Privacy Policy

Last updated: April 7, 2026

Table of Contents

  1. 1. Introduction & Scope
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. Legal Bases for Processing (GDPR)
  5. 5. Operational Services
  6. 6. Data Retention
  7. 7. Data Security
  8. 8. Your Rights (General)
  9. 9. California Privacy Rights (CCPA/CPRA)
  10. 10. European Privacy Rights (GDPR)
  11. 11. Other US State Privacy Laws
  12. 12. Children's Privacy
  13. 13. Cookies & Tracking Technologies
  14. 14. Content Notes
  15. 15. Changes to This Policy
  16. 16. Contact Us

1. Introduction & Scope

Draftovo ("Draftovo," "we," "us," or "our") operates the Draftovo platform at draftovo.ai, an AI-powered social media content generation service (the "Service"). This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights you have.

This policy applies to information we process when you visit our website, create an account, subscribe to a plan, or otherwise interact with the Service. It does not apply to third-party websites or services we link to but do not control.

2. Information We Collect

  • Account information: name, email address, password (stored hashed and salted), and profile photo.
  • Billing information: handled by our payment partners. We do not store your full card number, CVV, or bank credentials on our servers. We receive limited metadata such as the last four digits, card brand, and billing zip.
  • Brand assets: logos, color palettes, brand voice samples, tone guides, and other materials you upload.
  • Generated content: the posts, captions, and creative assets we generate for you.
  • Content requests and uploaded materials: requests, uploaded materials, and feedback you submit while using the Service.
  • Usage data: page views, feature usage, clicks, session duration, and interaction patterns.
  • Device & log data: IP address, browser type, operating system, referring URLs, and timestamps.
  • Cookies & similar technologies: essential, analytics, and preference cookies. See Section 13 for details.

3. How We Use Your Information

  • Provide the Service, including generating content and managing your subscription.
  • Process payments and refunds.
  • Improve service quality using anonymized and aggregated data.
  • Provide customer support and respond to requests.
  • Maintain security, detect fraud, and prevent abuse of the Service.
  • Send transactional emails (always) and marketing communications (opt-in only; you can unsubscribe at any time).
  • Comply with legal obligations and enforce our terms.

5. Operational Services

We rely on a limited set of trusted outside services to operate Draftovo, including hosting, account services, payment processing, communications, and related operations. Each service is bound by data protection terms at least as protective as this Privacy Policy. A current list of engaged services is available to enterprise customers upon written request to legal@draftovo.ai.

We do not sell your personal information to any third party.

6. Data Retention

  • Account data: retained while your account is active, plus 30 days after deletion.
  • Generated content: retained while your account is active.
  • Billing records: retained for 7 years to satisfy tax and legal requirements.
  • Server & access logs: retained for up to 90 days.

You can request deletion of your account at any time (see Section 8 and Section 9).

7. Data Security

  • Encryption at rest and in transit using TLS 1.2 or higher.
  • Role-based access controls and least-privilege principles.
  • Regular security reviews, dependency audits, and monitoring.
  • Breach notification to affected users and regulators within 72 hours where required by law.

No system is 100% secure. You are responsible for keeping your password confidential.

8. Your Rights (General)

Subject to applicable law, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of your personal information.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email legal@draftovo.ai.

California Residents

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.

Your California Rights

  • Right to know what personal information we collect, use, disclose, and share.
  • Right to delete personal information we have collected from you.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. Draftovo does not sell or share your personal information as those terms are defined under the CCPA/CPRA.
  • Right to limit use and disclosure of sensitive personal information to purposes necessary to provide the Service.
  • Right to non-discrimination for exercising your privacy rights.

Categories of Personal Information Collected (last 12 months)

  • Identifiers: name, email, IP address, account ID.
  • Customer records (Cal. Civ. Code § 1798.80): billing details processed by our payment partners.
  • Commercial information: subscription plan, purchase history.
  • Internet or network activity: browsing, feature usage, logs.
  • Geolocation: coarse location derived from IP address.
  • Professional or employment information: business name and role (if provided).
  • Inferences: preferences drawn from the above to personalize content.

Categories Disclosed for Business Purposes

We disclose identifiers, commercial information, internet activity, and content you submit to the subprocessors listed in Section 5 solely to operate the Service.

How to Submit a Request

Email legal@draftovo.ai with the subject line "California Privacy Request". We will verify your identity by matching information you provide against records associated with your account. Authorized agents may submit requests on your behalf with written permission and proof of identity.

We will respond within 45 days of receiving a verifiable request, extendable by another 45 days when reasonably necessary (for a maximum of 90 days), with notice to you.

Shine the Light (Cal. Civ. Code § 1798.83)

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. Draftovo does not share personal information with third parties for their own direct marketing purposes.

Metrics Disclosure

If and when required by law, we will publish annual metrics on consumer requests received and fulfilled.

10. European Privacy Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the rights outlined in Section 8, plus:

  • Data portability: receive your data in a structured, machine-readable format.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests.

International transfers: Draftovo is based in the United States, and your data may be transferred to and processed in the US and other countries. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard transfers of EU/UK personal data.

EU Representative: Not currently appointed. EU users may contact sstevens@willowwealthfinancial.com. To contact our Data Protection Officer, email legal@draftovo.ai.

Enterprise DPA: business customers requiring a Data Processing Addendum under GDPR Article 28 can review and execute our Data Processing Addendum.

11. Other US State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws have rights similar to those described above, including rights to access, correct, delete, and opt out of targeted advertising and the sale of personal data. To exercise these rights, email legal@draftovo.ai.

12. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal information from, anyone under 18 years of age. If we learn that we have collected personal information from a minor, we will delete it promptly. Parents or guardians who believe a minor has provided us with personal information should contact legal@draftovo.ai.

13. Cookies & Tracking Technologies

  • Essential: required for authentication and security.
  • Functional: remember preferences and settings.
  • Analytics: help us understand how the Service is used.
  • Marketing: used only with your consent.

You can manage cookies through your browser settings. Disabling essential cookies may break the Service.

Do Not Track: because there is no industry consensus, we do not respond to "Do Not Track" browser signals.

Global Privacy Control (GPC): we honor GPC signals as a valid opt-out of the sale or sharing of personal information for California residents and other jurisdictions that recognize GPC.

14. Content Notes

  • Content you submit (brand details, uploaded material, and requests) is processed by Draftovo and trusted outside services to deliver the Service.
  • We do not use your brand data or generated content for other customers.
  • We may retain anonymized usage patterns and outputs to evaluate and improve the quality of the Service.
  • You can opt out of certain product improvement uses from your account Settings.
  • Generated content may contain errors. You are responsible for reviewing content before publishing it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email and/or an in-product notice at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

16. Contact Us