At Drime, your privacy is a top priority. This Privacy Policy explains how we collect, use, protect, and share your data when you access or use the Drime website (https://drime.cloud), any related web or mobile applications (the "Site"), or any of our services (the "Services").

It also outlines your rights and choices regarding your personal information, including how to opt out of certain data uses. This Policy applies to all Drime services and any associated products (collectively referred to as "Drime"). The use of Drime Services is also governed by our Terms of Service (the “Terms and Conditions”). Drime is operated by Drime, France (referred to as “Drime”, “we”, “us” or “our”). For the purposes of European data protection regulations, Drime is the data controller.

Key Privacy Principles:

• Our servers are hosted exclusively within the European Union (Amsterdam, Netherlands and Paris, France) in highly secure and ISO 27001-certified data centers.

• We collect only the minimal personal data required to provide our services effectively.

• We only set cookies essential for keeping you securely logged into our services.

• All user communications with Drime are encrypted to ensure maximum security.

• Files stored within Drime Vault are protected by end-to-end encryption (E2EE); files are encrypted on your device before upload, remaining encrypted at all times.

• Drime will never sell, trade, or share your personal data for commercial purposes.

1. Information We Collect

Personal Information Provided by You:

• Account registration: Name, email address, password.

• Payment information via trusted providers (PayPal, Stripe): name, address, billing details.

Automatically Collected Data:

• Through tracking services, we will collect information about you such as length of visit, page views and navigation paths, as well as information about the timing, operating system, device information, behavior, visited pages, etc. This anonymous information can not be identified directly with you.
  
  

Data Collected with Your Explicit Permission:

• Access to specific files on your device if explicitly authorized by you, like for automatic photos backup.

• We collect information about purchases you've made through our Site or Services, such as product type, subscription type, date of purchase, etc.

• "Send and Track" feature: recipient email, approximate geographic location, file download status, link interaction, and access timestamps. This is only activated when you expressly click on a shared link using the send and track option.

  
  

2. How We Use Your Information

   
   

We strictly limit the use of your information to:

• Account creation and management

• Secure authentication and service delivery

• Processing transactions and payments

• Customer support and service improvements

• Security measures and protection against fraud or unauthorized access

• Compliance with legal obligations and court orders

  
  

3. How We Share Your Information

   
   

Drime does not sell or share personal data commercially. We only share your personal data in limited circumstances:

• Trusted third-party service providers necessary for service operations (payment processors PayPal and Stripe, secure hosting partners)

• Legal authorities when required by law (court orders, regulatory compliance)

  
  

4. Drime Vault - End-to-End Encryption

   
   

Drime Vault provides enhanced security through end-to-end encryption:

• Your files are encrypted locally on your device before being uploaded.

• Drime has no access to your decrypted files or encryption keys.

• Encrypted thumbnails for certain file types are stored securely to enhance user experience.

• Minimal metadata is collected for operational purposes, ensuring it does not reveal file contents.

  
  

5. Data Retention

   
   

• Personal data is retained for as long as your account is active and you are subscribed to our services. Once you cancel your subscription or delete your account, we retain your data only for the duration necessary to fulfill our legal, regulatory, and contractual obligations. After that, all personal data is securely and irreversibly deleted unless we are required to preserve it due to pending legal actions or statutory requirements.

• You should backup or download your files prior to service termination.

• Residual and anonymized aggregate data, which cannot identify you, may be retained indefinitely.

  
  

6. Security Measures

   
   

We maintain technical, physical, and administrative safeguards designed to reasonably protect your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. These measures include firewalls, encryption, strict access controls to our infrastructure, and role-based authorisation systems.

While we are committed to securing our systems and services, it's your responsibility to protect the confidentiality of your password(s) and account information, and to ensure that the personal data we hold about you is accurate and up to date.

Drime is not responsible for securing any personal data that is shared with a third-party service you’ve explicitly connected to your account.

In the unlikely event of a data breach affecting individuals’ rights and freedoms, Drime will notify the affected individuals without undue delay, in accordance with our internal risk assessment policy.

7. Your Rights Under GDPR

   
   

As a user of Drime, you are entitled to a range of rights under the General Data Protection Regulation (GDPR), which ensures the transparency and fairness of how your personal data is handled. We are committed to upholding these rights and making it simple for you to exercise them at any time.

• Right of Access – You may request confirmation as to whether or not personal data concerning you is being processed and, where that is the case, gain access to that personal data. This includes the purposes of the processing, the categories of personal data concerned, and the recipients to whom the data has been or will be disclosed.

• Right to Rectification – If the personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or completed. You may edit this information directly via your account settings, or contact us for assistance.

• Right to Erasure – Also known as the “right to be forgotten,” this right allows you to request the deletion of your personal data under certain conditions, for example, when the data is no longer necessary for the purposes for which it was collected.

• Right to Restrict Processing – In specific situations, you may request us to restrict the processing of your personal data. This means we may store your data but not further process it unless you give consent or for legal claims.

• Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller without hindrance.

• Right to Object – You may object to our processing of your personal data for direct marketing purposes or where processing is based on our legitimate interests.

• Right Not to be Subject to Automated Decision-Making – You have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal or similarly significant effects on you.

To exercise any of these rights, contact us at contact@drime.cloud. We will process your request within 30 days. In certain cases, we may require additional verification to confirm your identity before processing your request. If you are not satisfied with the way your data is handled, you may lodge a complaint with your national data protection authority.

Drime processes all payments securely through industry-leading third-party payment service providers: PayPal and Stripe. These providers are responsible for handling your payment details, and we do not store or process any payment card information directly on our servers.

When you make a purchase, PayPal or Stripe may collect your billing address, name, email, transaction amount, IP address, and other payment-related metadata. These providers act in accordance with applicable data protection laws and are contractually bound to process your data solely for the purpose of payment processing.

PayPal may process your data in the United States and relies on EU-approved Standard Contractual Clauses (SCCs) to ensure that your data receives the same level of protection it would within the European Economic Area. Their detailed privacy terms can be accessed at: https://www.paypal.com/webapps/mpp/ua/privacy-full

Stripe also uses SCCs and maintains GDPR-compliant infrastructure. When you complete a payment via Stripe, your data is encrypted and transmitted securely. Stripe’s privacy policy is available at: https://stripe.com/privacy

In all cases, your data is handled with strict confidentiality. These providers do not use your information for any purposes beyond the processing of your transactions and compliance with legal and financial obligations.

Drime services may include external links for user convenience and information. However, Drime holds no responsibility for the content, privacy policies, or practices of third-party websites or services. Users should exercise caution and review privacy policies when navigating away from our service.

8. Consent and Limits to Use

By providing your personal information to Drime, you consent to our collection, storage, processing, and use of your data solely to offer you access to our services and features, handle your requests, manage your account, respond to your inquiries, or contact you regarding service-related communications. Your personal data will not be used for any unrelated purposes. You may withdraw your consent at any moment by contacting us directly.

9. Data collected from Visitors Only

When you visit Drime’s website or access a shared link (e.g. file uploads or downloads), we receive limited technical data from your browser, such as your IP address, device type, operating system, browser version, language, country, referral source, and timestamp. This helps us ensure the website works properly and remains secure. Some of this data may be stored temporarily in server logs, which are regularly deleted.

We also use cookies and analytics tools to understand how our service is discovered and used, for example, to measure page visits, referral links, or general browsing behavior. These cookies are minimal, never used for advertising, and only activated for analytics and functionality. No cookies are set if you're simply visiting the homepage without interacting.

For users accessing Drime without logging in (guest usage), we may collect anonymized data like time on page or navigation paths, but nothing that can identify you personally.

10. Sharing with Others

Drime lets you easily share files and folders with others by entering their email address, whether it's friends, colleagues, or clients. These addresses are used solely to send the invitation and grant access to the shared content. Since recipients haven’t created an account or accepted any terms, their emails are stored only within your account and never used for any other purpose. If the invitation isn’t accepted, the email is eventually removed.

When using our Send & Track feature, additional data is collected about the recipient’s interaction with the shared link, including their email address (if available), approximate location, download status, link activity (such as views or clicks), and timestamps.

This data is collected only if you explicitly enable the Send & Track option when generating the link. Drime does not use or analyze this information in any way, it is strictly made available to you, the sender, for visibility into link activity.

If the recipient is logged into a Drime account, their email may be associated with the access log for clarity. Otherwise, all data remains anonymous and temporary.

11. Deleting your account and data

You can request the deletion of your Drime account at any time, either through our support email or directly via the Settings page of your account. This deletion includes all data associated with your account, except for information we are legally required to retain (such as invoices).

Any technical data that cannot be deleted (e.g., server log entries) is automatically disassociated from you once your account is removed, meaning it can no longer be linked to any specific individual.

Account deletion is irreversible and processed:

• Instantly, if requested via the Settings page, or

• Within 30 days, if requested via our support team.

  
  

Once deleted, your data is permanently erased from our servers and cannot be recovered. If you later create a new account with the same email, it will be treated as a completely new and unrelated account, no previous data or history will be associated.

We only retain personal data for as long as necessary to provide the service or comply with legal obligations. Once this period ends, your data is securely and irreversibly deleted.

12. Communications

We send essential service-related communications (e.g., invoices, security and updates) via your registered email address. Marketing or promotional emails are not sent unless explicitly consented to.

13. Children's Privacy

Drime does not knowingly collect or process data from children under 13. If we become aware of any such data collection, we will immediately delete it.

14. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy. Any changes will be clearly communicated, and we encourage regular review.

15. Contact Information

If you have any questions about this Privacy Policy, wish to exercise any of your rights under applicable data protection laws, or need assistance regarding your personal information, you may contact us through the following channels:

Email: contact@drime.cloud

When contacting us, please provide sufficient information to allow us to identify you and respond appropriately (e.g., your email address associated with your account, your full name, and the nature of your inquiry). We may request additional verification to ensure the security of your personal data.

We strive to respond to all requests within 30 days, in compliance with the General Data Protection Regulation (GDPR) and other applicable legislation. If you feel that your data request has not been handled adequately, you may lodge a complaint with the relevant supervisory authority in your country.

This Privacy Policy was last updated on 19/05/2025.