Privacy Policy

Last updated: May 18, 2026

Tengri Vertex, LLC ("Company," "we," "us," or "our") operates the PopsDrops platform ("Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service.

We are a Delaware limited liability company with our principal office in San Francisco, California.

1. Information We Collect

Information you provide

  • Account information: Name, email address, and profile photo (via Google OAuth or email signup)
  • Profile information: Bio, primary market, languages spoken, niches, and profile photo (creators); company name, industry, website, target markets, and description (brands)
  • Social media accounts: Platform handles and publicly available metrics (follower counts, engagement rates) for TikTok, Instagram, Snapchat, YouTube, and Facebook
  • Access requests: Brand and creator request information, including company details, social profile links, target markets, and reasons for joining
  • Campaign data: Campaign briefs, content submissions, reviews, ratings, application details, creator agreements, and reporting requirements
  • Evidence files: Content URLs, screenshots, exports, PDFs, and other performance evidence submitted to support campaign reports
  • Campaign service fee records: Checkout session identifiers, invoice status, payment status, and related campaign package details
  • Rate card: Per-platform, per-format pricing set by creators
  • Communications: Transactional emails, support requests, and admin review notes

Information collected automatically

  • Usage data: Pages visited, features used, actions taken, timestamps, and session duration
  • Device information: Browser type, operating system, and device type
  • Network information: IP address and approximate location (country/region level)
  • Language preferences: Browser language settings (used to deliver the platform in your preferred language)

Information we generate

  • Performance metrics: Calculated engagement rates, response times, completion rates, and platform-specific performance scores
  • AI-assisted evidence extraction: Draft metric values extracted from performance evidence for creator confirmation or correction before brand reports use them
  • AI-generated translations: Translations of campaign briefs and dynamic campaign content into your preferred language
  • Embeddings: Mathematical representations of profiles and campaigns used for creator-campaign matching (not human-readable)
  • Creator tier: Classification (New, Rising, Established, Top) based on campaign history and ratings

2. How We Use Your Information

  • Provide the Service: Authenticate your identity, display your profile, match creators with campaigns, facilitate content review, and deliver translations
  • Communications: Send transactional emails (campaign updates, application status, content approvals) via AWS SES
  • Payments: Create Stripe Checkout sessions, track campaign service fee status, and maintain required business records
  • Improvement: Analyze usage patterns to improve features, fix issues, and develop new functionality
  • Safety: Detect fraud, enforce our Terms of Service, and protect the security of the platform and its users
  • Legal compliance: Record legal acknowledgements, process privacy requests, and comply with applicable laws, regulations, and legal processes

We do not use your information for targeted advertising. We do not sell your personal information.

3. How We Share Your Information

With other users

Certain information is visible to other users as part of the Service's core functionality:

  • Creator profiles (name, bio, social accounts, rates, niches, markets, ratings, and performance metrics) are visible to brands
  • Brand profiles (company name, industry, and ratings) are visible to creators
  • Campaign briefs are visible to creators who apply or are invited
  • Performance evidence and confirmed metrics are visible to the brand that runs the campaign and authorized admins
  • Reviews and ratings are visible to all users

With service providers

We share information with third-party service providers that help us operate the Service:

  • Supabase (database, authentication, storage) - stores your account data, campaign data, and files
  • Vercel (hosting, analytics) - hosts the application and collects anonymous usage analytics
  • Amazon Web Services (AWS SES) (email delivery) - processes transactional emails (receives your email address and message content)
  • Stripe (payments) - processes brand campaign service fee checkout sessions and payment events. We do not store full card numbers
  • Google Gemini API (AI translation and evidence extraction) - processes dynamic campaign brief text and submitted performance evidence when the feature is used
  • Cohere (AI embeddings) - generates mathematical representations of profiles for matching (profile text sent, no direct identifiers)
  • Cloudflare (DNS, bot protection) - processes network requests and provides Turnstile bot verification on public forms
  • Upstash (rate limiting) - processes request metadata to prevent abuse
  • Axiom (monitoring) - processes application logs and telemetry so we can investigate errors and platform health
  • Slack (internal alerts) - receives limited access-request and operational alerts for admin review

These providers are contractually obligated to use your information only to provide services to us and are bound by their own privacy policies.

For legal reasons

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If Tengri Vertex, LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Cookies and Tracking

We use minimal cookies:

  • Authentication cookies: Essential cookies set by Supabase Auth to maintain your login session. These are strictly necessary and cannot be disabled.
  • Language preference: A cookie storing your selected language so the platform displays in your preferred language across visits.
  • Analytics: Vercel Analytics collects anonymous, aggregated usage data (page views, performance metrics). No personally identifiable information is collected by analytics.

We do not use advertising cookies, social media tracking pixels, or third-party behavioral tracking. You can control cookies through your browser settings, though disabling essential cookies will prevent you from using the Service.

5. Data Retention

  • Active accounts: We retain your information for as long as your account is active.
  • Access requests: We retain approved, rejected, and pending access request records for up to 2 years after the final decision unless a longer period is needed for fraud prevention, disputes, or legal compliance.
  • Campaign records: We retain campaign briefs, applications, agreements, review history, and reporting records for the life of the campaign plus 2 years, unless a longer period is required for tax, legal, audit, or dispute reasons.
  • Evidence files: We retain submitted performance evidence for the life of the campaign plus 2 years so brands can verify reports and creators can resolve disputes.
  • Campaign service fee records: We retain payment, invoice, refund, dispute, and tax records as required by accounting, tax, and legal obligations.
  • Consent records: We retain terms, privacy, retention, and data-rights acknowledgement records for as long as needed to demonstrate compliance and resolve disputes.
  • Deleted accounts: When you delete your account, we delete or anonymize your personal information within 30 days. Backups containing your data are purged within 90 days.
  • Benchmarks: Aggregated or anonymized campaign performance data may be retained indefinitely for benchmarking and analytics purposes.
  • Legal obligations: We may retain certain information longer if required by law (such as tax or financial records) or to resolve disputes.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Row-level security policies on our database
  • Authentication via OAuth 2.0 and secure magic links (no passwords stored)
  • Rate limiting and bot protection on public endpoints
  • Server-side validation of all inputs
  • File upload validation via magic bytes

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. We will notify affected users of any data breach as required by applicable law.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request account deletion or deletion of personal information, subject to legal, tax, fraud-prevention, dispute, and contractual retention requirements
  • Portability: Request a machine-readable data export
  • Objection: Object to certain processing of your information
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, contact us at legal@popsdrops.com. We will respond within 30 days. You may also submit data export and account deletion requests inside account settings when available. We may need to verify your identity before processing your request.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. You may designate an authorized agent to make requests on your behalf. We will not discriminate against you for exercising your privacy rights.

European Economic Area, UK, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, our legal bases for processing your personal information are: (a) performance of a contract (providing the Service), (b) legitimate interests (improving the Service, preventing fraud), and (c) consent (where applicable, such as for optional communications). You have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

We are based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate. We rely on appropriate safeguards, including service provider commitments, data processing terms, contractual protections, and transfer mechanisms where required by applicable law.

9. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal information, contact us at legal@popsdrops.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
legal@popsdrops.com