Privacy Policy

Last Updated: 2026-05-18

LUCKYISH PTE. LTD. ("NeoDrop", "we", "us", "our"), a company incorporated in Singapore, provides an AI-native content platform that lets users create channels which generate text, image, audio, and video content (the "Service"). This Privacy Policy describes how we collect, use, share, and protect personal information when you use the Service.

Please read the following carefully. Your use of the Service is governed by this Privacy Policy and NeoDrop's Terms of Use. By using the Service, you accept the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Service.

Notices for users in specific regions:

If you are located in the European Economic Area, the United Kingdom, or Switzerland, please also see Appendix A — Notice to European Users.

If you are a resident of the United States, please also see Appendix B — Notice to U.S. Users, including the California-specific notice for California residents.

Additional notices for Japan and Singapore users are in Appendix C.

Users in jurisdictions where French language requirements apply (including Quebec, Canada) may request a French version of this Privacy Policy by emailing [email protected].

Information we collect
How we use your information
AI and your content
Connectors and third-party data sources
How we share your information
Cookies and similar technologies
Data retention
International data transfers
Security
Your choices and rights
Children
Changes to this Policy
How to contact us
Appendices

1. Information we collect

1.1 Information you provide

Depending on how you use the Service, you may provide us with:

Account information, such as your email address, username, password, and any profile information you choose to add (e.g., display name, avatar).
Communications, such as messages you send to our support team, feedback, or survey responses.
Inputs and prompts, such as text, images, audio, or files you submit to the Service to define or operate your channels (collectively, "Input"). Input is processed to generate articles, images, audio, video, or other materials ("Output"). Input and Output are referred to together as "Your Content."
Connector data, when you authorize a third-party service (such as Gmail, YouTube, Outlook, X/Twitter, Notion, Readwise, GitHub, or another supported integration) as a private information source for your channels. See Section 4.
Payment information, such as billing details, transaction history, and payment status. Card numbers and similar payment credentials are processed directly by our payment processor and are not stored by us.
Business information, if you contact us in connection with a potential business or enterprise relationship, such as your business name, legal name, work email, phone number, and other business contact information.

We do not actively collect sensitive personal information (such as government-issued identifiers, health records, financial account details, biometric information, or information about race, ethnicity, political opinions, religion, sexual orientation, or trade union membership). We ask that you not provide us with such information unless we explicitly request it, and please be careful when uploading or generating content that contains personal information about other people.

1.2 Information we collect automatically

When you use the Service, we may automatically collect:

Device and log data, such as IP address, device type, device identifiers, cookie identifiers, user settings and preferences, operating system, browser type, language settings, app version, crash reports, the content you interact with on our Service, and timestamps.
Usage data, such as the channels you create, view, or subscribe to; pages or screens you access; features you use; the time you spend on different parts of the Service; and how you interact with content (including reactions, comments, shares, and saves).
Approximate location, derived from your IP address (e.g., country or region). We do not collect precise GPS location unless you explicitly grant that permission.
Cross-device information. We may attempt to associate your activity on different devices (e.g., mobile and desktop) for purposes such as analytics, security, and consistent experience. To do this, our technology partners may disclose data such as browsing patterns, broad location, and device identifiers, and match information across browsers and devices that appear to be used by the same person.
Cookies and similar technologies, as described in Section 6.

1.3 Information from third parties

We may also receive information about you from:

Third-party login providers (such as Google or Apple), if you choose to sign in using such an account. We receive limited profile information based on the permissions you grant.
Third-party services you connect, as Connectors, on the terms described in Section 4.
Service providers that help us operate the Service, including hosting, analytics, fraud prevention, and customer support providers.
Referrals. If someone uses our referral or invitation features to invite you to the Service, we may receive limited information (such as your email address) to deliver the invitation and to credit referral rewards where applicable.
Social media. If you interact with us on social media platforms (e.g., by liking, following, or messaging our official accounts), we may receive information such as your username, public profile information, and the content of your interactions.

2. How we use your information

We use the information we collect to:

Provide and operate the Service, including creating and maintaining your account, running channels, generating content, and delivering content to you and other users you have authorized to receive it; performing and providing the Services; communicating with you about your questions, claims, or technical support; and communicating with you about changes to our policies, features, and enhancements;
Personalize your experience, including recommending channels and content that may be of interest to you;
Improve and develop the Service, including diagnosing problems, analyzing usage patterns, and developing new features (subject to Section 3);
Communicate with you, including responding to your inquiries, sending service-related notices, and (where permitted by applicable law) sending marketing communications you can opt out of at any time;
Process payments and manage subscriptions, in cooperation with our payment processor (see Section 5);
Protect the Service and our users, including detecting and preventing fraud, abuse, security incidents, and violations of our Terms of Use;
Comply with legal obligations, including responding to lawful requests from competent authorities, enforcing our legal rights, ensuring the safety of our users, employees, Services, and the public, and verifying your or your authorized agent's identity;
Internal research, development, and quality control, including aggregating and analyzing activity to evaluate and modify the Service, developing additional services likely to be of interest to our users, performing statistical, demographic, and marketing analyses, troubleshooting, debugging, repairing, optimizing, or improving the Service and our operations, and monitoring quality control.

We may also aggregate or de-identify information collected through the Service so that it cannot reasonably be linked to you or your device. We may use such de-identified or aggregated data for any lawful purpose, including for research, marketing, and product development, and we may disclose such data to third parties in compliance with applicable law.

We may also use your information for other purposes with your consent. If we plan to use your personal information for a materially different purpose that is not compatible with what is described in this Policy, we will provide notice and, where required by law, obtain your consent.

3. AI and your content

The Service uses artificial intelligence and machine learning to generate Output based on your Input.

3.1 Service provision and operation. We process Your Content as needed to provide the Service to you—for example, to run your channels, deliver Output, and enable you to share content you have published.

3.2 Service improvement. We may also use Your Content only in aggregated or de-identified form to maintain, improve, and develop the Service. This may include analyzing usage patterns, improving recommendation quality, and refining our prompts and configurations.

3.3 No training of general-purpose models. We do not use Your Content to train general-purpose foundation models—that is, models intended to be sold, licensed, or otherwise used outside of providing the Service to our users.

3.4 Opt-out. If you do not want your Input to be used for service improvement under Section 3.2, you may opt out by sending an email to [email protected]. Opting out will not affect Service features that depend on processing Your Content for purposes 3.1.

3.5 Third-party AI providers. Parts of the Service rely on third-party AI providers (for example, providers of language models, image generation, voice synthesis, or video generation). When the Service generates Output, we may transmit relevant portions of Your Content to one or more such providers solely to fulfill the requested feature. These providers process data under their own privacy policies, and we select providers that contractually commit to confidentiality and to not using Your Content to train their general models, where commercially reasonable. We do not name specific providers here because the providers we use may change over time; you may contact us at [email protected] for current information.

4. Connectors and third-party data sources

If you authorize the Service to connect to a third-party account or service (a "Connector"), such as Gmail, YouTube, Outlook, X/Twitter, Notion, Readwise, GitHub, or another integration we may offer, we receive data from that service to the extent you have authorized. We treat Connector data with heightened protections, as follows:

4.1 Limited Use. Use and transfer of Connector data to and from any application is limited to providing or improving user-facing features that are prominent in the Service. Specifically:

(a) We use Connector data only to provide the channel functionality you have configured, such as monitoring or summarizing the data sources you have connected.

(b) We do not transfer Connector data to others except as necessary to provide or improve the user-facing feature you have requested, or to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.

(c) We do not use Connector data for serving advertisements, including remarketing, personalized advertising, or interest-based advertising.

(d) We do not use Connector data to develop, improve, or train generalized AI or machine learning models. Where Connector data is processed by an AI model only to deliver the user-facing feature you have requested, we ensure that data does not leave the application boundary for training purposes.

(e) We do not allow humans to read Connector data, except (i) with your explicit consent, (ii) where necessary for security purposes (such as investigating abuse), (iii) where necessary to comply with applicable law, or (iv) where Connector data has been aggregated and used for internal operations in compliance with applicable law.

The commitments in this Section 4.1 are intended to comply with the Google API Services User Data Policy (including the Limited Use requirements applicable to Gmail and YouTube data) and with other applicable third-party API terms, and we apply the same commitments to data obtained from other Connectors.

4.2 Revocation and deletion. You may revoke any Connector at any time through your account settings or through the third-party service. Upon revocation, we will stop accessing further Connector data and will delete cached Connector data within a reasonable period (typically thirty (30) days), except where we are required to retain it for legal reasons.

4.3 Third-party policies. Your use of any Connector is also governed by the third-party service's terms and privacy policy. We encourage you to review them.

We do not sell your personal information. We share your information only as described below:

Service providers. We share information with companies that help us operate the Service, including hosting (currently Amazon Web Services), cloud infrastructure, analytics, customer support, security, fraud prevention, and email delivery. Service providers are bound by contractual obligations to protect your information and to use it only for the purposes we specify.
Payment processors. Payment processing is handled by our payment processor, currently Waffo, and (in the future) by other processors we may engage. Payment data is collected directly by these processors under their own terms and privacy policies. For Apple App Store and Google Play purchases, billing is handled by Apple or Google, respectively.
Third-party AI providers, as described in Section 3.5.
Other users, when you publish a channel publicly. Information you make public may be visible to other registered users and, to the extent applicable, to public web search engines (see Section 1 and our Terms of Use, Section 5). When you follow another user, content provider, or channel creator, that user may see your account name, broad location, and profile picture if you signed in through a third-party login provider.
Legal authorities and others, where we believe in good faith that disclosure is necessary to comply with applicable law, lawful requests, court orders, or to protect the safety, rights, property, or security of NeoDrop, our users, or others.
Corporate transactions. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, we may disclose information to relevant parties as part of that transaction, subject to customary confidentiality obligations.
Links to other sites. The Service may contain links to websites, features, or services operated by third parties. We do not control these third parties and are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party services you visit.

6. Cookies and similar technologies

We and our service providers use cookies, web beacons, software development kits, pixels, local storage, and similar technologies (collectively, "cookies") to operate and analyze the Service.

We use cookies for purposes such as:

Strictly necessary functions (e.g., authentication, session management, security);
Functional purposes (e.g., remembering your language or preferences);
Analytics (e.g., understanding how the Service is used and how to improve it); and
Advertising and marketing, including to measure the effectiveness of our promotional efforts.

Most browsers and devices allow you to manage or delete cookies. If you reject non-essential cookies, some Service features may not function properly. Where required by applicable law, we obtain your consent before placing non-essential cookies, and you may withdraw that consent at any time. We respect Global Privacy Control (GPC) signals and other Universal Opt-Out Mechanisms recognized under applicable law as a request to opt out of the sharing of your personal information for targeted advertising.

7. Data retention

We retain personal information for as long as necessary to provide the Service and for the purposes described in this Policy, including to:

Maintain your account while it is active;
Comply with our legal, accounting, tax, and reporting obligations;
Resolve disputes, enforce our agreements, and protect our legal rights; and
Detect and prevent fraud or abuse.

In determining how long to retain information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, applicable legal requirements, and our legitimate interests. Different categories of information may have different retention periods.

When you delete content on the Service, we remove it from active systems within a reasonable period (typically thirty (30) days), subject to backup retention cycles and legal requirements. When you delete your account, we delete or de-identify your personal information after a similar period, except where retention is necessary for the purposes above.

For public content that has been indexed by search engines, we will additionally request that major search engines remove cached copies, but we cannot guarantee that all third parties will promptly comply with such requests.

8. International data transfers

Our infrastructure and the servers that store and process personal information are currently located in the United States (using Amazon Web Services). We may, in the future, add or move to infrastructure in other regions or with other cloud providers. By using the Service, you understand that your personal information will be transferred to and processed in countries other than your own, where data protection laws may differ from those in your country.

When we transfer personal information across borders, we rely on legally recognized transfer mechanisms, such as:

The EU-U.S. Data Privacy Framework (and the UK Extension and Swiss-U.S. DPF as applicable) for transfers of personal data from the European Economic Area, the United Kingdom, and Switzerland to the United States, to the extent our infrastructure providers (such as Amazon Web Services) are certified under and comply with the relevant Framework;
Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum, or equivalent contractual safeguards, where the Data Privacy Framework does not apply or as supplementary measures;
Derogations for specific situations recognized under applicable law (e.g., where the transfer is necessary to perform a contract with you or with your explicit consent); and
Comparable safeguards under Singapore's Personal Data Protection Act and applicable laws of other jurisdictions.

In the future, if we begin to formally serve specific markets that have additional cross-border transfer requirements, or if we change cloud providers or add regional infrastructure, we may publish region-specific notices or supplemental terms. You may contact us at [email protected] for more information about our current transfer mechanisms and infrastructure providers.

9. Security

We use technical, organizational, and physical safeguards designed to protect your personal information from loss, misuse, unauthorized access, alteration, and destruction. These include encryption of data in transit, access controls, monitoring, and regular reviews of our security practices. However, no method of transmission or storage over the internet is fully secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by applicable law.

10. Your choices and rights

Depending on where you live, you may have certain rights regarding your personal information. Some rights may not be available in your jurisdiction. These rights may include the right to:

Access the personal information we hold about you;
Correct inaccurate or incomplete personal information;
Delete your personal information;
Restrict or object to certain processing of your personal information;
Withdraw consent where we rely on your consent;
Receive a copy of your personal information in a portable format; and
Lodge a complaint with a data protection or privacy authority.

You can exercise many of these rights directly through your account settings (for example, by updating your profile, deleting content, revoking Connectors, opting out of marketing, or deleting your account).

To submit a request that you cannot complete through your account, please email [email protected]. We will respond within the period required by applicable law (generally within thirty (30) days, with extensions where allowed). We may need to verify your identity before fulfilling certain requests. Verification methods may include email confirmation, two-factor authentication, or submission of official identification if necessary to ensure the request is legitimate. We may decline requests that are unfounded, excessive, or that would adversely affect the rights of others. If a request is declined, we will provide a reason and, where applicable, instructions on how to appeal. You may lodge a complaint with our internal Privacy Team at [email protected]. You also have the right to contact your local data protection authority.

We will not discriminate against you for exercising your privacy rights.

Email communications. We may periodically send you newsletters, product updates, promotional offers, and invitations (for example, to participate in user research). When you receive promotional communications from us, you will have the opportunity to opt out by following the unsubscribe instructions in the email. Even after opting out of marketing messages, you will continue to receive administrative messages from us, such as updates to our policies and practices, communications related to transactions, and notifications you have subscribed to within the Service. Where applicable law requires prior consent for marketing communications, we will obtain such consent before sending them.

Mobile devices. You may receive push notifications from our mobile applications. You can opt out of push notifications at any time through your device settings. The mobile applications may also prompt you to grant permission for precise geolocation, microphone, camera, contacts, or other device data. Granting these permissions is optional and you can revoke them at any time through your device settings; however, doing so may limit certain features of the Service.

11. Children

The Service is not intended for, and we do not knowingly collect personal information from, anyone under the age of 18. If you are under 18, please do not use the Service. If we learn that we have collected personal information from a person under 18, we will promptly delete that information. If you believe a child has provided personal information to us, please contact [email protected].

12. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last Updated" date above. If the changes are material, we will provide reasonable notice in advance, for example by email or through a prominent notice on the Service. Your continued use of the Service after the effective date of any change indicates your acceptance of the updated Policy.

13. How to contact us

If you have questions, concerns, or requests regarding this Policy or our handling of your personal information, please contact us:

General privacy inquiries / DSAR requests / Data Protection Officer: [email protected] (Singapore PDPA DPO inquiries may also be sent here)
General support: [email protected]
Copyright (DMCA) notices: [email protected]
Mail: LUCKYISH PTE. LTD., 91 Bencoolen Street, #12-03, Sunshine Plaza, Singapore 189652

Appendix A — Notice to European Users

This Appendix applies if you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland (together, "Europe").

Controller. LUCKYISH PTE. LTD. is the controller of the personal information described in this Policy. We are in the process of appointing an EU/UK representative under Article 27 of the GDPR and will update this Policy with the representative's contact details once the appointment is finalized. In the meantime, you may direct privacy inquiries to [email protected].

Legal bases for processing. We process your personal information on the following legal bases:

Purpose	Legal basis
Provide and operate the Service (account, channels, content delivery, payments)	Contractual necessity (GDPR Art. 6(1)(b))
Improve and develop the Service (in aggregated or de-identified form)	Legitimate interests (GDPR Art. 6(1)(f))
Personalize content recommendations	Legitimate interests, or consent where required
Send marketing communications	Consent (GDPR Art. 6(1)(a))
Comply with legal obligations	Legal obligation (GDPR Art. 6(1)(c))
Protect the Service, users, and third parties	Legitimate interests
Use of non-essential cookies and similar technologies	Consent

You may object to processing based on legitimate interests, and you may withdraw consent at any time, without affecting the lawfulness of processing prior to the withdrawal.

Your rights under the GDPR. You have the rights described in Section 10. You also have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu; the UK Information Commissioner's Office is at ico.org.uk.

International data transfers. Personal data of users in Europe is transferred to the United States, where our servers are located. We rely on the EU-U.S. Data Privacy Framework (and the UK Extension and Swiss-U.S. DPF where applicable) and, as supplementary measures or where DPF certification does not apply, on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. You may contact us for further information.

Automated decision-making. We do not use solely automated decision-making producing legal or similarly significant effects on you within the meaning of GDPR Article 22.

Appendix B — Notice to U.S. Users

This Appendix applies to residents of U.S. states whose privacy laws apply to us and grant the rights described below (the "State Privacy Laws"), including, as applicable, residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. Not all rights apply to every state; we will respond to verified requests in accordance with applicable law.

Categories of personal information we process. Within the past 12 months, we have collected the categories of personal information described in Section 1 and used and shared them for the purposes described in this Policy. We have not "sold" personal information for monetary consideration, and we do not knowingly process the personal information of consumers under 16 years of age for purposes of "sale" or "sharing" as defined under applicable laws.

Your rights. Subject to verification and applicable exceptions, you may have the right to:

Confirm whether we process your personal information and access it;
Request that we correct inaccurate personal information;
Request that we delete your personal information;
Receive a portable copy of your personal information;
Opt out of "sale" of personal information, "sharing" for cross-context behavioral advertising, or profiling that produces legal or similarly significant effects;
Limit the use of sensitive personal information (where applicable); and
Appeal a denial of a request.

How to exercise your rights. Submit requests by emailing [email protected]. We will verify your identity using information you have provided to us. Verification methods may include email confirmation, two-factor authentication, or submission of official identification if necessary. You may also designate an authorized agent to submit a request on your behalf, subject to verification. If we deny your request, we will inform you of the reason and, where applicable, your right to appeal.

Universal Opt-Out Mechanisms. We treat opt-out preference signals (such as Global Privacy Control) sent by your browser as a request to opt out of the sharing of your personal information for targeted advertising, where applicable.

Notice for California residents. If you are a California resident, you have the additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), including the rights described above and the right to limit our use and disclosure of "sensitive personal information." As described in Section 1.1, we do not actively collect sensitive personal information; to the extent any such information is collected, we do not use it for purposes other than those permitted under the CCPA/CPRA without offering a "Right to Limit." You also have the right not to be discriminated against for exercising your rights. To exercise CCPA/CPRA rights, email [email protected] with "California Privacy Request" in the subject line.

Appendix C — Notices to Japan and Singapore Users

Japan. This section applies to individuals in Japan, including under the extraterritorial application of the Act on the Protection of Personal Information ("APPI"). LUCKYISH PTE. LTD. is the personal information handling business operator. As described in Section 8, we may transfer personal information outside Japan, including to the United States where our servers are currently located. For inquiries, please email [email protected].

Singapore. This section applies to individuals in Singapore under the Personal Data Protection Act 2012 ("PDPA"). LUCKYISH PTE. LTD. is incorporated in Singapore and acts as the data controller for personal data described in this Policy. Although we are incorporated in Singapore, the personal data we collect is processed and stored in the United States by our infrastructure providers; we ensure that such transfers receive a standard of protection comparable to the PDPA through appropriate contractual and technical safeguards. Our Data Protection Officer can be reached at [email protected]. We notify the Personal Data Protection Commission (PDPC) and affected individuals of notifiable data breaches as required by the PDPA.

LUCKYISH PTE. LTD. 91 Bencoolen Street, #12-03, Sunshine Plaza, Singapore 189652