Privacy Policy

1. Who We Are

DripDraft is operated by Fluency Digital ("we", "us", "our"). We provide an AI-powered email follow-up tool that helps you send personalized outreach through your Gmail account.

2. Google API Disclosure

DripDraft's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• DripDraft only uses Gmail data to provide and improve the user-facing features described in this policy (sending emails on your behalf after your explicit approval).
• DripDraft does not transfer Gmail data to any third party unless necessary to provide or improve the app's user-facing features, required for security purposes, or required by law.
• DripDraft does not use Gmail data for advertising, market research, email content analysis, or training AI/machine learning models.
• DripDraft does not allow humans to read your Gmail data unless you provide affirmative consent, it is necessary for security investigation, or it is required by law.
• All access to Gmail thread data (reply and bounce detection) is performed by automated systems only — no human reads your email content.

3. Information We Collect

Account information: When you sign in with Google, we receive your name, email address, and profile picture from your Google account.

Gmail access: We request the gmail.send OAuth scope to send emails on your behalf. Follow-up drafts are stored within DripDraft for your review — you approve and send each one individually. DripDraft never sends email without your explicit action. We do not read, store, index, or analyze any emails in your Gmail inbox.

Campaign data: We store the contact information, email subjects, and email bodies you enter when creating campaigns, along with follow-up schedules and template data.

Payment information: Payments are processed by Stripe. We do not store your credit card details. Stripe's privacy policy applies to payment data.

Usage data: We track basic usage metrics like campaign counts for plan limits.

Email tracking (optional): If you enable open and click tracking on a campaign, we embed a small tracking pixel and wrap links in your outgoing emails. When a recipient opens the email or clicks a link, we record the event along with their IP address and browser user agent. This data is only visible to you (the campaign creator) and is deleted when you delete the campaign or your account. Tracking is optional and can be toggled per campaign or set as a default in Settings.

4. How We Use Your Information

We use Google user data (your name, email address, and Gmail send access) solely to provide the app's core functionality:

• To authenticate your account and manage your session
• To send emails on your behalf through Gmail after your explicit approval
• To detect bounces and replies on campaign emails you sent through DripDraft (automated thread checks only — no inbox scanning)

We use non-Google data (content you type into DripDraft such as email drafts, contact details, and writing prompts) for:

• To generate AI-written follow-up emails using OpenAI and Anthropic (only user-entered content is sent to AI providers — never Gmail data)
• To process payments and manage your subscription via Stripe
• To enforce plan limits

5. Anti-Spam Policy

DripDraft is designed for personalized, one-to-one professional outreach — not bulk or mass email. We enforce strict limits to prevent spam and protect Gmail deliverability:

• Campaign limits: Free accounts are limited to 10 campaigns per month. Paid accounts are limited to 100 campaigns per month.
• Batch limits: Batch campaigns are limited to 10 contacts at a time.
• Draft-first approach: All AI-generated follow-up emails are stored as drafts within DripDraft for human review before sending. You must explicitly approve and send each email. DripDraft never auto-sends emails without user action.
• Follow-up spacing: A minimum 2-day gap is enforced between consecutive follow-up drafts to prevent flooding a recipient's inbox.
• Reply & bounce detection: For users with expanded Gmail permissions, campaigns are automatically paused when a reply or bounce is detected via Gmail thread metadata (message headers only — no email body content is read). This prevents unnecessary follow-ups.
• No inbox scanning: DripDraft does not read, scan, index, or analyze the body of any emails in your Gmail inbox. Reply and bounce detection uses only message header metadata (From, Subject) on threads that DripDraft created.
• Rate limiting: API-level rate limits prevent abuse of email sending and AI generation features.

DripDraft is intended for personalized professional correspondence such as sales follow-ups, recruiting outreach, and client communication. It is not designed for marketing newsletters, promotional blasts, or unsolicited bulk email.

6. AI Services & Transparency

DripDraft integrates with the following third-party AI services to power its writing features:

• OpenAI (GPT-4o-mini): Used for email generation, follow-up drafting, and contact information parsing. When you use "AI Write," "Rewrite," or paste/grab contact data for extraction, your input is sent to OpenAI's API for processing.
• Anthropic (Claude Haiku 4.5): Used for email polishing (grammar, clarity, and tone refinement). When you use the "Polish" feature, your draft text is sent to Anthropic's API.

What is sent: Only the specific content you actively submit through AI features — such as email drafts, contact snippets, subject lines, and writing prompts. No Gmail inbox data, no contact lists, and no data beyond what you explicitly provide in the feature is transmitted.

Data retention by AI providers: Both OpenAI and Anthropic process requests in real-time under zero-data-retention API agreements. Your data is not stored by these providers after processing and is not used to train their AI models.

When AI is used: AI features are always user-initiated. DripDraft does not send any data to AI providers in the background or without your explicit action (clicking "Generate," "Polish," "Rewrite," or "Extract Contact").

7. Chrome Extension

DripDraft offers an optional Chrome browser extension that provides quick access to the app's features from any web page. Here is how the extension handles your data:

• Page content access: When you click "Grab from Page," the extension reads the text you have selected on the current page. On LinkedIn profile pages, if you have not selected specific text, the extension automatically extracts visible profile fields (name, headline, location, experience, and contact info if visible) from the page DOM. If no page selection is available, the extension falls back to reading your clipboard contents to capture contact data you may have copied from third-party widgets (such as Signal Hire or ContactOut) that are inaccessible via page selection. This grabbed text is sent to DripDraft's server, where it is processed by OpenAI for AI-powered contact parsing. The extension does not read or transmit page content or clipboard data unless you explicitly click Grab.
• On-demand injection: When you click the DripDraft toolbar icon, the extension injects a small pull-out panel into the current tab so you can compose emails without leaving the page. This only happens on the tab you activate it on — the extension does not inject scripts into other tabs or run on pages in the background. The injected panel tracks your text selection on that page so the Grab button can capture it, but this data stays local until you click Grab.
• Local storage: The extension uses Chrome's local storage (chrome.storage.local) to persist your in-progress form data (contact name, email, company, etc.) between sessions. This data stays on your device and is not transmitted to any server unless you submit it.
• Permissions: The extension requests activeTab (to access the current tab when you click the toolbar icon), scripting (to inject the panel and extract text on demand), storage (to save form state locally), sidePanel (to open as a Chrome side panel), and clipboardRead (to read clipboard contents when you click Grab, as a fallback for contact data copied from third-party widgets). The extension only communicates with dripdraft.com — no other remote servers.
• No background data collection: The extension does not run on pages you have not activated it on, does not monitor your browsing activity, does not collect browsing history, does not track which pages you visit, and does not transmit any data without your explicit action.

8. Data Sharing

We do not sell your data. We share data only with:

• Google: To authenticate and access Gmail on your behalf
• OpenAI: To generate AI-written emails and parse contact details from user-submitted text (for example contact snippets you choose to paste or parse)
• Anthropic: To polish email drafts for grammar and spelling (only your draft text is sent)
• Stripe: To process payments

AI providers only receive user-submitted content for requested features (for example email drafts, contact details, goals/prompts, or text you choose to parse). Data is processed in real-time and is not retained by OpenAI or Anthropic for model training — both providers operate under zero-data-retention API agreements. No data read from your Gmail inbox is ever sent to AI providers or any other third party.

9. Data Retention

We retain your data for as long as your account is active. When you delete your account, all your data — campaigns, contacts, templates, and follow-ups — is permanently and immediately deleted from our database.

10. Your Rights

You can:

• Access: View all your data in the dashboard
• Delete: Delete your account and all data from the Account page
• Revoke access: Remove DripDraft's Gmail access at any time via your Google Account permissions
• Cancel: Cancel your subscription at any time from the Account page

11. Security

All connections use HTTPS/TLS encryption. Google OAuth tokens are encrypted at rest using AES-256-GCM authenticated encryption and are never exposed in API responses or client-side code. We never store your Google password. Database access is restricted to authenticated, authorized users, and all queries are scoped to the logged-in user's data.

12. Contact

For privacy questions, contact us at [email protected] or use our contact form.