Privacy Policy

We collect information you provide directly when you create an account, connect mailboxes, upload contacts, or contact us. This includes your name, email address, and any content you create within DraftForger (drafts, campaigns, contact lists). When you connect a Gmail or Microsoft mailbox, we receive OAuth tokens that authorize DraftForger to send emails on your behalf. We do not store or read the contents of your inbox — only the tokens required to send outbound emails.

We use the information we collect to: • Operate and improve DraftForger • Send emails on your behalf through connected mailboxes • Process and track campaign delivery, opens, and clicks • Communicate with you about your account, updates, and support requests • Comply with legal obligations We do not use your contact lists, email content, or campaign data to train AI models.

All data is stored in a PostgreSQL database hosted on Neon (US East region). OAuth tokens and SMTP credentials are encrypted at rest using AES-256-GCM before being stored. We use HTTPS for all data in transit. File attachments (draft attachments) are stored in Vercel Blob storage with access restricted to your account.

DraftForger uses a single session cookie to keep you logged in (JWT, 30-day expiry). We do not use third-party advertising cookies or cross-site tracking. We use a cookie consent banner to give you control over non-essential cookies. Email open tracking is opt-in per campaign and uses a 1×1 transparent pixel hosted on our servers.

DraftForger uses the following third-party services: • Neon — database hosting • Vercel — application hosting and blob storage • Anthropic — AI email generation (content sent to Anthropic is governed by their privacy policy) • Google / Microsoft — OAuth for mailbox connections • Hostinger — transactional email for account notifications We do not sell your personal data to any third party.

You may request access to, correction of, or deletion of your personal data at any time by contacting us at support@draftforger.com. You may also delete your account directly from the account settings page, which will permanently remove your data from our systems within 30 days.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice. Continued use of DraftForger after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, please contact us at support@draftforger.com.