Last updated: May 2026

Privacy Policy

Draftly ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome Extension and web application at draftly-mail.vercel.app.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you sign up, we collect your email address and a securely hashed password. We do not collect your name or profile picture.
  • Payment Information: When you upgrade to a paid plan, payment details are processed by Dodo Payments. We do not store your full card number or CVV. We receive a subscription identifier and billing status.

1.2 Information Collected Automatically by the Chrome Extension

Draftly's Chrome Extension operates with the following permissions to function:

  • activeTab & scripting: Used to read the visible content of the currently active browser tab (only when you explicitly click the extension action) so our AI can generate a contextual draft.
  • host_permissions (linkedin.com & x.com): Allows the extension to run specifically on LinkedIn and X profiles to extract relevant context (e.g., profile name, headline).
  • storage: Stores your authentication session token and user preferences locally in your browser so you stay logged in.

We do not read your general browsing history. Content scripts run only when you actively use the extension. Page data is never persistently stored.

1.3 Usage Data

  • Number of AI generations used (tracked against your plan quota).
  • Timestamps of extension usage (stored in Supabase, our backend database).

2. How We Use Your Information

  • To authenticate you and manage your account.
  • To generate AI-powered email drafts using page context you explicitly share.
  • To enforce usage limits based on your subscription plan.
  • To process payments and manage billing through Dodo Payments.
  • To improve our AI models and service quality (only with anonymized, aggregated data).
  • To send transactional emails (e.g., billing receipts, account alerts). We do not send marketing emails without your explicit consent.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

  • Supabase: Our database and authentication provider. Data is stored in a secure, hosted PostgreSQL instance.
  • DeepSeek (Primary AI Provider): Page content you select in the extension is sent to DeepSeek V4 Flash (via the DeepSeek API) to generate a personalized message draft. DeepSeek processes this data per the DeepSeek Privacy Policy.
  • Groq API (Fallback AI Provider): If the primary DeepSeek service is temporarily unavailable or returns an error, Draftly automatically retries the same request using Groq (Llama 3 70B) as a fallback. The same page context is sent to Groq in this case. Groq processes data per their Privacy Policy. Groq does not use API request data for model training.
  • Important: Page context sent to either AI provider is not persistently stored on our servers after the API response is returned. We do not log or retain the raw page content you share.
  • Dodo Payments: Your payment and billing information is processed by Dodo Payments, our payment processor.
  • Legal Requirements: We may disclose your data if required by law, court order, or to protect our legal rights.

4. Data Retention

We retain your account data for as long as your account is active. When you delete your account -either from your dashboard settings or by contacting us -your personal data (account profile, authentication records, generation history, and usage logs) is deleted immediately and permanently from our systems. There is no delay or grace period.

Billing and transaction records may be retained by Dodo Payments for up to 7 years as required by applicable tax and financial regulations. This data is held by Dodo Payments, not by Draftly, and is outside our control.

Page context sent to generate drafts is not persistently stored on our servers after the API response is returned.

5. Cookies and Local Storage

We use browser cookies and local storage solely for session management (keeping you logged in). We do not use tracking cookies or third-party advertising cookies.

6. Children's Privacy

Draftly is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (see our Data Deletion page).
  • Object to or restrict certain processing.
  • Data portability (receive your data in a machine-readable format).

To exercise any of these rights, email us at help.cryptpeach@gmail.com.

8. Security

We implement industry-standard security measures including HTTPS encryption, secure token handling via Supabase Auth, and row-level security in our database. However, no method of transmission over the Internet is 100% secure.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of Draftly after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Draftly
Email: help.cryptpeach@gmail.com