Privacy Policy
Last Updated: December 20, 2025
Your privacy is important to us. This Privacy Policy explains how DrawTactics collects, uses, and protects your personal information.
1. Introduction
DrawTactics ("we," "us," or "our") operates the DrawTactics web application (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
When you create an account or use our Service, we collect:
- Email Address: Used for account creation, login, and communication
- Password: Securely hashed and stored (we cannot see your actual password)
- Payment Information: Processed by Stripe (we do not store credit card details)
2.2 Automatically Collected Information
When you use our Service, we may automatically collect:
- Device Information: Browser type, operating system, device type
- Usage Data: Pages visited, features used, time spent on the Service
- IP Address: For security and analytics purposes
- Cookies: Small files stored on your device (see Section 8)
2.3 Information from Third Parties
We receive information from our service providers:
- Stripe: Payment status, subscription information, billing details
- Supabase: Authentication and database services
3. How We Use Your Information
We use the collected information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process payments and subscriptions | Contract performance |
| Send service updates and notifications | Legitimate interest |
| Respond to support requests | Contract performance |
| Improve and optimize the Service | Legitimate interest |
| Detect and prevent fraud | Legal obligation |
| Comply with legal requirements | Legal obligation |
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1 Service Providers
- Stripe: Payment processing (see Stripe Privacy Policy)
- Supabase: Authentication and database hosting (see Supabase Privacy Policy)
4.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
4.3 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information becomes subject to a different Privacy Policy.
5. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:
- Account Data: Retained while your account is active
- Payment Records: Retained for 7 years for tax and accounting purposes
- Deleted Accounts: Data is permanently deleted within 30 days of account deletion
6. Your Data Rights
Depending on your location, you may have the following rights:
6.1 Right to Access
You can request a copy of your personal data we hold.
6.2 Right to Rectification
You can request correction of inaccurate or incomplete data.
6.3 Right to Erasure
You can request deletion of your personal data by deleting your account.
6.4 Right to Data Portability
You can export your tactics boards as PNG files at any time.
6.5 Right to Object
You can object to certain processing of your data.
6.6 Right to Withdraw Consent
You can withdraw consent at any time by deleting your account.
To exercise your rights, contact us at jm@drawtactics.com
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: Data transmitted over HTTPS/TLS
- Password Security: Passwords are hashed using industry-standard algorithms
- Access Controls: Limited employee access to personal data
- Secure Infrastructure: Data hosted on secure servers (Supabase)
- Regular Updates: Security patches and updates applied promptly
However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Cookies and Tracking
We use cookies and similar tracking technologies to track activity on our Service:
8.1 Essential Cookies
Required for the Service to function (authentication, session management).
8.2 Analytics Cookies (if applicable)
Help us understand how users interact with the Service.
8.3 Managing Cookies
You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.
9. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
10. Children's Privacy
Our Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
11. International Data Transfers
Your information may be transferred to and maintained on servers located outside of your country of residence. By using the Service, you consent to the transfer of information to countries with different data protection laws.
We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses with our service providers
- Compliance with EU-U.S. and Swiss-U.S. Privacy Shield frameworks (where applicable)
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to say no to the sale of personal information (we do not sell data)
- Right to access your personal information
- Right to equal service and price (no discrimination)
13. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right to access, rectification, erasure, and data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
Data Controller: JMftbl
Contact: jm@drawtactics.com
14. Australian Privacy Rights (Privacy Act)
If you are in Australia, we comply with the Australian Privacy Principles under the Privacy Act 1988:
- Right to access and correct your personal information
- Right to make a complaint to the Office of the Australian Information Commissioner (OAIC)
15. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification for material changes
You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.
16. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: jm@drawtactics.com
- Contact Form: Contact Us