Privacy Policy

1. Information We Collect

DripScribe collects information to provide and improve our email automation services:

Account Information: Name, email, company details
Contact Lists: Email addresses and contact information you upload
Usage Data: How you interact with our service
Campaign Data: Email content and performance metrics
Payment Information: Processed securely through Stripe
Technical Data: IP addresses, browser type, device information

2. How We Use Your Information

Provide and maintain our email automation service
Send emails on your behalf to your contacts
Improve and personalize your experience
Process payments and manage subscriptions
Communicate with you about service updates
Ensure security and prevent fraud
Comply with legal obligations

Note on Google User Data: Information obtained through the Gmail API is used EXCLUSIVELY for sending emails on your behalf, detecting replies to automatically pause email sequences, and managing your email campaigns. This data is never used for AI training, service improvement, or any secondary purposes.

3. Data Sharing and Disclosure

We share your data only with:

Service Providers: Third parties that help us operate our service
AI Providers: For content generation (OpenAI, Anthropic, Google) - Note: We only share the content YOU provide for generation, never data from Gmail API
Email Services: For sending campaigns (Gmail API)
Payment Processors: For billing (Stripe)
Legal Requirements: When required by law or court order

We never sell your personal data to third parties.

4. Google User Data Usage

Limited Use Disclosure

DripScribe's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How We Use Gmail API Data

When you connect your Gmail account, we access and use your Google account data ONLY for:

Sending emails: Transmitting email campaigns you create through your Gmail account
Reading send status: Checking if emails were successfully sent
Managing drafts: Creating and managing email drafts on your behalf
Detecting replies: Reading email threads initiated by DripScribe to detect when recipients reply to your campaigns. This allows us to automatically pause email sequences when a conversation begins, preventing unwanted follow-up emails from being sent. We only access threads that originated from emails sent through our platform—we do not read your other emails or conversations.

What We DON'T Do with Gmail API Data

We explicitly DO NOT:

Use Gmail API data to train AI models or machine learning systems
Share Gmail API data with our AI providers (OpenAI, Anthropic, Google Gemini)
Use Gmail API data for advertising or marketing purposes
Sell, transfer, or disclose Gmail API data to third parties except as required to provide the email sending and reply detection functionality
Use Gmail API data for any purpose other than providing the email sending and reply detection functionality you explicitly authorized
Read, store, or analyze the content of replies—we only detect that a reply exists
Access emails or threads not initiated by our platform
Retain Gmail API authentication tokens or data beyond what's necessary for the authorized functionality

Data Separation

Gmail API data is kept separate from other data processing activities. Content you create using our AI features is generated independently and is NOT derived from or trained on any Gmail API data. Reply detection is used solely to pause email sequences and does not influence AI-generated content.

Revoking Access

You can revoke DripScribe's access to your Gmail account at any time through:

Your DripScribe account settings
Google's account permissions page

Upon revocation, we immediately stop accessing your Gmail account and delete any stored authentication tokens.

5. Data Retention

We retain your data for specific periods based on the type of information and legal requirements:

5.1 Retention Periods

Data Type	Active Account	After Account Closure
Account Information	Duration of account	3 years (then deleted)
Contact Lists	Full data: 3 years Pseudonymized: 3 years	30 days (then deleted)
Campaign Data	3 years (for analytics)	30 days (then deleted)
Email Content	3 years	30 days (then deleted)
Gmail API Tokens	Until revoked	Immediately deleted
Thread IDs for Reply Detection	Duration of campaign (max 90 days)	Immediately deleted
Analytics Data	3 years	Aggregated only
Billing Records	Duration of account	7 years (legal requirement)
Support Tickets	3 years	1 year
Cookies (Session)	Up to 30 days
Cookies (Functional)	Up to 1 year
Cookies (Analytics)	Up to 2 years

5.2 Deletion Procedures

When you request deletion or close your account:

Personal data is deleted within 30 days of request
Gmail API access tokens are immediately revoked and deleted
Thread tracking data for reply detection is immediately deleted
Backups are purged within 90 days
Aggregated or anonymized data may be retained for statistical purposes
Data required for legal compliance is retained as legally required

5.3 Data Portability

You can export your data at any time through your account dashboard in standard formats (CSV, JSON).

6. Data Security

We implement industry-standard security measures including:

Encryption: AES-256 at rest, TLS 1.3 in transit
Access Controls: Role-based access, multi-factor authentication
Infrastructure: Secure AWS data centers
Monitoring: 24/7 security monitoring and intrusion detection
Audits: Regular security assessments and penetration testing
Compliance: GDPR, CCPA compliant practices
OAuth Security: Secure storage of OAuth tokens with encryption

7. Your Rights

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data ("right to be forgotten")
Portability: Export your data in machine-readable format
Restriction: Limit how we process your data
Object: Opt-out of certain processing activities
Withdraw Consent: Where processing is based on consent (including Gmail API access)

To exercise these rights, please contact us or email [email protected].

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

Standard Contractual Clauses (SCCs)
Data Processing Agreements with all sub-processors
Compliance with EU-US Data Privacy Framework where applicable

Note: Gmail API data is processed according to Google's infrastructure and security standards.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

10. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of the sale of personal information
Right to non-discrimination for exercising privacy rights

We do not sell personal information, including Gmail API data.

11. Cookies and Tracking

We use cookies and similar technologies for:

Essential functionality (authentication, security)
User preferences and settings
Analytics and performance monitoring

You can manage cookie preferences through your browser settings. See our Cookie Policy for details.

Note: We do not use cookies or tracking technologies on Gmail API data.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the service. The "Last updated" date at the top indicates the most recent revision.

13. Contact Information

For privacy-related inquiries or to exercise your rights:

Email: [email protected]

Data Protection Officer: [email protected]

Response Time: We aim to respond to all privacy requests within 30 days.

14. Supervisory Authority

EU residents have the right to lodge a complaint with their local data protection authority if they believe their rights have been violated.