HeyDrop Trust Center

Security, privacy, and compliance are foundational to how we build and operate HeyDrop. Learn about our commitments and practices.

Compliance & Certifications

GDPR Compliant

General Data Protection Regulation (EU) — HeyDrop is fully GDPR compliant with robust data protection practices and user rights implementation.

SOC 2 Type II Readiness

System and Organization Controls — HeyDrop is in SOC 2 readiness phase, with security controls and evidence collection in place ahead of formal certification.

Data Encryption AES-256 + TLS 1.2

All data is encrypted at rest using AES-256 via AWS Key Management Service and in transit using TLS 1.2+. Secrets are managed with AWS Secrets Manager.

EU-US Data Privacy Framework Compliant

Our primary infrastructure partner AWS is certified under the EU-US DPF, enabling lawful data transfers between regions.

CCPA Compliant

California Consumer Privacy Act — HeyDrop respects all CCPA requirements including data access, deletion, and opt-out rights.

Consent Management Active

CookieYes consent platform — We provide transparent cookie and data collection consent options for all users.

Documentation & Resources

Security Practices

Detailed information about our infrastructure, encryption, authentication, and monitoring practices.

→ Read more Data Processing Agreement

Our Data Processing Agreement (DPA) for organizations processing customer data.

→ Read more Subprocessor List

Complete list of third-party vendors and services that process customer data on our behalf.

→ Read more Privacy Policy

Our comprehensive privacy policy detailing data collection, use, and user rights.

→ Read more Terms of Service

Legal terms governing your use of HeyDrop and our services.

→ Read more Data Deletion

Instructions for requesting account deletion and permanent data removal.

→ Read more

Questions? Get in Touch

Privacy: [email protected]
Data Protection Officer: [email protected]
Security: [email protected]