Privacy Policy

Draft Sentinel ("we," "us," or "our") is committed to protecting your privacy and the security of your personal data and manuscripts. This Privacy Policy describes how we collect, use, store, share, and protect information when you use our AI Manuscript Analysis Platform ("the Service") at draftsentinel.com.

By using the Service, you consent to the data practices described in this policy and in our Terms of Service. If you do not agree, do not use the Service.

This policy applies to all users of the Service, regardless of location. Additional rights may apply depending on your jurisdiction, as described in Sections 10 and 11.

2.1 Information You Provide:

(a) Account Information: Email address provided at signup. Optionally, intended use category (fiction, nonfiction, academic, editing, publishing, other). We do not collect passwords — the Service uses passwordless magic link authentication.

(b) Manuscript Content: The text content of manuscripts you upload for analysis. This is processed temporarily as described in Section 6.

(c) Communications: Any information you provide when contacting us for support, feedback, or inquiries.

2.2 Information Collected Automatically:

(a) Usage Data: Analysis requests, features used, timestamps, word counts, manuscript types submitted, and general interaction patterns.

(b) Device and Technical Data: IP address, browser type and version, operating system, device type, referring URLs, and pages visited.

(c) Cookies: Essential session cookies required for authentication and security. See Section 13.

2.3 Information from Third Parties:

(a) Payment Processor: Stripe provides us with limited transaction confirmation data (subscription status, payment success/failure). We never receive or store your full credit card number, bank account, or other sensitive financial details.

(b) OAuth Providers: If you sign in via Google or Apple (when available), we receive only your email address and name from the OAuth provider. We do not receive or store your OAuth provider password.

We use collected information solely for the following purposes:

(a) Providing, operating, and maintaining the Service;

(b) Processing your manuscripts and generating analysis reports;

(c) Authenticating your identity and managing your account;

(d) Processing payments and managing subscriptions through Stripe;

(e) Enforcing usage limits, plan restrictions, and Terms of Service;

(f) Sending essential account communications (magic links, payment confirmations, service-critical notices);

(g) Monitoring for fraud, abuse, unauthorized access, and security threats;

(h) Analyzing aggregated, anonymized usage patterns to improve the Service;

(i) Complying with legal obligations, responding to lawful requests, and protecting our legal rights.

We do not use your information for any purpose not listed above without your explicit consent.

These commitments are fundamental to our Service and are not subject to change without explicit prior notice and your affirmative consent:

(a) We do NOT train AI models on your manuscripts. Your manuscript text is never used to train, fine-tune, retrain, evaluate, benchmark, or otherwise improve any artificial intelligence model, machine learning model, or natural language processing system. Not by default. Not with consent. Not ever. This commitment applies to both our own systems and any third-party systems.

(b) We do NOT sell your personal data or manuscript content. We do not sell, rent, lease, trade, license, or otherwise transfer your personal information, manuscript content, analysis results, or any derivative data to any third party for any purpose, including marketing, advertising, data brokerage, or analytics.

(c) We do NOT read your manuscripts. No human employee, contractor, agent, consultant, or representative of Draft Sentinel accesses, reads, reviews, or examines the text content of your manuscript. All analysis is performed by fully automated systems. The only exception would be if you explicitly request human support involving your manuscript content and provide written consent for a specific support interaction.

(d) We do NOT retain manuscripts beyond the stated period. Manuscript files are automatically and permanently deleted per Section 6.

(e) We do NOT use your data for advertising. We do not serve ads. We do not use your data to target, personalize, or deliver advertisements of any kind.

(f) We do NOT create user profiles for marketing. We do not build behavioral profiles, interest graphs, or marketing segments from your usage data or manuscript content.

(g) We do NOT share manuscript content except for processing. Manuscript text is transmitted to AI inference providers (such as Anthropic's Claude API) solely for the purpose of generating your analysis. These providers are contractually prohibited from using input data for model training, and we select providers whose terms include this prohibition.

We may share limited data in the following circumstances only:

(a) Service Providers: We share data with third-party service providers who perform services on our behalf (payment processing, hosting, email delivery, AI inference). These providers access only the minimum data necessary to perform their function and are contractually bound to protect your data and use it only for the specified purpose.

(b) Legal Requirements: We may disclose your data if required by law, subpoena, court order, or government regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a lawful government request.

(c) Business Transfer: If Draft Sentinel is involved in a merger, acquisition, bankruptcy, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email or prominent notice before your data is transferred and becomes subject to a different privacy policy.

(d) With Your Consent: We may share your data for any purpose with your explicit, informed consent.

We do not share data in any circumstances not described above.

6.1 Manuscript Files: Uploaded manuscript files (.docx, .doc, .pdf, .txt) are stored in temporary processing storage. Manuscript files are automatically and permanently deleted within seven (7) days of report generation. Deletion is irreversible. We do not maintain backups of deleted manuscript files.

6.2 Analysis Reports: Generated reports (PDF, annotated DOCX, edited DOCX, findings JSON) are retained in your account for as long as your account is active, unless you manually delete them. Reports may contain short excerpts from your manuscript as evidence for specific findings, but do not contain the full manuscript text.

6.3 Account Data: Account information (email, usage history, subscription records) is retained for as long as your account is active. Upon account deletion request, we will permanently delete your personal data within thirty (30) days, except where retention is required by law (e.g., financial records required for tax compliance may be retained for up to seven years).

6.4 Aggregated Data: We may retain aggregated, fully anonymized data (total analysis counts, average word counts, general usage statistics) indefinitely. This data cannot identify any individual user or reconstruct any manuscript content.

6.5 Backup Systems: Data in automated backup systems will be purged in accordance with our backup rotation schedule, which does not exceed thirty (30) days beyond the applicable retention period.

We implement commercially reasonable technical and organizational security measures, including:

(a) TLS/SSL encryption for all data in transit;

(b) AES-256 encryption (or equivalent) for data at rest;

(c) Role-based access controls with principle of least privilege;

(d) Automated manuscript deletion per retention policy;

(e) Regular security monitoring and logging;

(f) Secure authentication via cryptographically signed, single-use, time-limited magic link tokens;

(g) Server-side enforcement of all usage limits and access controls;

(h) Input validation and sanitization on all file uploads.

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected users and applicable authorities as required by law.

The Service relies on the following categories of third-party services:

AI Inference (Anthropic / Claude API): Manuscript text is sent to Anthropic's API for analysis processing. Anthropic's usage policy states that API inputs are not used for model training. We select AI providers whose data handling terms prohibit training on customer input.

Payment Processing (Stripe): All payment transactions are processed by Stripe, Inc. We never receive, process, or store your full credit card number. Stripe is PCI DSS Level 1 certified. Stripe's privacy policy: stripe.com/privacy.

Hosting Infrastructure: The Service runs on cloud infrastructure that maintains SOC 2 and/or ISO 27001 certifications.

Email Services: Transactional emails (magic links, account notifications) are sent through third-party email service providers.

We conduct due diligence on third-party providers and select those with appropriate security certifications and data protection commitments. However, we are not responsible for the independent privacy practices or security measures of third-party services.

Regardless of your location, you have the following rights:

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate personal data.

Deletion: Request deletion of your personal data and account by contacting draftsentinel@gmail.com. We will process deletion within thirty (30) days.

Data Export: Request your data in a commonly used, machine-readable format (JSON or CSV).

Objection: Object to certain types of data processing.

Restriction: Request that we limit our processing of your data in certain circumstances.

Withdrawal of Consent: Where processing is based on consent, withdraw consent at any time.

To exercise any right, email draftsentinel@gmail.com with your request. We will verify your identity before processing. We will respond within thirty (30) days. We will not discriminate against you for exercising your privacy rights.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

(a) Right to Know: What personal information is collected, the sources, the purposes, and the third parties with whom it is shared.

(b) Right to Delete: Request deletion of your personal information.

(c) Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.

(d) Right to Opt-Out of Sharing: We do not share personal information for cross-context behavioral advertising.

(e) Right to Correct: Request correction of inaccurate personal information.

(f) Right to Limit Use of Sensitive Data: We collect minimal sensitive personal information (email only) and use it solely for providing the Service.

(g) Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA/CPRA right.

Designated categories of personal information collected: Identifiers (email), commercial information (subscription history), Internet/electronic activity (usage data), and inferences (manuscript type classification). We do not collect biometric data, geolocation, or protected class information.

To submit a CCPA/CPRA request: email draftsentinel@gmail.com. You may designate an authorized agent to act on your behalf with written authorization.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

Legal Bases for Processing: (a) Contract performance — processing necessary to provide the Service you requested; (b) Legitimate interests — improving the Service, ensuring security, preventing fraud; (c) Legal obligation — complying with applicable laws; (d) Consent — where you have given explicit consent.

International Transfers: Your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on Standard Contractual Clauses or other approved transfer mechanisms where required.

Data Protection Officer: For GDPR inquiries, contact draftsentinel@gmail.com.

Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.

All rights in Section 9 apply to GDPR users. Additionally, you have the right to data portability (receive your data in a structured, commonly used, machine-readable format).

The Service is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal information from children under 18.

For educational use cases where students under 18 access the Service under institutional supervision, the educational institution, teacher, or parent/guardian is solely responsible for: (a) obtaining all required consent under COPPA, FERPA, and applicable state privacy laws; (b) supervising the minor's use of the Service; (c) ensuring the minor's data is handled in compliance with applicable law.

If we learn we have collected data from a child under 18 without proper consent, we will promptly delete it. Report concerns to draftsentinel@gmail.com.

Essential Cookies: We use strictly necessary cookies for authentication, session management, and security. These cannot be disabled without breaking the Service.

Analytics: We may use privacy-respecting analytics to understand aggregate usage patterns. Any analytics data is anonymized and aggregated.

No Advertising Cookies: We do not use advertising cookies, tracking pixels, retargeting scripts, or any form of cross-site tracking technology. We do not participate in advertising networks or data exchanges.

Do Not Track: We honor "Do Not Track" browser signals. Because we do not engage in tracking, no additional changes to our behavior are necessary when we receive a DNT signal.

In the event of a security breach that results in unauthorized access to, or disclosure of, your personal information, we will:

(a) Investigate and take immediate steps to contain and remediate the breach;

(b) Notify affected users via email within seventy-two (72) hours of becoming aware of the breach, or as soon as reasonably practicable;

(c) Notify applicable regulatory authorities as required by law;

(d) Provide information about the nature of the breach, the data affected, steps we are taking, and steps you can take to protect yourself.

We may update this Privacy Policy from time to time. If we make material changes, we will: (a) update the "Last updated" date; (b) notify you by email at least fifteen (15) days before the changes take effect; (c) post a prominent notice on the Service.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. If you do not agree, stop using the Service and request account deletion.

For any questions, concerns, or requests regarding this Privacy Policy, your data, or your rights:

Draft Sentinel
Email: draftsentinel@gmail.com

We aim to respond to all privacy-related inquiries within thirty (30) days.