DraftlyAll legal

Compliance overview

Last updated: April 5, 2026

Purpose

This page summarizes how Draftly approaches common regulatory and customer expectations. It is not a certification, legal opinion, or exhaustive list of obligations. Customers and partners should perform their own diligence and consult qualified counsel.

Documents

Our primary legal documents are:

  • Privacy Policy — personal data processing, international transfers, and individual rights.
  • Cookie Policy — cookies, analytics, and advertising technologies.
  • Terms of Service — acceptable use, subscriptions, liability, and governing law.

European Union, EEA, UK & Switzerland

Where the GDPR, UK GDPR, or Swiss FADP applies, we aim to process personal data lawfully, fairly, and transparently; limit collection to what is needed; honor data subject rights; and use appropriate safeguards for international transfers (such as Standard Contractual Clauses where required).

Legal bases we rely on commonly include contract (providing the Service), legitimate interests (security and product improvement, balanced against your rights), and consent where required — especially for non-essential cookies or marketing.

United States — state privacy laws

Several US states (including California, Colorado, Connecticut, Virginia, and others) grant residents rights regarding personal information and impose rules on “sales,” “sharing,” and targeted advertising. Our Privacy Policy describes how to submit requests. We honor applicable opt-out rights, including recognition of Global Privacy Control where required for browser-based opt-outs.

We do not “sell” personal information for money in the conventional sense. Some cookies or pixels used for advertising or analytics may constitute “sharing” or targeted advertising under state definitions; those are addressed in our Cookie Policy.

Security & subprocessors

We implement administrative, technical, and organizational measures designed to protect personal data appropriate to the risk, including secure transport, access controls, and vendor review. We use reputable infrastructure and service providers to host and operate the Service.

Enterprise customers who need a Data Processing Agreement (DPA) or subprocessor list for their records should contact us. Availability may depend on your plan and executed agreement.

Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children as described in our Privacy Policy.

AI & automated processing

Features may use machine learning and third-party model APIs. We process prompts and related data to deliver the Service as described in the Privacy Policy. Outputs are generated for your creative use; you are responsible for compliance with laws applicable to your content and use cases.

Contact & data protection inquiries

For privacy requests, questions about this overview, or security issues: support@draftly.business

If you are a supervisory authority or law enforcement agency, please use the same channel and include sufficient detail for us to validate and respond promptly.