Privacy Policy

Last Updated: June 24, 2026

1. Scope

This Privacy Policy explains how Royal Markets Inc. ("Royal," "we," "us," and "our") collects, uses, discloses, and protects personal information when you access or use Drip, including our website, application, APIs, payment-enabled routes, discovery surfaces, data products, chat features, customer dashboards, documentation, tools, and related services.

This Privacy Policy applies to self-serve and default use of Drip. Enterprise customer data-processing terms may be governed by a separate written agreement, including a Data Processing Agreement. If a separate written agreement applies and conflicts with this Privacy Policy for covered enterprise services, that written agreement controls for those services.

2. Who We Are

Royal Markets Inc. is a Delaware corporation. Royal Markets Inc. is the controller of personal information described in this Privacy Policy unless a separate written agreement says otherwise.

Our mailing address is Royal Markets Inc., 301 Congress Avenue, 12th Floor, Suite 1227, Austin, TX 78701, USA.

You can contact us at support@dripstack.com.

3. Personal Information We Collect

We collect personal information directly from you, automatically when you use Drip, from service providers and payment partners, from authentication providers, from wallet or payment networks, from enterprise customers or administrators, and from public or third-party sources where appropriate for the Services.

The categories of personal information we collect may include:

  • Account and authentication data, such as user identifiers, account IDs, email address, authentication tokens, session data, role or permission information, and information provided through authentication providers.
  • Payment and transaction data, such as payment processor customer IDs, checkout session IDs, invoice or receipt details, payment status, credit purchases, refund or adjustment data, promotional credit data, billing metadata, and transaction references. We do not intentionally store full payment card numbers.
  • Wallet and blockchain/payment-rail data, such as wallet addresses, payment signatures, payment receipts, network identifiers, x402 or MPP payment metadata, USDC or other supported payment rail information, and other transaction data needed to verify or settle payment-enabled routes.
  • API and developer data, such as API key name, API key suffix, API key hash, creation date, last-used date, endpoint usage, request metadata, and account or organization association. We do not store raw API keys after they are shown to you.
  • Chat, search, prompt, and content-access data, such as prompts, queries, selected sources, scoped publications, chat messages, search terms, article or summary access events, paid-source citations, usage metadata, tool/audit metadata, request costs, rate-limit data, and spend-limit data.
  • Publisher, import, and content-processing data, such as publication names, publication URLs, author names, author emails when available from source material, article metadata, podcast metadata, imported content, synthesized summaries, embeddings, stock-pick extractions, processing status, and related logs.
  • Communications, support, and feedback data, such as messages you send to us, support requests, survey responses, product feedback, social media interactions, and related contact details.
  • Technical and analytics data, such as IP address, device and browser information, operating system, referring URLs, pages viewed, approximate location derived from IP address, timestamps, feature interactions, diagnostics, logs, analytics data, performance data, cookie or similar technology data, and security signals.
  • Derived, aggregated, and de-identified data, such as usage statistics, product analytics, model-evaluation metrics, quality measurements, and aggregated business or product insights.

We do not seek to collect sensitive personal information such as government ID numbers, precise geolocation, health information, biometric identifiers, racial or ethnic origin, religious beliefs, union membership, or criminal history. Please do not provide that information to Drip unless we specifically request it for a lawful purpose.

4. How We Use Personal Information

We use personal information to:

  • provide, operate, maintain, secure, and improve Drip;
  • create and manage accounts, sessions, roles, permissions, API keys, and enterprise access;
  • authenticate users and support guest or wallet-based access;
  • process payments, Credits, refunds, invoices, receipts, payment challenges, x402 or MPP settlements, wallet transactions, and related transaction records;
  • provide chat, search, discovery, article-summary, stock-pick, API, podcast, and content-processing features;
  • meter usage, enforce limits, route spend, detect abuse, calculate balances, and maintain transaction ledgers;
  • communicate with you about Drip, support requests, security notices, administrative messages, product updates, and marketing where permitted;
  • personalize or configure product experiences, such as selected publications or topic scopes;
  • troubleshoot, debug, audit, analyze, and measure the performance and reliability of Drip;
  • protect Drip, Royal, users, publishers, enterprise customers, vendors, and the public from fraud, abuse, security incidents, unlawful activity, and violations of our Terms;
  • comply with legal, tax, accounting, regulatory, dispute-resolution, and contractual obligations; and
  • create aggregated or de-identified data that does not identify you and use it for analytics, research, product improvement, and business operations.

5. How We Disclose Personal Information

We may disclose personal information to:

  • service providers that help us operate Drip, including providers of hosting, infrastructure, authentication, payment processing, analytics, support and feedback, AI/model processing, content processing, queueing, storage, email or communications, security, observability, and development operations;
  • payment processors, wallet providers, payment networks, settlement infrastructure, and transaction verification services as needed to process payments, Credits, receipts, payment challenges, x402 or MPP flows, and wallet transactions;
  • enterprise customers, administrators, or authorized users when your account is associated with an enterprise workspace, organization, or agreement;
  • publishers, content providers, or data partners where needed to provide, attribute, pay for, audit, or support access to content;
  • professional advisers, such as lawyers, auditors, accountants, insurers, and consultants;
  • government authorities, courts, regulators, law enforcement, or other third parties when we believe disclosure is required or appropriate to comply with law, legal process, or safety/security obligations;
  • parties involved in a business transaction, such as a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets; and
  • other parties with your direction, consent, or as otherwise described when you provide the information.

6. Payments, Wallets, and Blockchain Transactions

We use payment processors to process purchases, invoices, receipts, refunds, payment status, and billing-related records. Payment processors may independently collect and process personal information under their own terms and privacy policies.

Drip may also support wallet, USDC, x402, MPP, and other payment-network or blockchain-adjacent flows. Wallet addresses, transaction hashes, payment signatures, payment receipts, network identifiers, and related metadata may be public, visible to payment participants, or processed by third-party infrastructure. We may not be able to delete or alter information recorded on public or third-party payment networks.

7. AI, Content Processing, and Product Improvement

Drip uses AI and automated systems to search, summarize, synthesize, classify, extract, embed, evaluate, and generate outputs from publisher content, user prompts, chats, articles, podcasts, stock-pick data, metadata, and other inputs.

We may process your prompts, queries, chat messages, selected sources, usage data, and outputs to provide Drip, improve reliability and quality, evaluate retrieval and citation behavior, detect abuse, debug product issues, and develop new features. Enterprise customer data-processing restrictions, if any, may be set out in a separate written agreement.

We may use aggregated or de-identified information for analytics, research, product improvement, model evaluation, and business operations. We maintain de-identified information in de-identified form and do not attempt to re-identify it except as permitted by law.

8. Cookies, Analytics, and Similar Technologies

We and our providers may use cookies, local storage, pixels, logs, SDKs, and similar technologies to operate Drip, keep you signed in, remember settings, secure the Services, measure usage, understand performance, debug errors, and improve product experiences.

We use analytics, performance, feedback, and support tools to understand usage, improve reliability, and respond to user requests. Your browser or device may allow you to block or limit certain cookies or tracking technologies, but doing so may affect Drip functionality.

We do not currently respond to "Do Not Track" browser signals because there is no consistent industry standard for those signals.

9. Data Retention

We retain personal information for as long as reasonably necessary to provide Drip, maintain accounts, process payments and Credits, enforce our Terms, comply with legal, tax, accounting, and reporting obligations, resolve disputes, protect security, maintain audit logs, and operate our business.

Retention periods vary by data type. For example, payment and ledger records may be retained longer for tax, accounting, dispute, or anti-fraud purposes; API key metadata may be retained while the key or account remains active and for a reasonable period afterward; chat, search, and usage records may be retained to provide history, support product features, debug issues, and enforce usage limits.

We may retain aggregated or de-identified data for longer periods where it no longer identifies you.

10. Security

We use reasonable technical, administrative, and organizational safeguards designed to protect personal information. These safeguards may include access controls, authentication, encryption in transit, provider security controls, logging, monitoring, and operational review.

No method of transmission or storage is completely secure. You are responsible for protecting your account, devices, sessions, wallet, payment credentials, and API key. Notify us at support@dripstack.com if you believe your account, API key, wallet, or other credential has been compromised.

11. International Transfers

Royal is based in the United States, and we primarily process personal information in the United States. We and our providers may process information in other countries where we or they operate.

If we transfer personal information from the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with transfer restrictions, we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions, Data Privacy Framework participation where applicable, or another lawful transfer mechanism.

12. Enterprise Customer Data

Enterprise customer data-processing terms may be governed by a separate written agreement, including a Data Processing Agreement. That agreement may include additional terms for processing roles, subprocessors, security, audit rights, retention, deletion, international transfers, and instructions.

If an enterprise customer provides access to Drip for its authorized users, we may process information about those users on behalf of the enterprise customer or as otherwise described in the applicable agreement.

13. Your Privacy Rights and Choices

Depending on where you live and subject to legal exceptions, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, appeal of a privacy-rights decision, and information about how we process your personal information.

You may exercise privacy rights by contacting support@dripstack.com. We may need to verify your identity before fulfilling a request. We may deny or limit a request where permitted by law, such as when retaining information is necessary for security, fraud prevention, legal compliance, transaction records, dispute resolution, or exercising legal rights.

You may opt out of marketing emails by using the unsubscribe instructions in those emails or by contacting us. We may still send transactional, service, security, legal, or account-related messages.

14. California and Other US State Privacy Notices

Some US state privacy laws, including California and Delaware privacy laws, provide residents with specific privacy rights and require disclosures about categories of personal information, sources, purposes, disclosures, and sale or sharing practices.

The categories of personal information we collect are described in Section 3. The purposes for which we use personal information are described in Section 4. The categories of third parties to whom we disclose personal information are described in Section 5.

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are commonly used in US state privacy laws. If our practices change, we will update this Privacy Policy and provide any required choices.

We do not knowingly sell or share personal information of children under 16.

You may have the right to request access, correction, deletion, portability, information about disclosures, opt out of sale or sharing, opt out of certain profiling or targeted advertising, limit certain sensitive personal information uses, appeal a decision, and be free from discrimination for exercising privacy rights. These rights vary by state and may be subject to exceptions.

Authorized agents may submit requests where permitted by law. We may require proof that the agent is authorized and may require you to verify your identity directly with us.

15. European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under applicable data protection laws.

Royal Markets Inc. is the controller of personal information described in this Privacy Policy unless a separate written agreement says otherwise.

Our legal bases for processing may include:

  • performance of a contract, such as providing Drip, account access, paid routes, APIs, Credits, and support;
  • legitimate interests, such as securing, maintaining, analyzing, improving, and developing Drip, preventing fraud or abuse, enforcing terms, and supporting business operations;
  • consent, where required or where we ask for it; and
  • legal obligations, such as tax, accounting, sanctions, security, dispute-resolution, and regulatory obligations.

Subject to applicable law, you may have rights to access, correct, delete, restrict, object to processing, request portability, withdraw consent, and lodge a complaint with a supervisory authority. You can contact us at support@dripstack.com to exercise these rights.

16. Children

Drip is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, contact us at support@dripstack.com and we will take reasonable steps to delete it.

17. Third-Party Links and Services

Drip may link to or integrate with third-party websites, publishers, payment processors, wallet providers, authentication providers, AI providers, data providers, and other services. Their privacy practices are governed by their own policies, not this Privacy Policy.

We encourage you to review the privacy policies and terms of third-party services before using them or providing information to them.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by posting the updated Privacy Policy on Drip, updating the "Last Updated" date, emailing you, or using another reasonable method.

Your continued use of Drip after an updated Privacy Policy becomes effective means the updated Privacy Policy applies to your use of Drip.

19. Contact

Questions or requests about this Privacy Policy may be sent to Royal Markets Inc., 301 Congress Avenue, 12th Floor, Suite 1227, Austin, TX 78701, USA.

Email: support@dripstack.com