.
  • Deleted accounts: When you delete your account, we delete or anonymize your personal information within 30 days. Backups containing your data are purged within 90 days.
  • Campaign records: Anonymized campaign performance data may be retained indefinitely for benchmarking and analytics purposes.
  • Legal obligations: We may retain certain information longer if required by law (such as tax or financial records) or to resolve disputes.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Row-level security policies on our database
  • Authentication via OAuth 2.0 and secure magic links (no passwords stored)
  • Rate limiting and bot protection on public endpoints
  • Server-side validation of all inputs
  • File upload validation via magic bytes

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. We will notify affected users of any data breach as required by applicable law.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to certain processing of your information
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, contact us at legal@popsdrops.com. We will respond within 30 days. We may need to verify your identity before processing your request.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. You may designate an authorized agent to make requests on your behalf. We will not discriminate against you for exercising your privacy rights.

European Economic Area, UK, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, our legal bases for processing your personal information are: (a) performance of a contract (providing the Service), (b) legitimate interests (improving the Service, preventing fraud), and (c) consent (where applicable, such as for optional communications). You have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

We are based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate. By using the Service, you consent to such transfers. We implement appropriate safeguards for international data transfers as required by applicable law.

9. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal information, contact us at legal@popsdrops.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
legal@popsdrops.com