Welcome to Drop, developed by wasabi.cat ("we," "us," or "our"). Drop is an audio recording ecosystem comprising an iOS app and a macOS menu bar companion app, designed to help musicians capture raw ideas without compromising privacy. We believe your unreleased audio belongs to you alone.
This Privacy Policy explains how we collect, use, store, and protect your information when you use Drop. By using Drop, you agree to the practices described in this policy. If you do not agree, please discontinue use of the app.
01 Information We Collect
1.1 Audio Recordings and Metadata
Drop stores your audio recordings and associated metadata (file names, timestamps, recording duration) exclusively in your personal iCloud account via Apple's CloudKit Private Database. This means:
- Your data is stored in your own private iCloud container, managed entirely by you through your Apple ID.
- We do not operate any servers that store, process, or transmit your audio files.
- We have zero access to your recordings. We cannot listen to, view, read, copy, or share your audio under any circumstances.
- No public CloudKit databases are used. Your data is never visible to other users or to us.
1.2 Purchase and Subscription Data
To manage Drop Pro purchases, we use RevenueCat, a third-party subscription management service. RevenueCat processes the following minimal data:
- An anonymous App User ID (not tied to your real identity)
- Apple receipt data (to validate your purchase)
- Basic device information (device type, OS version)
RevenueCat does not have access to your audio files, personal identity, or Apple ID.
1.3 Crash & Error Reporting
To monitor app stability and fix issues, Drop uses Sentry, a crash and error reporting service. Sentry is configured to collect only the minimum data needed to diagnose problems:
- Crash reports and error stack traces
- Basic device information (device type, OS version) and app version
Sentry is explicitly configured to not collect:
- No IP addresses (IP address collection is disabled)
- No user identifiers (no user IDs, device IDs, or any form of user tracking)
- No personal data of any kind
All crash data is fully anonymous and is processed on Sentry's EU-based servers (located in the European Union). Sentry does not have access to your audio files or any personal information.
1.4 Information We Do NOT Collect
We want to be explicit about what we never collect:
- No names, email addresses, or contact information
- No location or GPS data
- No in-app usage analytics or behavioral tracking
- No IDFA and no advertising identifiers used to track you across apps or websites
- No browsing history or cross-app tracking data
- No health, financial, or biometric data
1.5 Apple Search Ads Attribution
We occasionally run promotional campaigns for Drop on the Apple App Store using Apple Search Ads. To measure whether those campaigns are working, Drop uses Apple's AdServices framework to obtain an attribution token from Apple. RevenueCat uses this token to request attribution information from Apple, such as whether the install was attributed to an Apple Search Ads campaign.
- We do not use IDFA (the device advertising identifier). Drop does not request App Tracking Transparency permission because we do not track you across apps or websites.
- The attribution token is provided through Apple's privacy-preserving AdServices framework. It does not directly identify you.
- We use this information only for aggregate analytics, such as understanding in RevenueCat whether purchases came from Apple Search Ads. We do not use it to show ads in Drop, personalize the app, or track you across other apps or websites.
- Drop does not show ads inside the app. This is solely about measuring our own App Store campaigns.
02 How We Use Your Information
The limited data we process is used solely for the following purposes:
- Subscription validation: RevenueCat verifies your Drop Pro purchase status so the app can unlock the appropriate features.
- App functionality: CloudKit syncs your recordings between your iOS and macOS devices through your personal iCloud account.
- App stability: Sentry collects anonymous crash and error reports so we can identify and fix bugs, improving the reliability of Drop for all users.
- App Store campaign measurement: When available, RevenueCat receives an Apple Search Ads attribution token from Apple's AdServices framework so we can see, in aggregate, whether purchases came from one of our App Store campaigns. This is for analytics only. Drop does not show ads.
We do not use your data for targeted advertising, profiling, marketing communications, or tracking across apps or websites. Apple Search Ads attribution is used only to measure our own App Store campaigns in aggregate.
04 Storage, Retention & Deletion
4.1 Audio Data
Your recordings are stored in your personal iCloud account via CloudKit's Private Database. You have full control over this data:
- You can delete recordings at any time directly within the Drop app or through your iCloud storage settings.
- When you delete a recording, it is removed from your iCloud account in accordance with Apple's data deletion policies.
- If you delete the Drop app, your recordings remain in your iCloud account until you manually remove them.
4.2 Purchase Data
RevenueCat retains anonymized subscription data for as long as needed to provide subscription management services. This data is not linked to your personal identity. You can learn more about RevenueCat's data practices at revenuecat.com/privacy.
4.3 Account Deletion
Since Drop does not create user accounts and does not store personal data on its own servers, there is no account to delete on our end. To remove all data associated with Drop:
- Delete your recordings within the Drop app.
- Remove the Drop app from your devices.
- Manage any remaining iCloud data through your Apple ID settings.
05 Data Security
We take the security of your data seriously:
- All audio data is protected by Apple's iCloud security infrastructure, including encryption in transit and at rest.
- We do not operate our own servers or databases, which eliminates an entire category of security risk.
- RevenueCat follows industry-standard security practices for handling subscription data.
While no system can guarantee absolute security, our architecture is specifically designed to minimize risk by keeping your data under your control and within Apple's secure ecosystem.
06 International Data Transfers
Drop is available worldwide. Your audio recordings remain within Apple's iCloud infrastructure and are subject to Apple's own data handling and transfer practices, which you can review in Apple's Privacy Policy.
RevenueCat may process anonymized subscription data in the United States or other countries where their servers are located. RevenueCat implements appropriate safeguards for international data transfers, including compliance with applicable data protection frameworks. For more details, see RevenueCat's privacy policy.
Sentry processes anonymous crash report data exclusively on EU-based servers, ensuring that this data remains within the European Union and is subject to GDPR protections. No personal data, IP addresses, or user identifiers are included in the data sent to Sentry.
07 Your Rights Under GDPR
If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent legislation:
- Right of access: Request confirmation of whether we process your personal data and obtain a copy of it.
- Right to rectification: Request correction of inaccurate personal data.
- Right to erasure: Request deletion of your personal data.
- Right to restriction of processing: Request that we limit how we use your data.
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to object: Object to processing of your personal data.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
Legal basis for processing: The minimal purchase data processed by RevenueCat is necessary for the performance of a contract (delivering your Drop Pro purchase). Apple Search Ads attribution is processed on the basis of our legitimate interest in measuring the effectiveness of our own App Store campaigns. We do not process data for profiling or cross-app tracking purposes.
Data controller: wasabi.cat is the data controller for any personal data processed in connection with Drop.
Apple Search Ads attribution is not used to identify individual users, and we do not maintain a separate advertising profile that can be accessed, edited, or deleted separately from RevenueCat purchase records.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. In Catalonia/Spain, this is the Agència Catalana de Protecció de Dades (APDCAT) or the Agencia Española de Protección de Datos (AEPD).
08 Your Rights Under CCPA/CPRA
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights:
- Right to know: Request details about the categories and specific pieces of personal information we collect.
- Right to delete: Request deletion of personal information we hold about you.
- Right to opt-out of sale or sharing: We do not sell or share your personal information. No opt-out is necessary, but we state this explicitly as required.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, contact us using the details in Section 11.
09 Children's Privacy
Drop is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. Since Drop does not collect names, email addresses, account profiles, or other directly identifying information from users, this risk is inherently minimized by our architecture.
If you believe a child has somehow provided personal data in connection with Drop, please contact us and we will take steps to address it.
10 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:
- We will update the "Last Updated" date at the top of this policy.
- For significant changes, we will provide notice through the Drop app or on our website.
- Your continued use of Drop after any changes constitutes acceptance of the updated policy.
We encourage you to review this policy periodically.
11 Contact Us
If you have questions about this Privacy Policy, want to exercise your data protection rights, or have concerns about how your data is handled, you can reach us at:
wasabi.cat
Apartat de correus 17
08392 Sant Andreu de Llavaneres
Barcelona, Spain
Email: business@wasabi.cat
Website: wasabi.cat
YouTube: WasabiNoise
You may also reach us through the support channels listed within the Drop app.
12 Additional Disclosures
12.1 Apple App Store
Drop's privacy practices are also summarized in our App Store privacy nutrition labels. These labels reflect the disclosures made in this policy.
12.2 Cookies and Tracking Technologies
Drop does not use cookies, web beacons, pixels, or any other tracking technologies within the app.
12.3 Do Not Track
Drop does not track users across third-party websites or services, and therefore does not respond to Do Not Track (DNT) signals, as there is no tracking to disable.
12.4 Governing Law
This Privacy Policy is governed by the laws of Spain and the European Union, including the GDPR. Any disputes relating to this policy shall be subject to the jurisdiction of the courts of Barcelona, Spain.