PRIVACY POLICY

Effective Date: 10 September 2025

This Privacy Policy ("Policy") constitutes a legally binding agreement between you ("User", "you", "your") and Draftlo, an organization with its office in Bangalore ("Draftlo", "we", "us", "our"), and governs the manner in which we collect, use, store, disclose, and protect Personal Information and Sensitive Personal Data or Information (as defined under applicable laws) that you provide or that is otherwise collected by Draftlo through its website, mobile application, software, APIs, and other online interfaces (collectively referred to as the "Platform").

This Policy is published in compliance with the provisions of the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules").

SCOPE AND APPLICABILITY

This Policy applies to all Users of the Platform, including individuals visiting the website, registering for services, using applications, uploading content, interacting with customer support, and otherwise engaging with the website/app of Draftlo, whether as a subscriber, consumer, or partner.

By accessing or using the Platform, you acknowledge that you have read, understood, and agreed to be bound by the terms of this Policy and consent to Draftlo's collection, use, and processing of your Personal Information and sensitive personal data in accordance with this Policy. If you do not agree, we request you to refrain from using the Platform.

DEFINITIONS

For the purposes of this Policy:

  • "Personal Information" shall mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information, is capable of identifying such person, including but not limited to name, email address, mobile number, residential address, identification numbers, date of birth, IP address, and location data.

  • "Sensitive Personal Data or Information" (SPDI) shall include passwords, financial information such as bank account or payment card details, biometric data, medical records and history, and any other information classified as sensitive under applicable laws.

  • "Draftlo" means all laws, rules, regulations, ordinances, notifications, guidelines, policies, and codes in India, including the Information Technology Act, 2000, the SPDI Rules, 2011, and the Indian Penal Code, as amended or re-enacted from time to time.

INFORMATION WE COLLECT

Draftlo does not collect any of your data, apart from Cookies as defined hereinbelow, when you're merely a visitor browsing the website. If you are a registered user, Draftlo will update you about changes to this policy. If you're merely a visitor, the onus is on you to keep yourself updated.

Draftlo collects the following data when you register with its website or app:

  • Identity and Contact Data:

    • Full name, gender

    • Email address

    • Telephone number

    • Physical address

  • Transactional Data:

    • Records of services availed

    • Payment information

    • Billing records

  • Technical Data:

    • IP address

    • Browser type and version

    • Device identifiers

    • Time zone setting

    • Location

  • Usage Data:

    • Session duration

    • Pages viewed

    • Error logs

  • Marketing and Communications Data: Preferences in receiving marketing from us and communication preferences.

  • We do not intentionally collect sensitive personal data (such as health data, biometric data).

  • When you access the website or app of Draftlo, certain information is automatically collected, for both visitors and registered users, through technical means, including:

    • Device data: Type, operating software, MAC address, and device identifiers

    • Log data: Date/time stamps, pages visited, duration of sessions, referring pages

    • Location data: Approximate or precise geolocation (based on IP or device settings)

    • Cookies and similar technologies: Pixel tags, beacons, SDKs, and local storage

PAYMENT RELATED INFORMATION

When you pay via Draftlo's app or website, you are redirected to an RBI approved payment aggregator. When you pay, you may store and save your payment details like card numbers with the gateway. Draftlo does not have access to this data. All payment transactions are processed through secure payment gateway providers. We do not store any card information (other than the last 4 digits of your card) in our servers.

INFORMATION FROM THIRD PARTIES

Draftlo may collect Personal Information about you from third-party sources, including from marketing or referral partners.

LEGAL BASIS FOR PROCESSING

Draftlo shall collect and process personal data only for lawful purposes, which shall include:

  • Provision of Services: For the purpose of registering users, creating accounts, providing access to features, facilitating transactions, and delivering services.

  • Compliance Obligations: To comply with legal obligations under applicable laws, including those under the Information Technology Act, 2000, and taxation laws.

  • Marketing Communications: Subject to explicit consent, to send newsletters, promotional material, and updates.

  • Performance of Contract: Where processing is necessary for the performance of a contract to which the Data Principal, i.e you the user, is a party.

  • Legitimate Use: For reasonable business purposes that are not overridden by your privacy rights.

THIRD PARTY LINKS

Draftlo's website/app may contain links to other websites that are not under its direct control. These websites may have their own policies regarding privacy. Draftlo has no control of or responsibility for linked websites and provides these links solely for the convenience and information of our visitors. You may access such linked websites at your own risk. These websites are not subject to this Privacy Policy. You should check the privacy policies, if any, of those individual websites to see how the operators of those third-party websites will utilize your personal information. In addition, these websites may contain a link to websites of our affiliates. The websites of Draftlo's affiliates are not subject to this Privacy Policy, and you should check their individual privacy policies to see how the operators of such websites will utilize your personal information.

DISCLOSURE OF INFORMATION

Draftlo may disclose your Personal Information and/or Sensitive Personal Data or Information (collectively, "Information") to third parties in accordance with Applicable Law and this Policy. Such disclosures are made only where reasonably necessary, and under appropriate confidentiality, data protection, or processing agreements. Categories of recipients include the following:

Your Information may be accessed by:

  • Authorized personnel of Draftlo, including employees, contractors, and service desk staff, strictly on a need-to-know basis and only to the extent required to perform their designated roles.

  • Access is governed by role-based access control (RBAC) systems and internal confidentiality policies, and may be monitored or logged for compliance.

  • All personnel with access to user data undergo mandatory privacy and information security training and are bound by employment contracts containing non-disclosure and data handling obligations.

Draftlo may disclose Information to vetted third parties who assist in delivering the services offered through the website/app. These include:

  • Cloud infrastructure providers, including IaaS/PaaS platforms for data hosting and backup

  • Payment gateway providers for secure transaction processing and fraud detection

  • Customer communications platforms, including bulk email, SMS, WhatsApp, or notification gateway services

  • Learning management systems (LMS), analytics, or marketing automation platforms integrated with our Platform

  • IT support and cybersecurity vendors for maintenance, threat detection, and monitoring

All such third parties are required to:

  • Enter into binding Data Processing Agreements (DPAs) or equivalent contracts

  • Comply with security and privacy standards at par with this Policy

  • Restrict use of Information strictly for the purposes of service provision

  • Implement adequate safeguards, including encryption, access control, and breach response protocols

Draftlo may disclose your Information to governmental or regulatory authorities under the following circumstances:

  • Where such disclosure is mandated under a statutory obligation, court order, or legal proceeding

  • In response to law enforcement requests or investigative demands by competent authorities

  • To comply with obligations under tax, telecom, consumer protection, cybersecurity, or public safety regulations

  • To assert or defend our legal rights, or those of our employees, partners, users, or the public

  • In compliance with an order or judgment of a court, tribunal or arbitrator

Disclosures under this section are made with:

  • Minimum information necessary, and

  • Subject to legal review, where feasible

Your Information may be disclosed to:

  • Other entities within our corporate group, including subsidiaries, affiliates, or joint ventures, for internal operational efficiency, analytics, support, and product development

  • Business partners or collaborators for co-branded offerings, bundled services, or user support – provided they are bound by equivalent confidentiality and security obligations

  • In the context of a merger, acquisition, restructuring, asset sale, or financing, your Information may be transferred as part of due diligence or business continuity

In all such cases, we ensure that:

  • The recipient agrees to honor the terms of this Policy or an equivalent standard

  • You are notified, where required under law, about material changes in data ownership or processing

Draftlo may share Information with:

  • External legal counsel for dispute resolution, regulatory compliance, contract negotiation, or advisory services

  • Statutory auditors and accountants for financial reporting, audit, and compliance assessments

  • Security and privacy consultants for third-party audits, data protection assessments, and vulnerability testing

  • Data fiduciaries or processors engaged in implementing our legal obligations under Indian or cross-border privacy frameworks

These disclosures are subject to:

  • Professional confidentiality obligations (e.g., attorney-client privilege or audit confidentiality)

  • Execution of non-disclosure agreements, as applicable

DATA RETENTION

We retain your Personal Information only as long as necessary for the fulfillment of the purposes stated herein, unless a longer retention period is required or permitted by Applicable Law. Upon expiry of such a period, data is securely archived, anonymized, or destroyed using industry-standard protocols.

DATA SECURITY

Draftlo is committed to maintaining the highest standards of information security and undertakes to implement appropriate technical and organizational measures to protect the confidentiality, integrity, and availability of all personal and sensitive data collected, stored, or processed in connection with its services.

These measures include, but are not limited to:

  • Secure Communication:

    • Draftlo maintains valid SSL certificates across all production environments.

  • Access Controls:

    • Role-based access is enforced across all Company systems, ensuring that employees access only the data necessary for their job function.

    • All access to systems handling personal data is protected by multi-factor authentication (MFA) and strong password policies.

    • Access logs are maintained and reviewed periodically for anomalies.

  • Vendor and Third-Party Management:

    • All third-party service providers handling personal data undergo security assessments and are contractually bound to implement equivalent data protection safeguards.

    • Draftlo maintains a current vendor risk register and reviews vendor compliance annually.

  • Vulnerability Management:

    • Security patches are applied in accordance with criticality levels through a documented change management process.

    • Regular vulnerability scans, penetration tests, and code audits are conducted by internal teams and third-party specialists.

  • Data Minimization and Retention:

    • Personal data is retained only as long as necessary for the purposes it was collected, in accordance with Draftlo's Data Retention Policy.

    • Redundant data is securely disposed of through cryptographic erasure or certified destruction processes.

  • Incident Response and Breach Notification:

    • Draftlo maintains an incident response plan, including procedures for identification, containment, eradication, and recovery.

    • In the event of a data breach likely to result in a risk to your rights or freedoms, you will be notified without undue delay, including a description of the incident, affected data categories, mitigation measures taken, and contact information for further inquiries.

  • Employee Training and Awareness:

    • All employees handling personal data undergo periodic training on data privacy, information security, phishing awareness, and compliance protocols.

COOKIES AND TRACKING

Draftlo uses data collection devices such as "cookies", web beacons, and other tracking technologies on its website/app to enhance user experience and monitor site performance. You may opt out of cookies at anytime, however, the same may impact your browser experience.

Nature and Purpose of Cookies:

  • "Cookies" are small text files that are placed on your device to recognize repeat visitors, facilitate login sessions, customize content, analyze traffic patterns, and understand user behavior. These may include:

    • Essential Cookies: Necessary for basic functionality

    • Preference Cookies: Remember user settings

    • Analytical Cookies: Provide insight into usage patterns

    • Targeting/Advertising Cookies: Facilitate behavioral targeting and retargeting campaigns

  • Cookies do not store any personally identifiable information unless explicitly provided by the user.

Session and Persistent Cookies:

  • Most cookies are "session cookies," meaning they are automatically deleted from your hard drive at the end of a session. "Persistent cookies" remain until manually deleted or expired.

We also use cookies to ensure:

  • Seamless navigation and secure access

  • Autofill of login credentials

  • Customized content based on user interests

Third-Party Cookies and Analytics:

  • You may encounter cookies placed by third parties on certain pages of Draftlo's website or app. These include:

  • Google Analytics: We use Google Analytics to monitor site traffic and usage metrics. This service may collect data including IP address, session duration, and bounce rates.

You may learn more about Google's data use here:
🔗 https://www.google.com/intl/en/policies/privacy/
To opt out:
🔗 https://tools.google.com/dlpage/gaoptout

  • We do not control how third parties use cookies or how they manage the data collected.

Cookie Consent and Control:

  • Most browsers allow users to refuse or delete cookies. You are free to modify your browser settings to reject cookies, though certain features of Draftlo's website/app may not function optimally. Disabling cookies may result in:

    • Reduced usability

    • Repetitive login prompts

    • Limited access to personalized content

CROSS-BORDER DATA TRANSFER

Where permitted by law, your data may be transferred outside India to servers or service providers in jurisdictions with adequate data protection frameworks. Such transfers are governed by binding contractual safeguards consistent with Indian laws.

CHILDREN'S PRIVACY

Draftlo's website/app is not intended for individuals under the age of 18. We do not knowingly collect data from minors. If you are a parent or guardian and believe that your child has submitted Personal Information, please contact us for deletion.

CHANGES TO THIS POLICY

We reserve the right to revise, amend, or modify this Policy at our sole discretion at any time. Material changes will be notified via Draftlo's website/app or to your registered email address. Continued use of Draftlo's website/app after such notification constitutes your acceptance of the revised Policy.

GRIEVANCE OFFICER AND CONTACT INFORMATION

In accordance with the Information Technology Act and Rules made thereunder, the name and contact details of the designated Grievance Officer are:

Name: Ravishankar Krishnan
Designation: Grievance Officer
Email: support@draftlo.com
Phone: +91 80880 47284
Working Hours: 10:00 AM – 6:00 PM (IST), Monday to Friday (excluding public holidays)

If you believe your account has been abused or hacked, please contact the Grievance Officer.

You have the right to withdraw your consent at any time in writing by sending an e-mail to the Grievance Officer, in accordance with the terms of this Privacy Policy. However, please note that withdrawal of consent will not be retrospective in nature and shall be applicable prospectively.

You may write to us at Grievance Officer for access, review, modification, erasure or correction of your Personal Information or withdraw your consent to provide Personal Information. We are not responsible for the authenticity of the information provided by you.

CONTACT us

support@draftlo.com

+91 80880 47284

© 2025. All rights reserved.

PRIVACY POLICY

TERMS AND CONDITIONS

REFUND AND CANCELLATION POLICY

SHIPPING POLICY