Specific commitments. Not vague promises.
Last updated: June 7, 2026
Draftrow is operated by 17145608 Canada Inc., a corporation incorporated under the laws of Canada, carrying on business as AQM Hub, located in Whitby, Ontario, Canada. For privacy questions, contact privacy@draftrow.com or call 416-570-3433. We process personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
Draftrow is a tool that service business operators use to manage customer inquiries. Privacy on the platform has three roles:
You, the operator. You are the data controller. You decide what customer conversations to process and what bookings to save. Your obligations to your customers under privacy laws remain your obligations. We provide the technical infrastructure; you maintain the customer relationship.
Draftrow, the processor. We process the conversations you paste or upload. We extract booking details using AI (Anthropic Claude). We store the structured bookings you save. We do not contact your customers, market to them, or use their information for any purpose other than fulfilling your requests.
Your customers, the data subjects. They have rights under the privacy laws that apply where they live. Most commonly: the right to access their information, the right to correct it, the right to ask for deletion, the right to know how it is being used. They exercise these rights through you, their service provider, not through Draftrow directly.
This structure is the same as how you use QuickBooks for invoicing, Stripe for payments, or Google Workspace for email. Draftrow is one of the tools you use to run your business.
When a customer sends you a Messenger inquiry asking about renting chairs, photographing their wedding, or pressure washing their driveway, they are voluntarily disclosing information for a commercial purpose. Under PIPEDA's reasonable person standard and similar frameworks in other jurisdictions, customers reasonably expect that:
This means Draftrow does not require you to obtain separate consent from each customer before processing their conversation. The implied consent from their voluntary business inquiry is sufficient, the same way it is sufficient when you use a spreadsheet or invoicing tool.
What you should still do as a responsible operator:
We provide a free Operator Privacy Notice template at /resources/privacy-notice-template that you can adapt for your business.
Text path
Chat file path (.txt)
Screenshot path
SMS path (optional integration)
Email path (optional integration)
Public booking form path (optional)
After extraction, the conversation is dropped from our servers. Only the structured booking fields are saved. If you enable "Store conversation text" in Settings, the text is stored encrypted (AES-256-GCM) for up to 14 days for draft review, then automatically deleted.
Customer names, phone numbers, addresses, and notes are encrypted using AES-256-GCM. Decryption is audit-logged.
Conversation content is sent to Anthropic (primary) or OpenAI (fallback) for extraction. No other third party receives conversation content. Both operate under no-training commercial API policies. Anthropic retains data for up to 30 days for safety review, then deletes it. We are pursuing Zero Data Retention with Anthropic.
Credit card numbers, government IDs, and similar patterns are stripped from the conversation text before it reaches our AI provider.
Our server logs strip conversation text automatically. Error reports also exclude request bodies from the extraction endpoint.
Every time customer PII is decrypted from the database, an entry is written to the audit log with your user ID, the resource, and timestamp.
30-day recovery window, then permanent deletion of your data including bookings, extractions, and audit logs. Export from Settings anytime.
If you connect a Facebook Business Page, Draftrow receives messages sent to that Page. We have no access to your personal Facebook profile, friends, or timeline.
Inbound SMS texts and forwarded emails are buffered in memory (Redis) for up to 24 hours. They are never written to our database in raw form. Once you extract a booking from a message, the buffer is cleared.
Customers who submit your public booking page know they are contacting a service business. Their submitted details are encrypted at rest using the same AES-256-GCM encryption as all other customer PII.
| Category | What | Purpose |
|---|---|---|
| Account data | Name, email | Authentication, billing, support |
| Business data | Inventory, pricing rules, booking history | Core product functionality |
| Customer PII | Names, phones, addresses, notes extracted from conversations | Saved bookings (encrypted at rest) |
| Conversation text | The raw text you paste | Not persisted by default. If you enable "Store conversation text" in Settings, stored encrypted for draft review and deleted after 14 days or when draft is resolved. |
| Usage data | Page views, feature usage, error logs | Product improvement (no personal identifiers in logs) |
| Payment data | Billing details via Stripe | Subscription management (Stripe is the processor. We do not see card numbers.) |
If you upload a screenshot of a conversation, here is exactly what happens:
| Subprocessor | Purpose | Location | Data shared |
|---|---|---|---|
| Anthropic | AI extraction (primary) | USA | Conversation text (transient) |
| OpenAI | AI extraction (fallback) | USA | Conversation text (transient) |
| Meta (Facebook) | Page Messaging (optional — only if you connect a Facebook Page); outgoing replies via Send API (optional, per-Page opt-in) | USA | Page ID, message text (transient, 24h Redis buffer); outgoing reply text when you explicitly send |
| Clerk | Authentication | USA | Name, email |
| Stripe | Payment processing | USA/Ireland | Billing details |
| Twilio | SMS inbound (optional — only if you provision an SMS number) | USA | Phone number, message text (transient, Redis buffer) |
| Resend | Transactional email + inbound email forwarding (optional) | USA | Email address, message content (transient for inbound, persisted for outbound) |
| Neon | Database hosting | USA | Encrypted business data |
| Vercel | Application hosting | Global | Aggregate usage logs |
| Sentry | Error tracking | USA | Error messages (PII stripped) |
| Upstash | Rate limiting | USA | IP addresses (hashed) |
We use Anthropic as our primary AI provider. Anthropic processes commercial API inputs and outputs under their commercial data policy: no training on customer data by default, 30-day retention for trust and safety review, then deletion. Flagged content may be retained up to 2 years for policy enforcement. Safety classification scores may be retained up to 7 years. We are pursuing Zero Data Retention which would eliminate the 30-day retention window.
If Anthropic is unavailable, we fall back to OpenAI. OpenAI does not train on API data by default. OpenAI may log API requests for abuse monitoring for up to 30 days, after which they are deleted unless required to be retained for legal or service-protection reasons.
If you choose to connect a Facebook Business Page, Draftrow receives messages sent to that Page via Meta's Messenger Platform API. This integration is optional and requires your explicit authorization through Meta's OAuth flow.
Messages are buffered in Redis (Upstash) for up to 24 hours. They are never written to our Postgres database. After you review and save a booking draft, the buffer for that sender is cleared. If you do not review within 24 hours, the messages expire automatically.
We request only the minimum permissions required: pages_show_list, pages_messaging, and pages_manage_metadata. We do not access your personal Facebook profile, friends list, timeline, or any other data outside your Business Page messages.
Your Page access token is encrypted at rest using AES-256-GCM before being stored in our database. It is decrypted only when needed to authenticate with Meta's API.
You can disconnect your Page at any time from Settings → Integrations. When you disconnect, Draftrow immediately unsubscribes from your Page's webhooks and marks the connection as inactive. The 24-hour buffer for any unreviewed messages will still expire on schedule.
If you enable “Allow replies via Send API” for a connected Page (Settings → Integrations), Draftrow can send messages to your customers on your behalf via Meta's official Send API. Here is exactly what happens:
page_reply_log table with encrypted message text, timestamp, send status, and any failure information. You can request your audit log at any time.Your customers have rights under privacy laws including PIPEDA (Canada), GDPR (European Union and UK), CCPA (California), and similar frameworks elsewhere. These rights generally include:
Because Draftrow is your processor, your customers exercise these rights through you, not directly with us. When a customer asks you for any of these, you handle it within Draftrow:
If you receive a complex request you cannot handle yourself (for example, a customer requesting a Subject Access Request under GDPR with a tight deadline), email us at security@draftrow.com and we will help you respond appropriately.
When you paste a conversation into Draftrow, you may be processing personal information that belongs to your customer. As the service operator, you are responsible for ensuring you have a lawful basis to process this information. Typically this is established because the customer initiated contact to inquire about your services.
We recommend you do not paste:
If you or any of the customers whose information you process is located in the European Union or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR apply.
We are not currently established in the EU and do not target EU operators specifically. If you are an EU-based operator considering Draftrow, please contact us first so we can confirm our service is appropriate for your jurisdiction.
Operators who require a formal Data Processing Agreement (for their own compliance documentation or for their customers' regulatory requirements) can request one by emailing privacy@draftrow.com. We provide a standard DPA template at no charge for all Pro and Hibernation tier customers.
The DPA establishes:
You can also view the DPA template publicly at /resources/dpa-template.
When you paste a conversation, upload a screenshot, or upload a WhatsApp chat export (.txt file), the input is processed entirely in memory. After extraction completes and the response returns to your browser, the input is discarded. Specifically:
You can:
If we experience a breach of security safeguards that poses a real risk of significant harm to you, we will notify you as soon as feasible. We maintain records of all breaches per PIPEDA requirements.
Draftrow is not directed at children. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it. If you believe a child has provided us with personal information, contact us at privacy@draftrow.com.
We will notify you by email of material changes at least 30 days before they take effect.
Privacy questions: privacy@draftrow.com
Security issues: security@draftrow.com
Full security details: /security