Privacy policy

Last updated: July 1, 2026

In short

Dropward is an NFC badge that, when tapped, opens a public emergency profile (blood type, allergies, conditions, medications, emergency contacts) meant for a first responder or a relative. This profile contains health data, a special category protected by the GDPR. We process it only to provide this service, on the basis of your explicit consent, and you stay in control: you can edit, hide or delete your profile at any time.

Data controller

The controller of your personal data is EACHR (French sole proprietorship, Elodie Dumay), 15 rue de Sully 21850 SAINT-APOLLINAIRE. For any question about your data or to exercise your rights, email contact@dropward.life.

Data we process

Account and identity

  • Email address, and where applicable your first and last name.
  • One-time code (OTP) sent by email, or sign-in with Google, to authenticate you.

Your emergency profile (health data)

  • Display name, optional photo, date of birth, sex, height and weight.
  • Blood type, organ donor status, allergies, conditions, medications, and a free-text note you choose to add.

Emergency contacts

  • Name, relationship (spouse, parent, doctor…) and phone number of the contacts you add. This information concerns third parties (see below).

Document photo (auto-fill)

  • If you use auto-fill, the photo of a document (blood type card, prescription, allergy card) is sent to extract its information. This photo is never kept: it is processed then deleted (see “Auto-fill from a photo”).

Order and delivery

  • Delivery address, order email and your badge order history.

Payment

  • Payments are processed by Stripe. We never store your card details; they are sent directly to Stripe.

Technical and security data

  • Data strictly necessary to run the service (session, language) and to keep it secure: in particular your IP address, used to rate-limit access attempts and prevent bulk harvesting of profiles (see “Security”). No advertising cookies, no marketing tracking.

Health data and consent

The information in your profile is health data, a special category under article 9 of the GDPR. We process it on the basis of your explicit consent (article 9(2)(a)), which you give by creating and publishing your profile.

This consent is freely given and revocable: you can at any time edit your information, remove your profile from public view, or delete it entirely. Withdrawing consent does not affect past processing but ends processing for the future.

A deliberately public profile

The very point of Dropward is that a first responder or a relative reaches your vital info with no app, no account and no password. You must therefore be fully aware that anyone who taps your badge, scans the QR code or knows your profile’s address can view the information you publish there, including health data.

We limit this risk: your profile’s address is a long, non-guessable identifier, the pages are not indexed by search engines, and access is governed by anti-harvesting limits (see “Security”). It is up to you to only enter what you are comfortable making visible in this emergency context.

Auto-fill from a photo

To spare you tedious typing, you can photograph a medical document: the image is sent to our artificial-intelligence provider Anthropic (Claude service), which extracts the fields (blood type, allergies, medications…) as structured text.

  • The photo is never stored by Dropward, nor kept to train a model: it is processed then deleted.
  • The extraction is only a suggestion: nothing is saved until you have reviewed and confirmed each field. This matters most for blood type, where a misread would be dangerous.
  • This processing relies on the same explicit consent as the rest of your profile. Auto-fill is optional: you can always enter everything by hand.

Emergency contacts

When you add an emergency contact, you give us a third party’s data (their name and number). We display it in your profile for the sole purpose of letting a first responder reach them manually; Dropward never places an automatic call. It is your responsibility to make sure that person agrees to appear as an emergency contact and to inform them that their number will be visible in this context.

Purposes and legal bases

  • Host and display your emergency profile (health data): explicit consent (article 9(2)(a) of the GDPR).
  • Create and manage your account, activate your badge: performance of the contract.
  • Process and deliver your badge orders: performance of the contract.
  • Issue and keep invoices: legal obligation.
  • Send you emails related to your account and orders: performance of the contract.
  • Keep the service secure, rate-limit abusive access and prevent harvesting of other people’s profiles: legitimate interest.

Recipients and processors

We rely on providers that process data on our behalf, solely as part of the service:

  • Supabase: database, authentication and file storage, hosted in the European Union (Frankfurt).
  • Anthropic: extraction of information during auto-fill from a photo (the photo is not kept).
  • Stripe: payment processing.
  • Resend: transactional email delivery.
  • Vercel: site hosting.

We never sell or rent your personal data to third parties.

Transfers outside the European Union

Some of our providers (notably Anthropic, Stripe and Vercel) are based in the United States. The corresponding transfers are governed by appropriate safeguards, such as the European Commission’s standard contractual clauses. Your profile data itself is hosted in the European Union.

Retention

  • Emergency profile and health data: kept as long as your account is active; deleted when you delete your profile or account, or when you withdraw your consent.
  • Account data: as long as your account is active, then deleted upon your request.
  • Photo sent for auto-fill: not kept (deleted after processing).
  • Order data and invoices: kept for the period required by accounting and tax obligations (up to 10 years).
  • Technical and security logs (including IP address): kept for a short time, as long as needed to limit abuse.

Minors

A Dropward account holder must be of legal age. An emergency profile may relate to a minor (for example an allergic child), provided it is created and managed by a parent or legal guardian, who gives consent to the processing of the child’s health data and takes responsibility for it.

Your rights

You have the right to access, rectify, erase, restrict, object to and port your data, as well as the right to withdraw your consent at any time. To exercise them, email contact@dropward.life. You may also lodge a complaint with the French data protection authority (CNIL): cnil.fr.

Security

Because the profile is public by design, your badge code and your profile’s address are the main barrier protecting the health data. We put appropriate measures in place: long, non-guessable profile addresses, encryption in transit, data hosted in the European Union, pages not indexed by search engines, and anti-harvesting limits (rate-limiting access per IP address and detecting enumeration attempts).

Cookies

We only use strictly necessary cookies: a session cookie to keep you signed in and a cookie remembering your language. No advertising cookies, no third-party tracking.