Drop of Light

Legal

Privacy Policy

Last updated: May 11, 2026

1. Who We Are

Drop of Light is operated by Viktor Apoyan ("we", "us", or "our"). If you have privacy questions or requests, contact us at vapoyan@gmail.com.

2. Scope

This Privacy Policy explains how we collect, use, store, and share personal data when you use the Drop of Light website and related services.

Drop of Light serves a global audience and is developed and hosted in the EU. We align this policy with EU privacy principles, including GDPR.

3. Age Requirement

You must be at least 13 years old to use this service. If you are under the age of digital consent in your country, you may use the service only with parent or legal guardian permission.

4. Data We Collect

Depending on how you use Drop of Light, we may collect:

  • Account data: first name, last name, email address, display/profile name, account role, and language preference.
  • Authentication and security data: password hash and salt, session identifiers, sign-in status, email verification status, and security logs.
  • Donation data: donation amount, currency, donation status, supported project, optional public display name, optional message, and timestamps.
  • Payment references: PayPal provider references (for example order/capture IDs and webhook event IDs) needed to process and reconcile payments.
  • Technical/usage data required for operation and security, including request metadata and abuse/rate-limit events.

5. Data We Do Not Use for Tracking

We do not run advertising trackers or behavioral analytics for profiling. We do not use your data for targeted advertising.

6. Cookies

We currently use limited cookies that are necessary for service operation:

  • blessed_session: keeps you signed in and secures account access.
  • NEXT_LOCALE: remembers your language preference.

7. Why We Process Your Data (Legal Bases)

Under GDPR, we process personal data on these bases:

  • Contract performance: to create accounts, process donations, and provide core platform features.
  • Legitimate interests: to secure the platform, prevent abuse, and maintain reliability.
  • Legal obligations: to keep records required for tax, accounting, anti-fraud, or similar compliance.
  • Consent: where consent is required for specific processing.

8. Sharing of Data

We share data only when needed to run the service, including with:

  • Payment processors (PayPal) for donation processing.
  • Authentication/infrastructure providers (such as Firebase services).
  • Service providers that host, secure, and maintain the platform.
  • Authorities or legal counterparties when required by law.
  • We do not sell personal data.

9. Data Retention

We retain personal data only as long as necessary for the purposes above, including legal and accounting obligations.

If you delete your account, your profile and access data are deleted. Donation records may be retained for legal/accounting reasons and are anonymized so they no longer directly identify you.

10. International Data Use

Drop of Light is developed and hosted in the EU, but some providers may process data in other countries. Where required, we apply appropriate safeguards for international transfers.

11. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, request portability, and lodge a complaint with a supervisory authority.

To make a request, contact vapoyan@gmail.com. We may need to verify your identity before completing a request.

12. Security

We use technical and organizational measures designed to protect personal data, including access controls, session security, and abuse protection. No method of storage or transmission is completely risk-free.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date.

14. Contact

Operator: Viktor Apoyan

Email: vapoyan@gmail.com

Privacy Policy · Drop of Light