Privacy Policy

1. Information We Collect

We collect information you provide directly: your name, email address, and account preferences when you register. We also collect usage data (number of generations, plan tier) to operate the service and enforce plan limits.

We use cookies and similar technologies only for authentication session management (via Supabase Auth) and analytics (PostHog, anonymized). We do not sell your data.

2. How We Use Your Information

• Authenticate your account and maintain your session
• Operate the AI generation service and enforce plan limits
• Process payments through Paddle — our Merchant of Record (we never store card details)
• Send transactional emails (account events, billing)
• Improve the product via aggregated, anonymized analytics

3. Data Storage & Security

Your data is stored in Supabase (hosted on AWS). All connections use TLS. Row-level security policies ensure users can only access their own data. Paddle handles all payment processing as our Merchant of Record under PCI-DSS compliance.

4. Your Rights

You may request deletion of your account and all associated data at any time by contacting us at privacy@draftly.ai. Deletion is permanent and irreversible.

If you are in the EU/EEA, you have rights under GDPR including access, rectification, erasure, and portability of your personal data.

5. Third-Party Services

• Supabase — database and authentication
• Paddle — payment processing (Merchant of Record — handles tax, compliance, chargebacks)
• Anthropic — AI generation (inputs are processed per Anthropic's usage policy)
• Resend — transactional email delivery
• PostHog — anonymized product analytics
• Vercel — hosting and CDN

6. Contact

Questions? Email us at privacy@draftly.ai.