DropSupport

Privacy Policy

Effective Date: February 2026

Introduction

DropSupport is an AI-powered customer support automation service for D2C e-commerce brands, operated by Meridian Studio. This Privacy Policy explains how we collect, use, store, and protect your data when you use our service.

Data We Collect

Account Information

When you create an account, we collect your email address and name via Google OAuth authentication.

Email Content

We access and store customer support emails from your domain email account via IMAP. This includes email subject lines, body content, sender/recipient information, and timestamps.

Shopify Store Data

When you connect your Shopify store, we access read-only data including:

  • Order information (order numbers, statuses, line items, totals)
  • Customer information (names, email addresses, order history, lifetime value)
  • Product information (titles, SKUs, variants)

AI-Generated Content

We store AI-generated classifications, ticket categories, sentiment analysis, and draft responses created by our system.

How We Use Data

We use your data to:

  • Classify incoming customer support tickets by category and intent
  • Generate draft responses to support tickets using AI language models
  • Provide order context and customer history to support agents handling tickets
  • Display analytics, metrics, and insights about your support operations
  • Improve the service and fix technical issues

AI Processing

We use third-party AI services to power our automation features:

  • Google Gemini for text classification and response generation
  • NVIDIA NIM for text embeddings and semantic search

Email content and Shopify data are sent to these services for processing. We do NOT allow these providers to use your data to train their AI models. Data is processed in real-time and not retained by the AI providers beyond the duration of the API call.

Data Storage

Your data is stored securely:

  • Database hosted on Supabase (PostgreSQL) with Row-Level Security policies enforcing multi-tenant isolation
  • Sensitive credentials (email passwords, Shopify tokens) encrypted with AES-256-GCM
  • Web application hosted on Vercel with HTTPS encryption in transit
  • Access logs and audit trails maintained for security monitoring

Data Sharing

We do NOT sell, rent, or trade your data. We share data only with:

  • Third-party service providers: Supabase (database), Google Cloud (Gemini AI), NVIDIA (embeddings), Vercel (hosting)
  • Shopify: We access your store data via their official API with your explicit consent
  • Legal requirements: If required by law, court order, or government regulation

Data Retention

  • Account data: Retained while your account is active
  • Support ticket data: Retained for 12 months after last activity, then automatically deleted
  • Deleted upon request: We honor data deletion requests via the Shopify customer/redact and shop/redact webhooks
  • Account deletion: All associated data deleted within 30 days of account closure

Your Rights

You have the right to:

  • Request data export: We honor Shopify customers/data_request webhooks and can provide a copy of your data in JSON format
  • Request data deletion: We honor Shopify customers/redact and shop/redact webhooks, deleting your data within 30 days
  • Disconnect Shopify: Revoke our access to your Shopify store at any time from your settings
  • Delete your account: Permanently delete your DropSupport account and all associated data

Contact

For privacy-related questions, data requests, or concerns, contact us at:
support@meridianstudio.dev

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

Effective Date

This Privacy Policy is effective as of February 2026.