Financial Security

Log-In Security

Data Retention

The Drafty team is very concerned about the security of your financial data. For this reason we have adopted theAPI to handle all financial transactions. What this means is that when you click the subscribe button, your data is sent directly to the Stripe servers, so we never see your credit card information. Rather, Stripe sends us a token indicating a successful transaction along with your email address. In practical terms this means that even if our site gets hacked to the ground, your financial information is safe. If you would like to read more about Stripe's security measures head on over to theirand take a look. We feel confident entrusting our security and yours to the Stripe team.For similar reasons, we are using Google OAuth 2.0 for our log-in. Like with your credit card, we never see your password. All we get is your Google ID and a confirmation token that you entered the correct data. A hacker would need to hack Google itself to obtain your password. Drafty's cloud storage system utilizes Google Drive's file system. As such when you sign in you grant Drafty permissions to read/write to your drive. Upon first sign-in Drafty will make a folder called 'Drafty' where all project files are written to and read from. This is the extent to which we access your file system.The combination of these two technologies means that there is no way to connect your username and password with your credit card information while using Drafty. We do store your username and email in order to ensure your ability to use our services. This small amount of data retention is wholly disconnected from both your password and your financial data. For the purposes of debugging and tech support Drafty does track and log user activity within the application. File names and actions using our tools are logged. We collect basic information like location, browser type, and OS. If you would like to have this information deleted from our servers please contact our support team via the in-app 'Feedback' button. The collection of emails as part of the web service shall never intentionally be made available to third parties, including but not limited to, Drafty's vendor partners. We retain email addresses solely for the pruposes of important communication between us and our users. We will never sell, license, or otherwise distribute our email lists for commercial purposes. We hope this makes you feel taken care of. It sure allows us to sleep well at night.