Last updated: June 8, 2026
This Privacy Policy explains how letitdrop collects, uses, and protects your personal data when you use our mobile app and website, and the rights you have under the EU General Data Protection Regulation (GDPR).
The data controller is Edgaras Masilionis, the individual operator of letitdrop, based in Vilnius, Lithuania, European Union. For any privacy question or to exercise your rights, contact us at support@letitdrop.app.
Your email address and email-verification status. Sign-in is managed by our authentication provider, Auth0 (a service of Okta): your password is handled and stored by Auth0, and we never see or store it. If you choose to sign in with Google or Apple instead, that provider confirms your identity and shares basic profile information (such as your name and email address) with us. If you use Apple’s “Hide My Email”, Apple gives us a private relay address rather than your real one.
Whether you have opted in to push notifications and your notification preferences, plus a device push token if you enable notifications.
Aggregate, largely anonymous analytics about how the website performs and is used (see our Cookie Policy), and basic technical information needed to deliver the Service securely.
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and run your account and core features | Performance of a contract (Art. 6(1)(b)) |
| Optional profile fields (date of birth, gender, location, socials) | Your consent (Art. 6(1)(a)) — you choose whether to add them |
| Push notifications | Your consent (Art. 6(1)(a)) — you can opt out any time |
| Keeping the Service safe, preventing abuse, moderation | Legitimate interests (Art. 6(1)(f)) |
| Understanding and improving performance (analytics) | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not sell your personal data. We share it only with the service providers (“processors”) that help us run letitdrop, under contracts that require them to protect it:
| Provider | Purpose | Region |
|---|---|---|
| Auth0 (Okta) | Authentication and identity management | EU / US |
| Neon | Database hosting (your account and app data) | EU / US |
| Fly.io | Application/API hosting | EU / Global |
| Cloudflare R2 | Storage and delivery of images (avatars, event photos) | Global |
| Vercel | Website hosting and privacy-friendly analytics | EU / US |
| Expo | Delivering push notifications (if you opt in) | US |
Auth0 (Okta) processes authentication data on our behalf as a processor, under its own privacy policy. When you sign in with Google or Apple, that provider also processes your data as an independent controller under its own terms (see Google’s Privacy Policy and Apple’s Privacy Policy).
Information shown to other users by design — such as your public profile, chat messages, reviews, and photos you post in event communities — is visible to those users according to the relevant feature.
Note: we enrich public information about festivals and artists using third-party tools (such as music data and AI text extraction). These run only on publicly available event and artist data — never on your personal account data.
Some providers process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses to protect your data.
We keep your personal data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must keep certain information to comply with the law or to resolve disputes. Content shared with others (such as chat messages already delivered) may persist in their view.
You have the right to:
To exercise any of these rights, email support@letitdrop.app. You can also request account deletion this way. You have the right to lodge a complaint with your local supervisory authority; in Lithuania this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija).
The Service is not intended for children under 16 (or the minimum age of digital consent in your country). We do not knowingly collect data from children below that age.
We use technical and organisational measures to protect your data, including encryption in transit and access controls. No system is perfectly secure, but we work to keep your data safe and will notify you and the relevant authority of a breach where the law requires.
We may update this Privacy Policy from time to time. We will update the “Last updated” date above and, for material changes, notify you in the app or by email.
Questions or requests about your privacy? Email support@letitdrop.app.