Privacy that moves at guest speed

01Introduction

Rope Drop Hero ("we," "our," or "us") is a mobile application developed and operated by Rope Drop Hero, LLC ("Company"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Rope Drop Hero iOS application and any related services (collectively, the "App").

By downloading, installing, or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

02Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when creating an account, using App features, or contacting us for support:

• Account registration information: email address and password (managed via Supabase Authentication)
• Profile preferences: park preferences, party size, dining preferences, and trip dates
• Quest and trip planning data: itineraries, attraction preferences, dining reservations, and custom plans you create using Quest Builder
• AI conversation data: messages you send to Park Ranger, our AI assistant, to receive personalized park recommendations
• Group and party data: information you provide to coordinate with your travel party using Party Beacons and group features
• Support communications: messages you send to our support team
• Payment card information (optional): if you enable dining auto-booking, your payment card is stored only on your device in the iOS Keychain. It is never transmitted to or stored on our servers, and we cannot access it.

2.2 Information Collected Automatically

When you use the App, we automatically collect certain technical and usage information:

• Device information: device model, operating system version, unique device identifiers, and app version
• Location data: GPS location data when you are within Walt Disney World Resort parks, used for in-park navigation, Park Ranger contextual recommendations, and party location sharing. With "While Using" permission, location is used only while the App is open. If you grant "Always" permission, the App also uses geofencing to detect when you arrive at or leave a park, including while the App is in the background; these arrival and departure events power quest tracking and your trip history.
• Usage data: features accessed, screens viewed, subscription tier, frequency and duration of use
• Performance data: crash reports, error logs, and diagnostic data to improve App stability
• Customer-level analytics: first-party analytics and diagnostics that may link feature usage, error states, customer rescue status, and subscription context to visitor, session, device, and account identifiers so we can understand friction, support users, and improve reliability. These records do not include raw chat prompts, Disney credentials or tokens, payment details, or exact GPS trails.
• Stored files and metadata: If you grant permission, the App may access photos from your device library (for example, to set a profile photo). The App may also access metadata associated with files on your device to support App features. We do not access your photos, contacts, or other device files without your explicit permission.

2.3 Information from Third-Party Sources

We access publicly available data to power App features, including:

• Theme park attraction wait times, park hours, show schedules, and availability information
• Weather data for park-day forecasting
• Restaurant and dining availability data for monitoring and reservation features

We do not purchase or receive your personal information from third-party data brokers.

03How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain the App, including real-time wait times, crowd calendars, Lightning Lane monitoring, dining reservation monitoring, and trip planning features
• To personalize your experience, including AI-powered recommendations from Park Ranger and Quest Builder itinerary generation
• To process and manage your subscription (Free, Adventurer, Hero, or Starlight Concierge tier) and associated feature access
• To enable party features, including Party Beacons live location sharing for locating members of your travel party within parks
• To provide in-park GPS navigation and contextual recommendations based on your location
• To send push notifications you have opted into, including Lightning Lane alerts, dining availability alerts, and Starlight Concierge features such as Morning Briefings and Proactive Rebooking notifications
• To deliver automation features, including Lightning Lane auto-booking and dining auto-booking for eligible subscription tiers
• To improve the App through customer-level analytics, error diagnosis, performance monitoring, customer rescue workflows, and de-identified product issue analysis
• To respond to your support requests and communicate important updates about the App

04AI Features and Data Processing

Rope Drop Hero uses artificial intelligence to power several features. We want to be transparent about how your data is used in connection with AI:

4.1 Park Ranger AI Assistant

When you interact with Park Ranger, your messages and relevant context (such as your current park location, active quest, and party preferences) are sent to our AI processing infrastructure to generate personalized responses. Conversations are processed in real time and are not used to train AI models. Conversation history is retained for the duration of your active session to maintain context and is not stored permanently on our servers.

4.2 Quest Builder

Quest Builder generates personalized trip itineraries based on your stated preferences, party composition, trip dates, and current park conditions. Your input data is processed by AI models to create and refine plans. Generated quests are stored in your account for your reference and are not shared with other users.

4.3 Starlight Concierge AI Features

Starlight Concierge subscribers may receive AI-generated Morning Briefings, Evening Recaps, Live Trip Copilot suggestions, and Post-Trip Analytics. These features process your trip activity data, reservation data, and park conditions to generate personalized content. This processing occurs on our servers and the resulting content is delivered only to you.

4.4 AI Data Processing Partners

AI features are powered by third-party large language model providers (currently OpenAI). When processing AI requests, we send only the minimum context necessary to generate a response. We do not send your email address, account credentials, or payment information to AI providers. Our agreements with AI providers prohibit them from using your data to train their models.

05Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

• Service providers: We use Supabase (database and authentication), Apple (App Store, StoreKit for subscriptions, push notifications), and OpenAI (AI processing) as service providers. These providers process data on our behalf under contractual obligations to protect your information.
• Group members: If you use Party Beacons or other group coordination features, your live location and relevant trip information are shared with members of your designated travel party while the feature is active. You control who is in your party.
• Legal compliance: We may disclose information if required to do so by law, regulation, legal process, or governmental request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via the App or email before your information becomes subject to a different privacy policy.
• With your consent: We may share information for any other purpose with your explicit consent.

06Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the App's services. Specifically:

• Account data: Retained until you delete your account
• Trip and quest data: Retained until you delete your account or remove individual quests
• AI conversation data: Park Ranger session conversations are not permanently stored. Quest Builder plans are retained as part of your account data.
• Usage, diagnostic, and customer-level analytics data: Retained in identifiable form only as needed to operate customer rescue, support, security and audit, and product-improvement workflows, generally no longer than 24 months; after that, records are deleted or de-identified unless a longer period is required by law or needed for an open support or security issue.
• Location data: Real-time position is processed in the moment for navigation and contextual features and is not stored as a movement trail. Park arrival and departure events (which park, and when) are recorded as part of your trip history and retained until you delete your account or the associated quest.

When you delete your account, we will delete or de-identify your personal information within 30 days, except where retention is required by law.

07Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted between the App and our servers
• Encryption at rest for stored personal data
• Supabase Row Level Security (RLS) policies ensuring users can only access their own data
• Secure authentication with token-based session management
• Regular security reviews of our infrastructure and codebase

No method of electronic storage or transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

08Your Rights and Choices

8.1 Account and Data Management

• Access: You can access your account information and trip data at any time within the App
• Correction: You can update your profile and preferences at any time within the App
• Deletion: You can request deletion of your account and associated data by contacting us at the address below. Account deletion will be processed within 30 days.
• Data portability: You can request a copy of your data in a machine-readable format by contacting us

8.2 Location Services

You can enable or disable location services for the App through your iOS device settings at any time. Disabling location services will prevent GPS navigation, location-based Park Ranger recommendations, party location sharing, and automatic park arrival detection. Core features such as wait times, crowd calendar, and trip planning will continue to function without location access.

8.3 Push Notifications

You can enable or disable push notifications through your iOS device settings. Disabling push notifications will prevent you from receiving Lightning Lane alerts, dining availability alerts, and Starlight Concierge notifications such as Morning Briefings and Proactive Rebooking alerts.

8.4 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us using the information in Section 12.

8.5 European Residents (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal basis for processing your data is your consent (for optional features like location and AI) and contractual necessity (for providing the App's core services). To exercise your GDPR rights, contact us using the information in Section 12.

09Children's Privacy

Rope Drop Hero is designed for use by families visiting Walt Disney World. Account registration and management requires the user to be at least 18 years of age. The App is intended to be used by a parent or guardian who manages the account and trip planning on behalf of their family, including children.

We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us using the information in Section 12.

10Third-Party Services and Links

The App may contain references to or integrations with third-party services, including Walt Disney World properties, dining establishments, and other attractions. This Privacy Policy applies only to the Rope Drop Hero App. We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you interact with.

Rope Drop Hero is not affiliated with, endorsed by, or officially connected to The Walt Disney Company or any of its subsidiaries or affiliates. All Disney-related trademarks and content are the property of The Walt Disney Company.

11Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy within the App and updating the "Last Updated" date at the top of this document. For significant changes, we may also provide notice via push notification or email. Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.

12Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: