Privacy Policy

Last Updated: November 29, 2025

Introduction

Drafta.email ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email intelligence platform.

Information We Collect

Information You Provide

• Account Information: Email address, name, and authentication credentials
• Email Content: Emails processed through our service for AI drafting
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Communication: Information you provide when contacting support

Automatically Collected Information

• Usage Data: How you interact with our service
• Device Information: Browser type, operating system, IP address
• Log Data: Access times, pages viewed, features used

How We Use Your Information

We use the information we collect to:

• Provide Services: Process emails and generate AI-powered drafts
• Improve Service: Analyze usage patterns to enhance functionality
• Customer Support: Respond to inquiries and provide assistance
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Meet legal obligations and enforce our terms

Data Storage and Security

• Encryption: All email content encrypted at rest (AES-256)
• Transmission: All data transmitted over HTTPS/TLS
• Access Control: OAuth-only authentication, no password storage
• Database Security: Row-level security in Supabase
• Regular Audits: Security assessments and vulnerability scanning

Data Sharing and Disclosure

We may share data:

• Service Providers: With trusted vendors (Supabase, OpenAI, Railway) under strict confidentiality
• Legal Requirements: When required by law or to protect rights
• Business Transfers: In connection with mergers or acquisitions (with notice)

Your Rights (GDPR/CCPA Compliance)

You have the right to:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("Right to be Forgotten")
• Portability: Request data export in machine-readable format
• Objection: Object to processing of your data
• Restriction: Request limitation of data processing

To exercise these rights, contact: privacy@drafta.email

AI and Machine Learning

Data Retention

• Active Accounts: Data retained while account is active
• Deleted Accounts: Data deleted within 30 days of account deletion
• Legal Requirements: Some data may be retained for legal compliance
• Backups: Encrypted backups retained for 90 days, then permanently deleted

Cookies and Tracking

• Essential Cookies: Required for service functionality
• Analytics: Anonymous usage analytics (no personal identification)
• Preferences: Remember your settings and preferences
• No Third-Party Advertising: We do not use advertising cookies

Children's Privacy

Our service is not intended for users under 18. We do not knowingly collect information from children.

International Data Transfers

• Data may be processed in the United States and other countries
• We ensure adequate safeguards for international transfers
• EU users: Data processing complies with GDPR requirements

Changes to This Policy

We may update this Privacy Policy. We will notify you of changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending email notification for material changes

California Privacy Rights (CCPA)

California residents have additional rights:

• Right to Know: Request disclosure of data collection and sharing
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Non-Discrimination: We will not discriminate for exercising privacy rights

European Privacy Rights (GDPR)

EU residents have rights under GDPR:

• Lawful Basis: Processing based on consent and contract performance
• Data Protection Officer: Contact dpo@drafta.email
• Supervisory Authority: Right to lodge complaints with your data protection authority