Third-Party Services and SDK Disclosure

Effective Date: April 9, 2026 · Last Updated: April 9, 2026

This document is referenced by the RareDrop Privacy Policy and is intended to replace the prior SDK list with a version aligned to the current RareDrop app, while preserving the disclosure purpose of the original file. It describes major third-party service providers, SDK-related components, and infrastructure vendors that may process limited data in connection with the RareDrop app.

1. Important Notes

2. Major Third-Party Services

Provider / Service Purpose of Use Data Potentially Involved Notes
Stripe Payment processing, fraud prevention, payment confirmation, refunds, dispute handling Transaction data, payment status, device/browser signals, limited billing/payment identifiers Full payment instrument details are handled under Stripe’s own systems and policies.
PayPal Payment processing, checkout, refund/dispute support Transaction data, payment status, account/payment identifiers, risk signals Processed under PayPal’s own terms and privacy policy.
Google Sign-In User authentication and account sign-in Google account identifier, email address, profile data authorized by user Only used if the user chooses this sign-in method.
Sign in with Apple User authentication and account sign-in Apple account identifier, relay or real email address, authorized profile data Only used if the user chooses this sign-in method.
Twilio SMS verification messages, transactional messaging, security notifications Phone number, message metadata, delivery status Used for login verification and security-related messaging.
Zoho Email delivery and business/customer support communications Email address, message content/metadata, delivery status Used for account, support, and business communications.
Amazon Web Services (AWS) Cloud hosting, storage, databases, logs, security, backend service operation Account data, order data, logs, uploaded content, application data Used as core infrastructure provider.
Cloudflare CDN, DNS, web/application security, traffic routing, caching, DDoS mitigation IP address, request metadata, traffic/security logs Used for performance and security of web-facing services.

3. Device Permissions and Related Uses

Permission / Access Purpose Required or Optional
Notifications Order updates, shipping notices, account security alerts, optional marketing messages where permitted Optional
Camera / Photos Uploading images or evidence to customer support, profile/media-related actions where available Optional
Network Access Basic app connectivity, content loading, account and order processing Necessary for service operation

4. Original Disclosure Intent Preserved

This document continues the original intent of the prior SDK list: to identify third-party components or service providers, summarize why they are used, and explain the types of information they may access or process in connection with the app.