Last updated: December 3, 2025
Dropfill ("we," "us") provides the Dropfill Desktop app and the dropfill.ai website (the "Service"). We are the data controller for personal data processed through the Service. Dropfill Desktop is built with a local-first architecture so your email content stays on your device unless you choose to send it. Contact: support@peerborough.com.
How we collect, use, store, and share information when you use Dropfill Desktop to prepare and send email or when you visit our website. This includes license purchases, diagnostics, and support interactions related to the app.
- Contact and account details you provide (name, email, organization, language) - Email content you provide (subjects, message bodies, templates, attachments, recipient lists, custom fields) when composing mail - Email-connection data (tokens from email providers like Google or Microsoft, SMTP hostnames/ports/usernames/passwords you enter) - License and purchase data (license keys, activation/expiry, purchase confirmations; payment card data stays with the payment processor) - Support communications (messages and files you send us for troubleshooting)
- Device and app diagnostics (app version, OS, crash/error logs, update checks) to keep the app reliable - License validation and anti-abuse signals to protect keys and prevent fraud - Aggregated or anonymized usage insights to improve Dropfill Desktop; we do not collect your email content for analytics
Email content, attachments, and provider tokens remain on your device and are only sent to the provider or SMTP host you choose for delivery.
- Deliver the Service, including composing and sending the messages you request - Keep the Service secure (fraud, abuse, threat detection) - Manage licensing, billing, and account administration - Provide updates, notices, and support - Improve reliability and performance based on diagnostics or aggregated insights - Meet legal obligations and enforce our terms
- Access: We request only the minimum access needed to send email on your behalf and confirm your account. We do not request full mailbox access. - Use of data: Email content, attachments, and recipient data stay on your device and are sent only to the provider or SMTP host you choose for delivery. We do not keep server-side copies of your messages or attachments. - Storage: OAuth tokens and SMTP passwords are stored locally on your device using the operating system's encryption (Electron safeStorage). They are not sent to Dropfill servers. - Human access: No human access to provider data except (a) when you ask us to and consent, (b) for security/abuse investigations, (c) when required by law, or (d) to deliver the core sending function you requested. - Limited Use (Google): Our use and transfer of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google data for ads or for unrelated profiling. - Microsoft data: We apply the same restrictions to Microsoft OAuth data; no advertising use and no mailbox access beyond sending. - Revocation: You can disconnect a provider in the app (clear mail settings) and in the provider's account security settings. This removes stored tokens from your device.
- Service providers: Hosting, update delivery, payment processing, and support vendors under confidentiality and security obligations. - Compliance and safety: Disclosure if required by law or to protect users, the Service, or our rights. - Business transfers: If we are involved in a merger or acquisition, we will continue to protect your data and give notice of any transfer. - We do not sell personal data and do not use provider data for advertising.
- Email content and attachments: stay on your device and the destination provider/SMTP host; not archived by us. - OAuth tokens, SMTP credentials, license data: stored locally until you remove them or uninstall. - Diagnostic logs: kept locally and rotated; if you share logs with support, we delete them after resolving the issue unless law requires longer retention. - Purchase records: retained as required by tax/accounting laws.
Encryption in transit (TLS) and at rest on your device (OS key storage), least-privilege access, input validation, and monitoring. You are responsible for securing your device and the files you import.
If data is processed outside your country, we apply appropriate safeguards (such as standard contractual clauses where applicable).
Subject to local law, you may access, correct, delete, port, or restrict processing of your data, and object or withdraw consent. You can clear mail settings or uninstall the app to remove locally stored credentials and license data, and revoke provider access in your Google or Microsoft account. Contact support@peerborough.com for requests; we may verify your identity. You can also opt out of marketing communications where applicable.
Our website may use essential cookies for security and functionality. Where required, we will ask for consent before any non-essential cookies or analytics.
You must have a lawful basis to email recipients and to upload any personal data. Do not use the Service for unsolicited or unlawful messaging.
The Service is not intended for children under 16, and we do not knowingly collect their data.
We may update this policy. Material changes will be noted by updating the "Last updated" date and, where required, providing additional notice. Continued use after an update means you accept the revised policy.
Questions or requests: support@peerborough.com. Peerborough, Inc. 5F v1116, 6, Teheran-ro 79-gil, Gangnam-gu Seoul, Republic of Korea Website: https://dropfill.ai