This document outlines our commitment to data protection and privacy compliance.
This Privacy Policy ("Policy") governs the collection, processing, use, disclosure, and protection of personal data in connection with the Dropstone AI Development Platform and all related services (collectively, the "Service" or "Platform"). This Policy is issued by Blankline ("we," "us," "our," "Data Controller," or "Blankline").
Controller vs. Processor: We act as a Data Controller for account, billing, and usage data. We act as a Data Processor for user-generated content and code transmitted to AI models.
By using the Service, you acknowledge and agree to the practices described in this Policy.
We process personal data in strict compliance with international privacy frameworks, including India's DPDPA 2023, GDPR (EU), CCPA/CPRA (California), and UK GDPR.
We engage verified third-party providers for specific service functions. All processors are bound by strict data protection agreements.
Stripe Inc. (USA) - Payment processing and subscription management.
PostHog, Google Analytics - Usage behavior and product optimization.
OpenAI, Anthropic, Deepseek - Model inference and processing.
Sentry - Error tracking and performance monitoring.
We distinguish between "Storage" and "Inference." Your code sent for inference is ephemeral and never used for downstream training of foundation models.
If you choose to fine-tune a model on your proprietary codebase (an Enterprise feature), the resulting model weights are owned exclusively by you and are siloed from other users.
Your data may be processed globally. We ensure protection through:
Dropstone is not intended for children under 16 (or 13 where applicable). We do not knowingly collect data from minors. If discovered, such data is immediately deleted.
We send promotional content only with explicit opt-in consent. Transactional messages (billing, security) are mandatory. You may opt-out of marketing at any time via unsubscribe links.
In the event of a breach, we notify affected users and authorities within 72 hours, as required by GDPR and other laws. We maintain 24/7 security monitoring to detect and contain incidents immediately.
You have rights to access, correct, delete, and port your data. Contact [email protected] to exercise these rights.
Request a copy of your data in a structured format.
Fix inaccuracies or request the "Right to be Forgotten".
Object to specific processing activities or withdraw consent.
Specific rights for GDPR (EU) and CCPA/CPRA (California) residents.
For Enterprise Tier customers, we offer logical tenant isolation. Your vector indexes and usage logs are tagged with a unique Tenant ID, ensuring that your data is logically separated from other customers at the database level.
We conduct regular static code analysis (SAST) and dependency scanning to identify vulnerabilities. Security patches are deployed within 72 hours of critical disclosure.
We use essential cookies for functionality and security. Analytics and marketing cookies are optional and require your consent. You can manage preferences via your browser or our settings.
We may update this policy. Material changes will be notified 30 days in advance via email. Continued use constitutes acceptance.
We do not store full credit card numbers; these are handled directly by our PCI-DSS compliant provider, Stripe. For information regarding subscription cancellations and our No-Refund Policy, please refer to our Terms of Service.
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the contact details of the Grievance Officer are provided below:
Grievance Officer: Legal Compliance Lead
Entity: Blankline
Location: Chennai, Tamil Nadu, India
Email: [email protected]
For general privacy inquiries or to exercise your data rights (GDPR/CCPA/DPDPA), please contact: [email protected].
BY USING THE DROPSTONE SERVICE, YOU ACKNOWLEDGE AND AGREE TO THE DATA PRACTICES DESCRIBED IN THIS POLICY. THIS POLICY IS A BINDING COMMITMENT TO YOUR PRIVACY RIGHTS.