drizzle

Privacy Policy

Last updated: May 27, 2026

Drizzle ("Drizzle," "we," "us," or "our") is operated by Pratyush Saxena, an individual sole proprietor located at 42300 Madturkey Run Place, Chantilly, VA 20152. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Drizzle mobile application and the website at https://joindrizzle.com (together, the "Service").

Drizzle is a peer-support community for people living with autoimmune disorders. Because of this, some of the information you choose to share with us is sensitive health information. We take that seriously. Please read this policy carefully.

Drizzle is not a healthcare provider and is not a substitute for professional medical advice. See our Medical Disclaimer.

1. Who this policy applies to

The Service is intended only for people 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us with personal information, contact us at hello@joindrizzle.com and we will delete it.

2. Information we collect

2.1 Information you provide

  • Account information: email address and password (passwords are stored only as salted hashes by our authentication provider; we never see them in plain text).
  • Profile information: display name, username, optional bio, optional avatar/photos, and optional details you choose to add such as age/date of birth, gender, city, country, and diagnosis year.
  • Health-related information you choose to share: the conditions/communities you join, whether you mark yourself as being in a "flare," and the content of posts, comments, and messages you write. You decide what to share and with whom, using Drizzle's per-field and per-circle privacy controls.
  • Communications: reports you file, condition requests, feedback you send us, and support requests.

2.2 Information collected automatically

  • Technical/device data: IP address, device type and operating system, app version, and basic log data, used to operate the Service, prevent abuse, and apply rate limits.
  • Authentication cookies/tokens: on the web we use first-party session cookies; in the mobile app we store your session token securely on your device (encrypted keychain/keystore). These are strictly necessary to keep you signed in.

2.3 What we do not do

  • We do not sell your personal information.
  • We do not use third-party advertising or behavioral-tracking SDKs. We do not run Google Analytics, Meta Pixel, or similar trackers.
  • We do not share your health information with advertisers or data brokers.

3. How we use your information

We use your information to:

  • create and operate your account and profile;
  • deliver core features (feed, posts, comments, reactions, communities, circles, connections, messaging, notifications, search, bookmarks);
  • enforce your privacy choices about who can see each piece of your profile and activity;
  • keep the community safe — detect and act on reports, abuse, spam, and crisis-related content;
  • send transactional emails (e.g., password reset, and notifications you have opted into);
  • provide customer support and respond to your requests;
  • comply with legal obligations and enforce our Terms of Service and Community Guidelines.

Legal bases (GDPR / UK GDPR)

Where the EU/UK GDPR applies, we rely on: performance of a contract (to provide the Service you sign up for); your consent (for optional profile fields, health information you choose to share, and optional email notifications — you may withdraw consent at any time); legitimate interests (security, abuse prevention, and improving the Service, balanced against your rights); and legal obligation (to comply with applicable law). Because Drizzle involves health data, we process the special-category information you choose to provide on the basis of your explicit consent, which you give by choosing to share it and which you can withdraw by editing or deleting that information or your account.

4. How your information is shared

  • With other users, according to your privacy settings. Every profile field and your activity can be set to public, visible to your groups, visible to your connections, visible to specific circles, or private. Posts are shown only to the audience you select. Anonymous posts hide your identity from other users.

  • With service providers (sub-processors) who process data on our behalf under contract, only to run the Service:

    Sub-processorPurpose
    SupabaseDatabase, authentication, and storage
    Cloudflare R2Image and media storage
    UpstashRate limiting / abuse prevention
    InngestBackground job processing
    ResendTransactional email delivery
    VercelWebsite hosting
    RailwayAPI hosting

  • For legal and safety reasons: we may disclose information if required by law, to respond to lawful requests, to protect the rights, safety, and security of our users or the public, or to investigate fraud or abuse.

  • In a business transfer: if Drizzle is involved in a merger, acquisition, or sale of assets, your information may be transferred, and we will notify you of any change in control or use of your personal information.

5. International data transfers

Drizzle is operated from the United States. Our primary database, authentication, and media storage are hosted in the United States (US East region, AWS us-east-1), and our sub-processors may process data in the United States and other countries. If you are located in the EEA, the UK, or another region with data-transfer restrictions, your information may be transferred to and processed in a country that does not provide the same level of data protection as your home country. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. Contact hello@joindrizzle.com for more information.

6. How long we keep your information

We keep your information for as long as your account is active. When you delete your account, we delete or de-identify your personal information from our active systems, except where we must retain certain data to comply with legal obligations, resolve disputes, prevent abuse, or enforce our agreements. Residual copies may persist in encrypted backups for a limited period before they are overwritten.

7. Your rights and choices

You can, at any time:

  • Access and edit your profile information in the app or on the web.
  • Control visibility of each profile field and your activity (per-field and per-circle).
  • Export your data — request a machine-readable copy of your data from Settings, on both the app and the web.
  • Delete your account — permanently, from Settings (requires confirmation).
  • Opt out of optional emails in Settings; we will still send essential transactional messages (e.g., password reset).

EEA/UK residents (GDPR/UK GDPR)

You have the right to access, rectify, erase, restrict, or object to processing, to data portability, and to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority. To exercise these rights, use the in-app tools or email hello@joindrizzle.com.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect and how we use and disclose it, to request deletion, to correct inaccurate information, and to not be discriminated against for exercising these rights. We do not sell or "share" (as defined by the CPRA) your personal information, and we do not use sensitive personal information for purposes other than providing the Service. To exercise these rights, use the in-app tools or email hello@joindrizzle.com.

8. Security

We protect your information with industry-standard measures including encryption in transit (HTTPS/TLS), encrypted storage of session tokens on devices, row-level security on our database so users can only access data they are permitted to see, server-side input validation, rate limiting, and a content-security policy on the web. No method of transmission or storage is 100% secure, but we work to protect your information and to promptly address vulnerabilities.

9. Crisis and safety information

Drizzle may surface crisis-support resources (such as suicide and crisis hotlines) when content suggests a user may be in distress. These resources are informational only. Drizzle is not an emergency service. If you or someone else is in immediate danger, call your local emergency number.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email before the changes take effect. The "Last updated" date above shows when this policy was last revised.

11. Contact us

Questions, requests, or complaints about privacy:

Privacy Policy · drizzle