TermsPrivacyRefund

Privacy Policy

This policy explains what data textme.bio collects, why, and your rights over it.

Last Updated Date: APRIL 1st, 2026

1. Who we are

Dropify Technologies Inc. (d/b/a textme.bio) ("we", "us") builds textme.bio — a platform where people run their business online ("Creators"), powered by an AI assistant that performs tasks on their behalf ("Agent"). The Agent acts only on instructions from the Creator — it does not make autonomous decisions about Subscribers. People who interact with a Creator's profile — by subscribing, purchasing, or messaging — are "Subscribers." Creators are responsible for how they use Subscriber data they collect through their profile. This policy applies to everyone who uses textme.bio.

2. How we use your data

We collect data solely to operate and improve textme.bio. We do not sell your data, share it with advertisers, or use it to target you with ads.

Understanding collected vs. shared data

"Collected" means data that is transmitted off your device to our servers or infrastructure to operate our services. "Shared" means data transferred to an independent third party who uses it for their own purposes. We collect data to run textme.bio — we do not share it. All third parties that receive your data are service providers acting strictly on our behalf, which means that transfer is not considered "sharing" under privacy frameworks including GDPR, PIPEDA, Google Play's Data Safety requirements, and Apple's App Privacy requirements.

What we collect and why

  • Account data (name, email, phone, user IDs) — to create and manage your account, authenticate you, send transactional and marketing communications, and prevent fraud
  • Purchase history — to manage your subscription and credits
  • Location (approximate) — to optimize Agent performance and co-locate browser sessions
  • In-app messages, files, photos, videos, audio, calendar, contacts, and any other data you provide to or direct your Agent to access — solely to complete tasks you request. Your Agent requires your approval before accessing any service on your behalf. We log what your Agent does — like the tasks you request and the responses it generates — to improve the platform and fix issues. Most logs are kept for up to 30 days. Data we review for quality and safety may be kept for up to 400 days.
  • App activity and interactions — to improve platform performance, personalize your experience, and maintain security
  • Crash logs and diagnostics — to monitor and improve app stability
  • Device and session identifiers, including browser fingerprinting — to maintain your account, keep your Agent running, prevent fraud, provide creators with visitor analytics, and understand what content is useful

What we never use your data for

  • ❌ Displaying or targeting ads
  • ❌ Selling data to third parties
  • ❌ Building advertising profiles
  • ❌ Sharing with marketing partners
  • ❌ Promoting third-party products or services

All analytics are first-party — your data stays in our infrastructure. We use browser fingerprinting and local storage, nothing else. No third-party tracking cookies, no advertising pixels, no remarketing, no tracking across sites.

Our service provider categories

The following types of companies process data on our behalf under our instructions. They are contractually prohibited from using your data for their own purposes:

  • Payment processing — handling subscription and transaction processing
  • Infrastructure and content delivery — hosting, networking, and performance optimization
  • AI and machine learning — model inference, observability, and debugging
  • Browser automation — managed browser sessions for agentic task execution
  • Communication — transactional email and SMS delivery
  • Voice processing — speech-to-text for voice interactions
  • Database and backend — data storage and application infrastructure
  • Compute and sandboxing — code execution and AI workload processing

None of these providers sell your data or use it independently of our instructions. Transfers to service providers do not constitute "sharing" under applicable privacy frameworks.

3. Why we're allowed to process your data

We process your data under the following legal bases:

  • Contract — account creation, service delivery, payments, Agent task execution
  • Consent — SMS messaging, optional data connections, visitor analytics (EU)
  • Legitimate interest — fraud prevention, platform security, performance improvement
  • Legal obligation — tax records, billing compliance, regulatory requirements

You can withdraw consent at any time by contacting us. Withdrawing consent does not affect processing based on other legal bases.

4. International data transfers

Our infrastructure is primarily based in North America. If you're outside this region, your data may be transferred internationally to operate our services. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and equivalent safeguards where required by law, to protect your data during these transfers.

5. Data retention

We keep your data while your account is active. When you delete your account, it enters a 30-day grace period — after which your data is permanently deleted. Some records (like transaction history) may be retained in anonymized form for tax and legal compliance. Analytics data is retained indefinitely in anonymized form to understand platform usage. For full details on what is deleted vs. retained, see our account deletion page.

6. Your rights

Regardless of where you live, you can:

  • Access your data — request a copy of what we hold
  • Correct inaccurate information
  • Delete your data — request permanent deletion of your account
  • Download your data in a portable format
  • Restrict or object to how we process your data
  • Withdraw consent at any time
  • File a complaint with your local data protection authority (in Canada, the Office of the Privacy Commissioner; in the EU, your national Data Protection Authority; in California, the California Privacy Protection Agency)

To exercise any of these rights, email us at [email protected]. We'll respond within 30 days.

California residents

Under the California Consumer Privacy Act (CCPA/CPRA): we do not sell or share your personal information as defined by California law. You have the right to know what personal information we collect, request its deletion, and request a copy. We will not discriminate against you for exercising any of these rights.

7. Security

Your data is encrypted in transit and at rest. Access is restricted to authorized personnel. If we ever discover a security breach that affects your data, we'll notify you as required by applicable law. No system is 100% secure — by using our services, you acknowledge this inherent risk.

8. Children

textme.bio is for users 18 and older. We do not knowingly collect personal data from anyone under 18. If we learn we have, we'll delete it promptly.

9. SMS and messaging

We send SMS messages only with your consent — given when you subscribe to a Creator's profile or complete a purchase that includes messaging. Consent is not required to make a purchase. Sign-in codes sent to team members are transactional and don't require marketing consent. You can opt out anytime by texting STOP. Our SMS practices comply with TCPA (U.S.) and CASL (Canada).

10. Changes to this policy

If we make significant changes to this policy, we'll notify you via email and in-app notification at least 30 days before they take effect. Continued use of textme.bio after changes take effect means you accept the updated policy.

11. Contact us

Questions about this policy or your data? Reach us at [email protected]. Our Privacy Officer can be reached at the same address.

Dropify Technologies Inc. (d/b/a textme.bio)

General inquiries: we aim to respond within 7 days.

Data rights requests: we'll respond within 30 days.