We are featured on Product Hunt! 🚀 Support us here ❤️

Privacy Policy 2025

Last updated: 12/09/2025

Draft’n run (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website, platform, and related services (collectively, the “Service”).

1. Data We Collect

We may collect the following categories of data:

a. Information You Provide

  • Full name
  • Email address
  • Company or organization name
  • Any content you submit via forms, chat, or emails

b. Automatically Collected Data

When you use our Service, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and duration
  • Referring URL

This data is collected using cookies and similar technologies for analytics purposes.

2. Use of Data

We use your data to:

  • Provide and improve our services
  • Respond to your inquiries and requests
  • Monitor performance and security
  • Send occasional updates (if you’ve opted in)

We use Google Analytics 4 (GA4) with IP anonymization enabled to help us understand how our Service is used. Analytics data is collected in an aggregated, pseudonymized form and processed by Google as our analytics provider.

We collect and process your personal data only when:

  • You have given explicit consent (e.g., via cookie banner or contact form)
  • It is necessary for the performance of a contract
  • We have a legitimate interest that is not overridden by your rights

4. Data Retention

We retain personal data for no longer than one year unless a longer retention is required by law or necessary for ongoing service provision. Analytics event data collected via GA4 is retained for up to 14 months and then automatically deleted.

5. Your Rights

In accordance with applicable data protection laws, you have the right to:

  • Access, correct, or delete your personal data
  • Withdraw your consent at any time
  • Request data portability
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at:

Email: support [at] draftnrun [dot] com

6. Cookies

We use cookies to:

  • Analyze site traffic
  • Remember your preferences
  • Enhance user experience

You can manage your cookie preferences through your browser settings or opt-out via our cookie banner.

We use GA4 first-party cookies, including _ga and _ga_<container-id>, to distinguish users and store session state. These cookies can persist for up to 24 months depending on your settings and our configuration.

7. Data Security

We implement industry-standard security measures to protect your data from unauthorized access, alteration, or destruction.

8. Third-Party Services

We do not sell or share your personal data with third parties, except trusted service providers (e.g., analytics or hosting) who process data on our behalf and under strict confidentiality agreements.

Google Analytics 4 (GA4)

  • Provider: Google Ireland Limited (EU) and Google LLC (US)
  • Purpose: Event-based analytics to understand product usage and improve the Service
  • Data processed: device information, approximate location (based on IP), pages and events, and truncated/anonymized IP addresses (IP anonymization is enabled)
  • Retention: GA4 event data is retained for up to 14 months (configurable)
  • Transfers: Data may be processed outside the EEA. Where applicable, transfers are protected by Standard Contractual Clauses (SCCs)
  • Opt-out: You can reject analytics cookies in our banner or install the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout
  • Policies: See Google’s Privacy Policy: https://policies.google.com/privacy and Google Analytics Terms: https://marketingplatform.google.com/about/analytics/terms/

Google OAuth (Sign-In, Google Drive, and Gmail)

We offer optional integrations with Google services via OAuth 2.0. Each integration is independent and requires a separate, explicit authorization. We will never access Google data unless you choose to connect the corresponding integration in-product and consent on the OAuth screen.

a. Google Sign-In (Account Creation)

  • Purpose: To allow rapid account creation and authentication using your Google identity.
  • Data accessed: Basic profile information such as your full name, email address, and profile picture, as provided by Google.
  • Use: We use this information to create and manage your Draft’n run account and to authenticate your sessions.
  • Storage and retention: We store your email and name as part of your account record for as long as your account remains active or as required to provide the Service.

b. Google Drive Integration (Content Sharing)

  • Purpose: To enable you to connect a specific Google Drive folder to Draft’n run for read-only processing, collaboration, or sharing within the product.
  • Data accessed: Read-only access to the folder you select (and its contents) and related metadata. We do not browse, read, or index your entire Drive outside of the selected folder.
  • Use: We read file metadata and content strictly to provide user-facing features (e.g., ingest documents, search, summarize, collaborate). We do not use Drive data to build profiles for advertising or for unrelated purposes.
  • Storage and retention: Depending on your chosen feature, we may store extracted content or embeddings from the selected files to power product functionality. You can disconnect Drive at any time; upon disconnection or your deletion request, we will remove stored Drive-derived data subject to legal obligations and backup cycles.

c. Gmail Integration (Email Automation)

  • Purpose: To automate email-related tasks you configure (e.g., draft replies, triage, summarize threads, and optionally send messages) within Draft’n run.
  • Restricted scopes: If Gmail restricted scopes are requested, they are used solely to provide the features you enable. These may include: https://www.googleapis.com/auth/gmail.readonly (read), https://www.googleapis.com/auth/gmail.modify (labeling and state changes), https://www.googleapis.com/auth/gmail.compose (manage drafts), and https://www.googleapis.com/auth/gmail.send (send messages).
  • Use: We access the content and metadata of emails you select or that match rules you configure only to perform the requested automation. We do not use Gmail data for advertising or for purposes unrelated to the user-facing features, and we do not use Gmail data to train generalized models.
  • Human access: We do not allow humans to read your Gmail data unless (i) you give us explicit consent for a specific case, (ii) it is necessary for security purposes (such as investigating abuse), (iii) it is necessary to comply with applicable law, or (iv) our internal operations require it and the data has been aggregated and de-identified.
  • Storage and retention: We do not store Gmail message bodies at rest. Message content is processed transiently in memory only when a workflow is triggered and is deleted when the task completes. Where strictly necessary for workflow state, we may temporarily cache non-content identifiers (e.g., message or thread IDs) and minimal metadata, which are removed once the task is finished or upon disconnection, subject to legal obligations and backup cycles.

User control and revocation

  • Separate consent: You can authorize Google Sign-In, Drive, and Gmail independently. Declining one does not affect the others.
  • Disconnect at any time: You can revoke our access at Google Account settings: https://myaccount.google.com/permissions. You can also disconnect integrations from within our product settings.
  • Data deletion: You may request deletion of Google-derived data we store by contacting us at support [at] draftnrun [dot] com or using in-product controls where available. We will complete deletion within a reasonable period, subject to legal obligations and backups.

Scopes we request

  • Google Sign-In: openid, email, profile (for authentication and basic account setup).
  • Google Drive (read-only to selected folder): https://www.googleapis.com/auth/drive.readonly (read-only access limited by our application to the folder you choose). In some cases we may request https://www.googleapis.com/auth/drive.metadata.readonly to list items within the selected folder.
  • Gmail (only if you enable email automation): https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/gmail.modify, https://www.googleapis.com/auth/gmail.compose, and https://www.googleapis.com/auth/gmail.send.

Compliance with Google policies

  • Limited Use: Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
  • No advertising use: We do not use information obtained via Google APIs to serve ads, including retargeting, personalized, or interest-based advertising.
  • Least privilege: We request only the minimum scopes necessary for each feature and only after you opt in.
  • Data sharing: We do not transfer Google user data to third parties except (i) as necessary to provide or improve user-facing features as described, (ii) with your consent, or (iii) to comply with applicable law or a valid legal process, or (iv) as part of a merger, acquisition, or asset sale with appropriate protections.

For more information, see Google’s policies: Google API Services User Data Policy (including Limited Use): https://developers.google.com/terms/api-services-user-data-policy and Gmail User Data Policy: https://developers.google.com/gmail/api/guides/policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the date of the last update indicated at the top.