.png)
Does Dropcontact store/exploit my data?
Does Dropcontact store or exploit my data?
No. Dropcontact does not store, sell, or reuse your contact data. Your data is encrypted and stored temporarily only to provide you with a backup of contacts "before processing." This data never leaves your account.
How Dropcontact processes your data
Dropcontact operates fundamentally differently from most B2B enrichment solutions:
- No contact database: Dropcontact does not build, purchase, scrape, or maintain any database of personal information
- Real-time processing: Results are generated dynamically using proprietary algorithms that process only first name, last name, and company name
- No data retention: Contact data is not stored or reused after processing: it's returned to you and immediately discarded from our systems
- EU-only processing: All processing happens exclusively on European servers (France, Ireland, Germany)
What happens when you enrich a contact?
- You provide minimal input: first name, last name, company name
- Dropcontact processes this data in real time to find and verify the professional email
- The enriched result is returned to your CRM, file, or integration
- Dropcontact does not store or reuse that data afterward
Your enriched data stays in your systems. Dropcontact acts as a data processor, not a data collector.
GDPR compliance by design
Dropcontact is the only B2B contact enrichment solution to have been audited by the CNIL (France's data protection authority, one of the most stringent worldwide). The 2019 audit included full access to Dropcontact's servers, stored data, and source codeâand validated complete GDPR compliance.
Because Dropcontact does not store personal data in a database:
- No obligations to inform data subjects about data collection
- No need to provide access, rectification, or deletion mechanisms
- No GDPR liability transferred to you as our customer
Under GDPR, data protection obligations arise when personal data is collected and stored in a database. Since Dropcontact does not store personal data, these obligations do not apply.
Data Processing Agreement (DPA)
Dropcontact operates as a data processor under GDPR when enriching your contacts. The relationship is governed by our Data Processing Agreement (DPA), which defines:
- Purpose of processing: cleaning, correcting, synchronizing, enriching contact data
- Categories of data: professional B2B contact data only (names, company, job titles, business email addresses, LinkedIn URLs)
- Subprocessors: AWS (Ireland), Scaleway (France), OVH (France), IONOS (Germany)âall with EU servers
- Security measures: SSL/TLS encryption, access controls, confidentiality commitments
- Data deletion: All personal data is destroyed within one month after service termination
Full DPA available at: https://www.dropcontact.com/data-protection-agreement
Security and privacy measures
Dropcontact implements technical and organizational security measures including:
- Encryption of data in transit using SSL/TLS protocols
- Access control and role-based segregation
- Two-factor authentication (2FA) for platform access
- Security audits and code reviews
- Staff training on data protection
Independent security audits (CASA Validation) are available upon request at: data@dropcontact.io
Why this approach matters
Most enrichment providers rely on massive databases of personal information: purchased lists, scraped contacts, or user-contributed data. These practices create GDPR risks because:
- Data subjects never consented to be in those databases
- They cannot exercise their rights (access, deletion, correction)
- The data becomes outdated quickly (33% obsolescence per year)
Dropcontact eliminates these risks entirely. No database = no storage = no GDPR liability = always up-to-date data.
Contact for data protection questions
For privacy or security inquiries: data@dropcontact.io
Related documentation: