Privacy Policy

At Drift, Inc. ("Drift," "we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, API, and services (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. This Privacy Policy is incorporated into and subject to our Terms of Service.

We collect several types of information from and about users of our Services:

2.1 Information You Provide to Us

• Account Information: When you register for an account, we collect your name, email address, password, profile image URL, company information, subscription tier, and payment details.

• Business Information: Information about your business including industry, business type, company size, monthly revenue, language preferences, and business challenges.

• Brand Information: When you submit your brand for analysis, we collect your brand name, website URL, and other brand-related information.

• Website Content: When you use our brand analysis feature, we crawl and analyze content from the website URL you provide, including text, images, product information, and other publicly available content.

• User Content: Content you create, upload, or generate using our Services, including email campaigns, templates, product information, and customizations.

• Communications: Information provided when you contact us, respond to surveys, or interact with our customer support.

2.2 Information We Collect Automatically

• Usage Data: Information about how you use our Services, including features accessed, time spent on pages, navigation paths, and interaction with content.

• Device Information: Information about the device used to access our Services, including device type, operating system, browser type, IP address, and mobile device identifiers.

• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies. See our Cookie Policy section for more details.

• Log Files: We collect log files that record activity when you use our Services, including access times, pages viewed, IP address, and the page you visited before navigating to our Services.

2.3 Information from Third Parties

• Integration Partners: If you connect our Services to third-party platforms (such as Klaviyo), we may receive information from those services as permitted by your configuration and their privacy policies.

• Service Providers: Information from service providers who help us operate, improve, and market our Services.

We use the information we collect for various purposes, including:

3.1 To Provide and Improve the Services

• Setting up and maintaining your account
• Providing the core features of our Services
• Analyzing website content to extract brand voice, tone, and audience insights
• Generating email content based on your brand profile and specifications
• Processing and completing transactions
• Developing new products, services, and features
• Improving and personalizing our Services

3.2 For Customer Support and Communication

• Responding to your inquiries and support requests
• Sending administrative messages about the Services
• Providing updates, security alerts, and support messages
• Communicating with you about products, services, offers, and promotions, subject to your communication preferences

3.3 For Analytics and Research

• Analyzing usage patterns and trends
• Measuring the effectiveness of our Services
• Conducting research and development
• Monitoring and analyzing the performance of our AI models
• Creating aggregated or de-identified data for analytics purposes

3.4 For Security and Legal Purposes

• Protecting the security and integrity of our Services
• Detecting and preventing fraud, abuse, and security incidents
• Enforcing our Terms of Service and other legal rights
• Complying with legal obligations

We may share your information in the following circumstances:

4.1 With Your Consent

We may share your information when you direct us to do so or provide your consent.

4.2 With Service Providers

We share information with vendors, consultants, and other service providers who need access to such information to perform services on our behalf, including:

• Cloud infrastructure providers that host our Services
• Payment processors that process your payments
• Analytics providers that help us understand how you use our Services
• Customer support providers that help us respond to your inquiries
• Marketing partners that help us promote our Services

4.3 For Integration Partners

If you connect our Services to third-party services (such as Klaviyo), we share information as needed to facilitate those integrations.

4.4 For Legal Reasons

We may share information if we believe it is required by applicable law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or the rights, property, or safety of our users or others.

4.5 In Connection with a Business Transaction

We may share information in connection with a substantial corporate transaction, such as a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.

4.6 In Aggregated or De-identified Form

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

We retain your information for as long as your account is active or as needed to provide you with Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account Information: Retained for the life of your account and for a period thereafter for legal and operational purposes.
• Generated Content: Email content generations are retained for at least 2 years to support your use of our Services.
• Brand Profiles: Retained for the life of your account to power our Services.
• Website Content: Raw content from website crawling is retained for up to 90 days after analysis.
• Analytics Data: Usage data may be retained in aggregate form for up to 1 year.

You can request deletion of your account and associated data at any time by contacting us.

We implement and maintain reasonable security measures designed to protect your information from unauthorized access, destruction, use, modification, or disclosure. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Regular security training for our personnel

However, no security system is impenetrable, and we cannot guarantee the absolute security of our systems. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You may request a copy of your personal information and information about how we use it.

7.2 Correction

You may request that we correct inaccurate or incomplete information about you.

7.3 Deletion

You may request that we delete your personal information in certain circumstances.

7.4 Restriction and Objection

You may request that we restrict or stop certain uses of your personal information, or object to our processing of your information.

7.5 Consent Withdrawal

Where we rely on your consent to process your information, you may withdraw your consent at any time.

7.6 Exercise Your Rights

To exercise your rights, please contact us at privacy@trydrift.ai Please note that some of these rights may be limited or not applicable in your jurisdiction.

Drift is based in the United States, and your information may be processed and stored in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws different from your country of residence.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we ensure appropriate safeguards are in place for transferring your personal information to countries outside these regions, including through standard contractual clauses approved by the European Commission.

9.1 What Are Cookies

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners to make their websites work, provide analytics, remember your preferences, and serve relevant advertisements.

9.2 How We Use Cookies

We use cookies and similar technologies for various purposes, including:

• Essential Cookies: Necessary for the operation of our Services
• Analytical Cookies: To understand how visitors interact with our Services
• Preference Cookies: To remember your preferences and settings
• Marketing Cookies: To deliver relevant advertisements and track marketing campaign performance

9.3 Your Cookie Choices

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may impact your overall user experience. To learn more about cookies and how to manage them, visit www.allaboutcookies.org.

Our Services are not directed to children under 18 years of age, and we do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child under 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 18, please contact us.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (using the email address associated with your account) or by means of a notice on our Services prior to the change becoming effective. We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, disclose, and sell
• The right to delete personal information
• The right to opt-out of the sale or sharing of personal information
• The right to non-discrimination for exercising your rights
• The right to limit the use and disclosure of sensitive personal information

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

If you are in the European Economic Area (EEA) or United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR), including:

• The right to access your personal data
• The right to rectification of inaccurate personal data
• The right to erasure of your personal data
• The right to restrict processing of your personal data
• The right to data portability
• The right to object to processing of your personal data
• Rights relating to automated decision-making and profiling

We process personal data on the following legal bases:

• Consent
• Performance of a contract
• Legitimate interests
• Compliance with legal obligations

To exercise these rights, please contact our Data Protection Officer at dpo@trydrift.ai

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@trydrift.ai

Postal Address: TRYDRIFT INC 1234 Market Street San Francisco, CA 94103 United States

Data Protection Officer: dpo@trydrift.ai