Privacy Policy - Draftly AI for WhatsApp

Last Updated: January 8, 2026

TL;DR: We only read the last few messages locally to provide suggestions. No chat history is stored or transmitted without your explicit consent. Your conversations stay on your device.

1. Introduction

Welcome to Draftly AI. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our WhatsApp Web autocomplete extension.

Draftly AI is designed with privacy as a core principle. We believe your messages are yours, and we've built our service to minimize data collection while maximizing functionality.

2. Information We Collect

2.1 Account Information

When you create an account with Draftly AI, we collect:

Email Address: Used for account creation, login, and service communications
Password: Encrypted using industry-standard bcrypt hashing (we never store plain text passwords)
Subscription Plan: Your current plan (Free or Pro) and subscription status
Payment Information: Processed securely through Razorpay (we never store your credit card details)

2.2 Message Context (Temporary)

For AI-powered suggestion generation only:

Recent Messages: The last 2-6 messages (you control the depth) from your current WhatsApp conversation
Current Draft: Your partially typed message or explicit instruction (e.g., "Polite refusal")
Custom Instructions: Your saved preferences (e.g., "Use my name Rahul") are included in the processing context
Processing: This context is processed by our secure AI engine in real-time and immediately discarded
No Storage: We do NOT store your messages, chat history, or conversation content on our servers

2.3 Usage Analytics

To improve our service, we collect anonymous usage data:

Suggestion Count: Number of suggestions requested per user
Acceptance Rate: Whether you used our suggestions (helps improve quality)
Response Time: How quickly suggestions are generated
Error Logs: Technical errors to help us fix bugs

2.4 What We NEVER Collect

Complete chat histories or message archives
Your WhatsApp contact list
Phone numbers or personal identifiers from WhatsApp
Media files (photos, videos, documents, voice notes)
Location data or device information beyond browser type
WhatsApp account credentials or authentication tokens

3. How We Use Your Information

We use the collected data exclusively for:

AI Suggestion Generation: Processing message context to generate relevant suggestions
Account Management: Managing your registration, login, and subscription
Usage Tracking: Enforcing plan limits (Free: 20 lifetime suggestions, Pro: Unlimited)
Payment Processing: Processing subscriptions through Razorpay payment gateway
Service Improvement: Analyzing usage patterns to improve suggestion quality
Customer Support: Responding to your support requests and technical issues
Security: Detecting and preventing fraudulent activity and unauthorized access

We do NOT:

Sell your data to third parties
Use your messages for advertising
Train AI models on your personal conversations
Share your data with anyone except as described in this policy

4. Data Storage and Security

4.1 Database Storage

Account and subscription data is stored in:

Database: Secure cloud database (encrypted at rest)
Data Stored: Email, encrypted password, subscription details, usage counts
Location: Hosted on secure enterprise servers with automatic backups
Retention: Account data retained until you delete your account

4.2 Message Processing (Temporary)

When you request suggestions:

Processing: Message context sent to our secure AI engine via encrypted HTTPS connection
Encryption: All data in transit protected by TLS 1.3 encryption
Immediate Deletion: Context is deleted immediately after suggestions are generated (typically under 1 second)
No Logs: We do not maintain logs of your message content

4.3 Security Measures

Password Protection: Bcrypt hashing with salt rounds for all passwords
JWT Authentication: Secure token-based authentication for API access
Rate Limiting: Protection against brute force and DDoS attacks
Secure Headers: Helmet.js for HTTP security headers
Payment Security: PCI-compliant Razorpay handles all payment data

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We only share data with:

AI Service Providers: To generate advanced suggestions (bound by strict data processing agreements)
Payment Processors: To handle subscription payments securely
Analytics Services: Anonymized usage data for product improvement (opt-in only)
Legal Requirements: When required by law or to protect our rights

6. Your Rights and Choices

You have the right to:

Access: Request a copy of your data
Deletion: Request deletion of your account and associated data
Correction: Update or correct your personal information
Portability: Export your data in a machine-readable format
Opt-Out: Disable AI suggestions and use only local processing
Withdraw Consent: Revoke permissions at any time through settings

7. Cookies and Tracking

We use minimal cookies and local storage for:

Authentication and session management
Remembering your preferences
Analytics (with your consent)

8. Children's Privacy

Draftly AI is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

Posting a notice in the extension
Sending an email notification
Updating the "Last Updated" date at the top of this page

10. Contact Us

If you have questions about this privacy policy or your data, please contact us:

Email: [email protected]

Privacy by Design: We've built Draftly AI to respect your privacy from the ground up. Local processing, minimal data collection, and transparent practices are at the core of everything we do.