Privacy Policy

Last updated: 14 April 2026

1. Overview

MageDrop ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights in relation to it. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

We collect the following categories of data:

Account information

Your name, email address, password (hashed), and timezone — provided when you register.

Store connection data

Your Magento store URL and OAuth credentials (encrypted at rest), used solely to connect and communicate with your store.

CMS content

CMS page and block data staged through the platform, including revision snapshots. This content belongs to you and is only processed to provide the Service.

Usage and activity data

Activity logs generated by your use of the Service — for example, deploys, rollbacks, and store connection events. Used for operational purposes and displayed back to you in the dashboard.

Technical data

IP address, browser type, and session data collected automatically when you use the Service.

3. How We Use Your Data

We use your data to:

  • Provide, operate, and maintain the Service
  • Authenticate your account and keep it secure
  • Connect to and interact with your Magento store on your behalf
  • Send transactional emails such as invitations and password resets
  • Monitor and improve the reliability of the platform
  • Comply with legal obligations

We do not sell your data or use it for advertising purposes.

4. Data Storage and Security

Your data is stored on secure infrastructure provided by Railway. Magento OAuth credentials are encrypted at rest using AES-256 encryption. We use industry-standard security practices to protect your data from unauthorised access, disclosure, or loss.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

5. Data Sharing

We do not share your personal data with third parties except in the following circumstances:

  • Infrastructure providers — Railway for hosting and database services, used to run the platform.
  • Email delivery — a transactional email provider used to send invitations and account-related emails.
  • Legal requirements — if required by law, court order, or to protect the rights and safety of MageDrop or others.

Team members you invite to a store will have access to that store's releases, revisions, and activity log within the platform.

6. Data Retention

We retain your account data and associated store data for as long as your account is active. If you delete your account or a store, we will remove the associated data in accordance with our retention schedules, unless retention is required for legal or operational reasons.

Activity logs are retained for operational and audit purposes.

7. Cookies and Sessions

We use cookies and session storage to keep you authenticated and to maintain the state of your session. These are strictly necessary for the Service to function and are not used for tracking or advertising purposes.

8. Your Rights

Under UK GDPR and applicable data protection law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict how we process your data
  • Request a portable copy of your data
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice within the platform. We encourage you to review this page periodically.

11. Contact

For any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].