Privacy Policy - DrawSortAI

1. Introduction

DrawSortAI ("we," "us," or "our") operates drawsortai.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction drawing classification service.

2. Information We Collect

2.1 Account Information

Email address: Used for account creation, login, and service communications
Password: Stored encrypted (hashed) - we never see your actual password
Account type: Free or Pro tier status

2.2 Files You Upload

PDF drawings: Temporarily processed to extract text and classify by category
ZIP archives: Temporarily stored during processing
Metadata: Filenames, file sizes, upload timestamps

2.3 Usage Data

Processing logs: Upload times, classification results, error logs
Corrections: When you correct a classification, we store this to improve our AI model
Technical data: IP address, browser type, device information (for security and performance)

2.4 Payment Information

Stripe handles all payments: We never see or store your credit card details
Billing details: Name, billing address (stored by Stripe, not us)
Transaction history: Invoice records for Pro subscribers

3. How We Use Your Information

3.1 To Provide the Service

Process and classify your construction drawings
Store your sorted files for download
Manage your account and authentication
Process payments for Pro subscriptions

3.2 To Improve Our AI Model

Use your corrections to retrain our classification algorithm
Analyze text patterns from drawings to improve accuracy
Note: We only use anonymized text data, never your actual PDF files or personal information

3.3 To Communicate With You

Send processing completion notifications
Account and security updates
Billing and subscription information
Service announcements (rare, important only)

3.4 To Maintain Security

Detect and prevent fraud or abuse
Monitor for security threats
Enforce our Terms of Service

4. Data Retention and Deletion

4.1 Your Uploaded Files

Wasabi cloud storage: Deleted within 1 hour of processing completion
Processed results: Available for 7 days, then automatically deleted
Downloaded files: Deleted from our servers immediately after download
Lifecycle policy: Any files missed are auto-deleted after 7 days maximum

4.2 Your Account Data

Active accounts: Retained as long as your account is active
Deleted accounts: All data permanently deleted within 30 days of account deletion
Training data: Anonymized corrections retained indefinitely to maintain model accuracy

4.3 Logs and Analytics

Error logs: Retained for 90 days
Processing logs: Retained for 30 days
Security logs: Retained for 1 year

5. How We Protect Your Data

Encryption in transit: All data transmitted via HTTPS/TLS
Encryption at rest: Files stored encrypted on Wasabi S3
Password security: Bcrypt hashing with salt
Access controls: Only authorized systems and admin accounts can access data
Regular security updates: Servers and dependencies kept current
Rate limiting: Prevents brute force attacks (10 uploads per hour)
CSRF protection: Prevents cross-site request forgery

6. Data Sharing and Third Parties

6.1 We Share Data With:

Wasabi (S3 Storage): Stores your uploaded files temporarily during processing
Stripe (Payments): Processes Pro subscription payments
Render (Hosting): Hosts our application servers

6.2 We DO NOT:

❌ Sell your data to anyone, ever
❌ Share your drawings with third parties
❌ Use your data for advertising
❌ Train AI models for other companies
❌ Share your email with marketers

6.3 Legal Obligations

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

7. Your Rights (GDPR & UK GDPR)

If you're in the EU or UK, you have these rights:

Right to Access: Request a copy of all your data we hold
Right to Rectification: Correct inaccurate data
Right to Erasure ("Right to be Forgotten"): Delete your account and all associated data
Right to Restriction: Limit how we process your data
Right to Data Portability: Export your data in a machine-readable format
Right to Object: Object to certain processing activities
Right to Withdraw Consent: Opt out of optional data processing

To exercise any rights, email us at: privacy@drawsortai.com

We will respond within 30 days.

8. International Data Transfers

Your data may be transferred to and processed in:

United States: Render hosting servers
European Union: Wasabi EU storage (if you're an EU user)

We ensure adequate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) where applicable.

9. Cookies and Tracking

9.1 Essential Cookies

Session cookie: Keeps you logged in (required for the service to work)
CSRF token: Security protection (required)

9.2 We DO NOT Use:

❌ Advertising cookies
❌ Third-party tracking pixels
❌ Social media tracking
❌ Cross-site tracking

9.3 Analytics (If Implemented)

We may use privacy-focused analytics (e.g., Plausible) that doesn't track individual users. This is optional and anonymized.

10. Children's Privacy

DrawSortAI is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately at privacy@drawsortai.com.

11. Changes to This Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we'll notify you via email.

Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

Questions about this Privacy Policy or your data?

Email: privacy@drawsortai.com
Data Protection Officer: dpo@drawsortai.com
Support: support@drawsortai.com

13. Supervisory Authority

If you're in the EU/UK and have concerns about how we handle your data, you have the right to lodge a complaint with your local data protection authority:

UK: Information Commissioner's Office (ICO) - ico.org.uk
EU: Your national data protection authority