1. Introduction
This Privacy Policy describes how Draftora (“Draftora”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you interact with our website, platform, Word add-in, or any other service we provide (collectively, the “Services”).
This Policy applies when Draftora acts as a data controller — for example, when you create an account, visit our website, or communicate with us. When Draftora processes documents, files, or content on behalf of a customer, Draftora acts as a data processor and such processing is governed by a separate agreement.
By using the Services, you acknowledge and agree to the practices described in this Privacy Policy.
2. What Information We Collect
2.1 Personal data you provide
- Account Information: name, email address, organization, role, login credentials.
- Communication Data: emails, chat messages, support requests, feedback, and metadata associated with them.
- Billing Information: payment details provided to our payment processor (we do not store full payment card numbers).
- Marketing Preferences: choices regarding newsletters or promotional communications.
- Survey & Research Data: responses to voluntary surveys, feedback forms, testing programs.
2.2 Data collected automatically
- Log & Device Data: IP address, browser type, device identifiers, operating system, timestamps, diagnostic data.
- Usage Data: how you interact with the Services, feature usage patterns, performance data, analytics.
- Cookies & Similar Technologies: session cookies, persistent cookies, local storage, web beacons, pixel tags.
2.3 Information from third parties
We may receive information from authentication providers, payment processors, analytics or marketing partners, or customer organizations that manage multiple users.
2.4 Document Content (processor role)
When you upload or generate content in Draftora, we process that Document Content only to provide the Services and only as instructed by you or your organization. We do not access, use, or share Document Content beyond what is strictly necessary to deliver the Services, unless explicitly permitted by the customer.
3. How We Use Personal Data
- Delivering and maintaining the Services: account management; platform and add-in operation; feature delivery; security, availability and performance.
- Customer support: responding to inquiries, troubleshooting, onboarding, training.
- Improving and developing the Services: product analytics, quality assurance, anonymized insights.
- Marketing and communications: updates, product announcements, newsletters (you can opt-out anytime).
- Compliance and protection: fraud prevention, security, legal compliance, rights protection.
If you are located in the EU (or other applicable jurisdiction), our processing may rely on contractual necessity, legitimate interest, consent, or legal obligation, depending on the purpose.
4. How We Share Personal Data
We do not sell personal data.
We may share personal data with:
- Service providers (processors): cloud hosting, authentication, email delivery, analytics, payment processors, support tools — under strict contractual obligations.
- Customer organizations: if your account belongs to an employer or organization, relevant profile or usage information may be accessible to them.
- Professional advisors: lawyers, auditors, insurers — only when necessary.
- Legal authorities: when required by law, subpoena or other lawful request.
- Business transfers: in case of merger, acquisition or sale, personal data might be transferred to the successor entity.
5. Document Content and Confidentiality
Document Content is processed solely to provide the Services. Draftora does not use Document Content to train models, access it for unrelated purposes, or share it with third parties beyond necessary processors. Customers maintain control over their Document Content at all times.
6. International Data Transfers
We may store or process personal data in the EU, the US, or other jurisdictions. When data is transferred internationally, we ensure adequate protection via Standard Contractual Clauses (SCCs), adequacy decisions, or other technical and organizational safeguards. Data Processing Agreements are in place with third-party providers.
7. Data Security
We implement industry-standard technical and organizational measures — encryption (in transit and at rest), access control, infrastructure security, monitoring and logging, regular audits and testing — to protect your personal data. In the case of a security breach, we will notify affected users as required by law.
8. Data Retention
We retain personal data only as long as necessary to deliver the Services, honor contractual obligations, fulfill legal requirements, resolve disputes, and enforce agreements. Document Content is retained per customer settings or agreements. Once retention obligations expire, data will be deleted or anonymized.
9. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete your personal data (“right to be forgotten”)
- Restrict or object to processing
- Port your data elsewhere
- Withdraw consent
- Opt-out of marketing
To exercise your rights, contact us at the address below. If your data is processed under your organization's account, we may redirect you to the relevant data controller.
10. Children
Draftora is not intended for use by minors under the age of majority. We do not knowingly collect personal data from children.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will post the updated version here with a new “Last updated” date. Significant changes may be communicated via email or in-product notifications. Continued use of the Services after updates constitutes acceptance of the revised policy.
12. Contact Us
If you have questions, requests, or complaints, you can contact us at:
Draftora
Email: privacy@draftora.ai
If GDPR applies, you also have the right to lodge a complaint with your local supervisory authority.