NameDrop

Privacy Policy

Last updated: April 16, 2026

1. Introduction

Qurb LLC, doing business as NameDrop, operates namedrop.io and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, APIs, browser extensions, and third-party integrations (collectively, the "Service"). NameDrop is a name pronunciation platform that allows you to record how your name is pronounced, create a public profile page with your name audio, bio, social links, and organizational information, and integrate your profile across enterprise platforms. Please read this policy carefully. If you do not agree with our practices, please do not use the Service. Your use of NameDrop indicates your acceptance of this Privacy Policy.

2. What Personal Information We Collect

Information You Provide Directly

  • Account Information: Name, email address, username, password, phone number (optional), company or organization name, job title, and authentication data linked through Hellō (our identity provider).
  • Profile Content: Profile photo or avatar, biography or "about me" text, social media links (LinkedIn, Twitter, etc.), organizational affiliations, and any other profile details you choose to add.
  • Voice Recordings: Audio files of you pronouncing your name, captured through the NameDrop platform. These recordings are stored and displayed publicly on your profile page.
  • Pronunciation Preferences: Your preferred pronunciation variants, alternative spellings, phonetic guidance, or notes about how to pronounce your name.
  • Payment Information: Billing address, payment method details (processed securely by Stripe, our third-party payment processor). We do not store full credit card numbers; Stripe handles tokenization and PCI compliance.
  • Communications: Any messages, support requests, feedback, or correspondence you send to us via email or in-app channels.

Information Collected Automatically

  • Device and Browser Information: IP address, device type, operating system, browser type and version, referral source, and pages visited within our Service.
  • Usage Analytics: How you interact with the Service, including features used, profile views, audio playback events, and session duration. We use Google Analytics to collect this data; see the section on Google Analytics below.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking mechanisms to personalize your experience, maintain your session, and understand usage patterns. See our Cookie Policy for details.
  • Location Data: Approximate location inferred from IP address (not precise geolocation unless you provide it).

Information From Third Parties

  • Authentication Provider (Hellō): When you sign in via Hellō, we receive your verified identity information, including name, email, and other identity attributes you authorize.
  • Enterprise SSO: For enterprise customers, we may receive user information from your organization's identity provider (Okta, Azure AD, etc.) during provisioning or single sign-on flows.
  • Service Providers: Payment processors (Stripe), hosting providers (AWS), and analytics platforms may share aggregated or anonymized data about your account.

3. How We Use Your Information

  • Provide the Service: Create and maintain your account, store and deliver your name pronunciation audio, display your profile page, process payments, and deliver all features you request.
  • Display Public Profiles: Publish your profile page on namedrop.io and make it accessible and searchable by default. This includes indexing by search engines and AI services unless you opt out via your dashboard privacy settings.
  • Enterprise Integrations: Enable your profile to be integrated into email signatures, Outlook add-ins, Teams apps, Slack apps, Chrome extensions, and APIs for enterprise customers.
  • Service Communications: Send you transactional emails (account activation, password resets, payment confirmations) and service updates. These are sent regardless of marketing preferences.
  • Marketing and Outreach: Send you promotional emails, newsletters, and product updates if you have opted in to marketing communications. You can unsubscribe at any time.
  • Improve and Optimize: Analyze usage patterns, improve platform features, conduct A/B testing, and enhance the user experience. This is based on legitimate interests.
  • Security and Fraud Prevention: Detect, prevent, and address fraudulent activity, abuse, security risks, and technical issues.
  • Legal Compliance: Comply with applicable laws, regulations, court orders, and government requests, such as data subject access requests under GDPR or CCPA.
  • Business Operations: Generate analytics reports for enterprise customers, manage support tickets, and optimize billing.

Important: AI Training. We NEVER use your voice recordings, name, profile information, or any personal data to train artificial intelligence, machine learning models, or large language models. Your data is used solely for the purposes stated in this policy and is not sold or shared with AI training providers.

4. Lawful Bases for Processing (GDPR)

If you are located in the European Union, United Kingdom, or other jurisdictions with GDPR-equivalent laws, we process your personal data under the following lawful bases:

  • Article 6(1)(b) — Performance of Contract: Processing necessary to provide the Service, including account creation, profile creation, payment processing, and enterprise integration.
  • Article 6(1)(f) — Legitimate Interests: Analytics, security, fraud prevention, platform optimization, and public profile indexing (with notice and easy opt-out). We have balanced these interests against your rights and determined they are legitimate.
  • Article 6(1)(a) — Consent: Marketing emails and non-essential cookies. You can withdraw consent at any time by unsubscribing or adjusting cookie preferences.
  • Article 6(1)(c) — Legal Obligation: Compliance with tax laws, financial regulations, and legal process requests.

5. Public Profiles and Search Engine Indexing

By default, your NameDrop profile is publicly accessible and searchable. Your profile URL (namedrop.io/username) is indexed by search engines including Google, Bing, and others. Your profile may also be accessed by AI services and language models through search engines and crawlers. This public indexing is necessary to achieve the core purpose of NameDrop: making your name pronunciation widely available to anyone who needs to learn how to pronounce your name.

Opt-Out Option: You can prevent your profile from being indexed and made discoverable by:

  • Toggling the "Public Listing" privacy setting in your NameDrop dashboard to "Private."
  • Changing this setting at any time without penalty.
  • Once set to Private, your profile will not be included in our sitemap, and we will request search engines remove your profile from their indexes (via robots.txt and removal requests).

The legal basis for public indexing by default is legitimate interests under GDPR Article 6(1)(f), as making name pronunciations discoverable is central to our service's value. This is balanced by transparency (this policy), notice (visible in your dashboard), and your easy opt-out right (one click to set Private). For CCPA purposes, this is not a "sale" of personal information, but a necessary disclosure for functionality.

6. Voice Recordings and Biometric Data

Your voice recordings are stored in AWS infrastructure in eu-west-1 (Ireland) and are encrypted at rest using AES-256 encryption. Your recordings are publicly accessible on your profile page (unless your profile is set to Private). You can delete your recordings at any time by deleting your account or by requesting deletion via privacy@namedrop.io.

Biometric Data: In some jurisdictions, voice recordings may constitute "biometric data" or "biometric identifiers" under laws such as the Illinois Biometric Information Privacy Act (BIPA). We process your voice recordings solely for the stated purpose of name pronunciation recording and playback. We do not use your voice to create voice profiles, conduct voice recognition, or train biometric models. We do not share your voice with third parties for biometric purposes.

AI Voice Feature: NameDrop offers an optional "AI Voice" feature that synthesizes your name pronunciation using Eleven Labs' text-to-speech API. When you use this feature, Eleven Labs receives only the phonetic text input (not your voice recordings). Eleven Labs does not retain the text input and does not use it to train models. For details, see Eleven Labs Privacy Policy.

7. Sharing and Disclosure of Your Information

Service Providers: We share personal data with service providers who assist us in operating the platform, including:

  • AWS (Infrastructure): Hosting, storage, database, encryption, and compute services.
  • Stripe (Payments): Billing and payment processing. Stripe is PCI DSS compliant and does not share your payment data with us in full.
  • Hellō (Authentication): Identity verification and single sign-on.
  • Google Analytics: Web analytics and user behavior insights. See section on Google Analytics below.
  • Elevenlabs (AI Voice): Optional text-to-speech service for synthesized name pronunciation audio.
  • Sentry (Error Tracking): Application error and performance monitoring.

For a complete list of sub-processors, please visit our Sub-Processors page.

Legal Requirements and Business Transfers: We may disclose your information if required by law, court order, government request, or in the event of a merger, acquisition, bankruptcy, or other business transaction. If we sell, merge, or transfer our business, we will provide notice and obtain consent where required by law.

What We Do NOT Do:

  • We do NOT sell your personal data to third parties for money or other consideration.
  • We do NOT share your personal data with third parties for cross-context behavioral advertising.
  • We do NOT disclose your voice recordings or payment information to non-service providers.

8. International Data Transfers

NameDrop is operated by Qurb LLC, a California corporation. Your personal data is stored primarily in AWS eu-west-1 (Ireland), which is within the European Economic Area. For any transfers of data outside the EEA or UK to the United States or other third countries, we rely on:

  • Standard Contractual Clauses (SCCs): Agreements between NameDrop and our service providers that include SCCs approved by the European Commission.
  • Adequacy Decisions: Transfer mechanisms certified under relevant legal frameworks (e.g., EU-US arrangements).

Our service providers (Stripe, Google, Hellō, Elevenlabs, Sentry) implement appropriate safeguards, including encryption, access controls, and contractual commitments, to protect your data during transfer and processing.

9. Data Retention

  • Active Accounts: Your personal data, profile information, and voice recordings are retained while your account is active.
  • Deleted Accounts: When you request account deletion, we purge your personal data, profile, and voice recordings from our primary systems within 30 days. Encrypted backups are retained for up to 90 days for disaster recovery purposes, after which they are securely destroyed.
  • Analytics Data: Google Analytics data is aggregated and anonymized after 26 months.
  • Support Tickets and Communications: Retained for 1 year after closure to handle disputes and improve service.
  • Billing and Tax Records: Retained for the duration required by applicable tax and financial regulations (typically 7 years in the US).

10. Your Privacy Rights

GDPR Rights (EU, UK, and EEA)
If you are located in the EU, UK, or other jurisdictions with GDPR-equivalent laws, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data under certain conditions (e.g., data no longer necessary, withdrawn consent).
  • Right to Restriction of Processing: Request that we limit how we use your data.
  • Right to Data Portability: Request a copy of your data in a commonly used, machine-readable format so you can transfer it to another service.
  • Right to Object: Object to processing based on legitimate interests (including profiling and analytics).
  • Right to Withdraw Consent: If we process data based on your consent (e.g., marketing emails), you can withdraw consent at any time.
  • Right to Lodge a Complaint: Contact your local supervisory authority (data protection authority) if you believe we have violated your rights.

CCPA/CPRA Rights (California)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:

  • Right to Know: Request what personal information we collect, categories of sources, purposes of use, and categories of third parties who receive your data.
  • Right to Delete: Request deletion of personal information we have collected (subject to certain exceptions, such as legal obligations).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale: Opt out of any sale of personal information. We do not sell your personal information; however, you may make this request to confirm.
  • Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information (such as voice biometrics, payment information) to necessary business purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights (no denial of service, degradation of service, or higher prices).
  • Right to Opt-Out of Profiling: Opt out of automated profiling or decision-making that produces legally significant effects.

How to Exercise Your Rights
To exercise any of the above rights, please submit a request to privacy@namedrop.io with:

  • Your full name and email address associated with your account.
  • A description of your request (e.g., "I request a copy of my personal data").
  • Any supporting documentation.

Response Timeline: We will respond to your request within 30 days under GDPR and 45 days under CCPA. If we need additional time, we will notify you. For complex requests or if we cannot verify your identity, we may ask for additional information. We do not charge a fee unless your request is manifestly unfounded or excessive, in which case we will notify you and explain our reasoning.

Verification Process (CCPA): To protect your privacy and security, we will verify your identity before responding to CCPA requests. Verification may include confirming your email address, requesting a copy of your ID, or asking questions only you can answer (such as your account creation date).

11. CCPA/CPRA Notice at Collection

Categories of Personal Information Collected

  • Identifiers (name, email, username, IP address, device ID)
  • Commercial information (account type, payment history, purchases)
  • Internet activity (pages visited, referral source, browser type)
  • Biometric information (voice recordings of name pronunciation, voice biometrics)
  • Location data (inferred from IP address)
  • Professional or employment information (job title, company name)
  • Audio and visual information (profile photos, voice recordings)

Categories of Sources

  • Directly from you (account signup, profile creation, payments)
  • Your devices (cookies, IP address, device information)
  • Third parties (authentication providers, enterprise SSO, service providers)

Purposes of Use

  • Provide and improve the Service
  • Process transactions and deliver services
  • Marketing and communications
  • Security and fraud prevention
  • Legal compliance
  • Analytics and user research

Sale of Personal Information
NameDrop does NOT sell personal information for money or valuable consideration. We do not sell your data to data brokers, advertisers, or other third parties.

Sharing for Cross-Context Behavioral Advertising
NameDrop does NOT share your personal information with third parties for cross-context behavioral advertising. We do not engage in targeted advertising practices that combine your data across multiple services or contexts.

Data Retention Under CCPA
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law. See Section 9 (Data Retention) for retention periods.

12. Google Analytics

We use Google Analytics to understand how users interact with our Service. Google Analytics collects information such as pages visited, session duration, referral source, and user demographics. Google may set cookies on your device and collect data according to their own privacy policy.

Opt-Out: You can opt out of Google Analytics by:

For more information, see Google's Privacy Policy.

13. Cookies and Tracking Technologies

NameDrop uses cookies and similar tracking technologies to enhance your experience, maintain your session, and gather analytics. Types of cookies we use include:

  • Essential Cookies: Necessary for authentication, session management, and basic platform functionality.
  • Analytics Cookies: Google Analytics and other analytics providers use cookies to track usage and user behavior.
  • Marketing Cookies: If you have opted in to marketing emails, we may use cookies to track engagement with those emails.

Cookie Preferences: You can control cookie preferences through your browser settings or our Cookie Consent Banner. We honor "Do Not Track" (DNT) browser signals and will not set non-essential cookies if DNT is enabled. For more details, see our Cookie Policy.

14. Children's Privacy

NameDrop is intended for users age 13 and older. We do not knowingly collect or solicit personal information from children under 13. If we become aware that we have collected information from a child under 13, we will immediately delete such information. Under the Children's Online Privacy Protection Act (COPPA) in the United States, parents or guardians of children under 13 can request deletion of their child's data by contacting privacy@namedrop.io.

For users ages 13-17, we apply additional safeguards, including limiting marketing communications and not using precise location data.

15. Healthcare and HIPAA Considerations

NameDrop is designed to be compatible with healthcare settings and HR/onboarding processes. However, we do not sign Business Associate Agreements (BAAs) or make HIPAA-specific compliance guarantees. If you are a healthcare organization using NameDrop and require a BAA or HIPAA certification, please contact us at privacy@namedrop.io to discuss your requirements. Healthcare data should be treated in accordance with your organization's privacy policies and applicable healthcare regulations.

16. Security

NameDrop implements comprehensive security measures to protect your personal data:

  • Encryption at Rest: All data stored in AWS is encrypted using AES-256 encryption.
  • Encryption in Transit: All communication between your device and our servers uses TLS 1.2 or higher (HTTPS).
  • AWS Infrastructure: We leverage AWS's physical security, network security, and compliance certifications. For details, see AWS Security.
  • Authentication: We use AWS Cognito for secure user authentication, with multi-factor authentication (MFA) available.
  • Access Controls: We limit employee access to personal data to those with a legitimate business need.
  • Regular Security Reviews: We conduct periodic security audits and penetration testing to identify and remediate vulnerabilities.

Note: While we implement strong security measures, no system is completely secure. If you believe your data has been compromised, please contact us immediately at privacy@namedrop.io.

17. Third-Party Links

Our Service may contain links to third-party websites, apps, and services, including social media platforms, enterprise tools, and external resources. We are not responsible for the privacy practices, content, or security of third-party sites. This Privacy Policy applies only to NameDrop. We encourage you to review the privacy policies of any third-party sites before providing your information.

18. Data Breach Notification

In the event of a security breach that compromises personal data, we will:

  • Notify affected users as soon as possible, without unreasonable delay.
  • Notify relevant regulatory authorities as required by applicable law (e.g., within 72 hours under GDPR).
  • Provide information about the breach, the types of data affected, and steps you can take to protect yourself.

19. Data Protection Officer and EU/UK Representative

  • Data Protection Officer (DPO): Keshav Malani
    Email: privacy@namedrop.io
  • EU/UK Representative (Article 27 GDPR / UK GDPR): Shruti Malani Krishnan
    Email: privacy@namedrop.io

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be announced by posting the updated policy on our website and notifying you by email. Your continued use of the Service after such updates indicates your acceptance of the revised Privacy Policy. Please review this policy periodically to stay informed of how we protect your information.

21. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the State of California, without regard to conflict of law principles. However, to the extent that GDPR, CCPA, or other jurisdictional privacy laws apply to you, those laws will govern your privacy rights. Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of the state and federal courts located in California.

22. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:

  • Email: privacy@namedrop.io
  • Mailing Address:
    Qurb LLC (dba NameDrop)
    5984 Lombard St
    Dublin, CA 94568
    United States
  • Data Protection Officer: Keshav Malani, privacy@namedrop.io
  • EU/UK Representative: Shruti Malani Krishnan, privacy@namedrop.io

Response Time: We will respond to all privacy inquiries and rights requests within 30 days (GDPR) or 45 days (CCPA), or as otherwise required by applicable law.

Last Updated: April 16, 2026. This Privacy Policy replaces all previous versions.