Privacy Policy
Last updated: February 2026
1. Our Data Minimisation Principle
PolicyDraft.org is committed to collecting and storing the absolute minimum amount of personal information necessary to operate the platform. We do not collect data for advertising, profiling, or any purpose beyond running the service.
2. Personal Information We Collect
We collect only what is strictly required for your account to function:
- Email address — used for authentication, password resets, and essential platform notifications (e.g. invitation links)
- Password — stored only in irreversibly hashed form (bcrypt); we never store or have access to your plaintext password
- Display name (optional) — shown alongside your contributions if you choose to provide one
- Security/session records — such as refresh sessions, authentication codes, and security/audit events needed to operate and protect accounts
- Billing state identifiers — if subscriptions are enabled, we store payment-processor customer/subscription references and status (not full card numbers)
We do not collect government IDs or full payment card numbers in our database.
3. Collaborative Content (Nodes, Edges, Thematics)
The core of PolicyDraft.org is collaborative knowledge — nodes, edges, thematics, merge proposals, publications, and related data that users create together. This content is:
- Retained for collaboration: Collaborative content is stored indefinitely to maintain the integrity of the shared knowledge graph, even if your account is deleted (in which case it is anonymised)
- Visible to other users: Depending on thematic privacy settings, your contributions may be visible to other platform users
- Not treated as personal data: Nodes, edges, and thematic content are considered collaborative contributions to a shared knowledge base, not personal data belonging to any single user
Important: You should not include sensitive personal information (e.g. your address, health details, financial data, or information about identifiable individuals) in node titles, descriptions, edge labels, or any other collaborative content. PolicyDraft.org accepts no responsibility or liability for personal information that users voluntarily include in collaborative content. By contributing, you acknowledge that such content may be viewed, edited, merged, or published by other users and AI-assisted processes.
3a. Thematic Apps & Enterprise Vault Data
Some enterprises use thematic apps — custom forms whose fields are defined by the thematic or enterprise owner. These apps may intentionally collect personal data about clients, patients, or other subjects (for example names, dates of birth, or uploaded documents).
- Controller vs processor: For enterprise thematic apps, the enterprise customer is typically the data controller for form-collected data; PolicyDraft.org acts as a processor hosting storage, access controls, and optional AI generation on the controller’s instructions.
- Data profiles: App owners choose a data profile (
standard,pii_strict,ai_redacted, orclinical). Profiles control whether cloud AI is used, which fields are sent to AI, and how vault index metadata is stored (tokenised scope IDs and encrypted bodies for enterprise vault data). - Field flags: Individual form fields may be marked sensitive, identifier, or excluded from AI (
ai_include: false). Sensitive fields are not stored in plaintext vault search indexes. - Encryption: For enterprise thematics, submission bodies and vault outputs are encrypted at rest with per-enterprise keys. Index metadata may remain plaintext only for non-sensitive profiles;
pii_strictandclinicalapps encrypt or omit identifying index fields. - AI subprocessors: Unless an app uses
clinical(script-only, no cloud AI) or field-level AI exclusion, form values may be sent to Google Cloud Vertex AI to generate documents. Do not enable cloud AI for data you cannot lawfully send to subprocessors. - Your rights: Account data export includes your thematic app submissions and vault outputs (decrypted for the authenticated user). Account deletion removes your app submissions, outputs, access grants, and favourites. Enterprise owners may erase all vault data for a subject entity via the vault erasure API.
- Retention: Thematic app submissions and vault outputs are automatically deleted after 365 days unless your enterprise agreement states otherwise.
4. How We Use Your Information
Your personal information (email and name) is used solely to:
- Authenticate you and manage your account session
- Send essential transactional communications (password resets, invitation links, waiting list updates)
- Attribute contributions to your account within the platform
- Operate service reliability and abuse/security controls, including audit and operational event logging
- Comply with legal obligations
We do not sell personal information or use it for third-party advertising.
5. Data Sharing
We do not sell, rent, or trade your personal data. We may share your information only:
- With your explicit consent
- To comply with a legal obligation, court order, or law enforcement request
- With infrastructure providers who host and operate the platform (e.g. cloud hosting, AI processing, email delivery, payment processing), under strict confidentiality obligations and solely for service delivery
6. AI Processing
PolicyDraft.org uses AI services (currently Google Cloud Vertex AI / Gemini models) to suggest merges/connections, process essays, and assist with publication workflows. When AI processing occurs:
- Primarily collaborative content (node text, edge labels, thematic context) is sent to AI services
- Account credentials are never sent to AI services
- For some publication-generation flows, contributor display fields may be included to preserve authorship context
7. Your Rights (GDPR)
You have the right to:
- Access: Request a copy of your personal data via the Data Export feature on your Account Settings page
- Rectification: Update your email or name at any time through your account
- Erasure: Delete your account, which anonymises your personal data and deletes your thematic app submissions, vault outputs, and related app access records; collaborative graph content is retained in anonymised form
- Portability: Export your data in JSON format
- Objection & Restriction: Contact us to object to or restrict processing
8. Data Security
We implement appropriate measures to protect your data:
- Passwords hashed with bcrypt (irreversible)
- All traffic encrypted via HTTPS
- JWT-based session tokens with expiry
- Role-based access controls
9. Data Retention
- Personal data (email, name) is retained while your account is active. Upon account deletion, primary account identifiers are anonymised promptly as part of the deletion flow.
- Collaborative content (nodes, edges, thematics) is retained indefinitely in anonymised form after account deletion to preserve the integrity of the shared knowledge graph.
- Operational/security records (for example sessions, notifications, analytics, AI jobs, and audit logs) are retained according to table-specific retention schedules enforced by automated cleanup jobs.
- Thematic app submissions and vault outputs are retained for up to 365 days, then purged by automated cleanup.
10. Cookies & Local Storage
We use essential browser storage for authentication tokens/session management and product operation (for example, graph workspace state, thematic preferences, and notification counters). We also use a CSRF cookie for request protection in applicable flows. We do not use advertising cookies in core product code paths.
11. Children's Privacy
Our services are not intended for children under 16. We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the platform after changes constitutes acceptance.
13. Contact Us
If you have questions about this privacy policy or wish to exercise your rights, please contact us through your Account Settings or via the platform.