← Back to DraftCrane

Privacy Policy

Effective date: February 16, 2026

What DraftCrane Is

DraftCrane is a browser-based writing environment for nonfiction authors. It helps you organize, write, and export your book chapter by chapter. Your manuscripts are stored in your own Google Drive account. DraftCrane provides AI-assisted rewriting tools to help you improve your prose.

Information We Collect

Account information

When you create an account, we collect your name, email address, and profile information through our authentication provider, Clerk. If you sign in with Google, we receive basic profile information (name, email, profile photo) from Google OAuth.

Google Drive file metadata

When you connect your Google Drive, DraftCrane accesses file metadata (file names, folder structure, modification dates) for files that DraftCrane creates. We store this metadata in our database to power the dashboard and chapter list.

Manuscript content

When you open a chapter in the editor, DraftCrane reads the chapter content from your Google Drive to display it. When you use the AI rewrite feature, the selected text is sent to our AI provider for processing. The full content of your manuscripts is never stored on our servers. Your Google Drive is the canonical store for your writing.

Usage data

We collect basic usage information such as pages visited and features used to improve the product. We do not use third-party analytics or advertising trackers.

Google Drive Access

DraftCrane requests the drive.file scope from Google. This is the most restrictive file-access scope available. It means:

  • DraftCrane can only access files and folders that DraftCrane itself creates in your Google Drive.
  • DraftCrane cannot see, read, or modify any other files in your Drive, including documents, photos, or files created by other apps.
  • If you revoke access, DraftCrane immediately loses the ability to read or write any files in your Drive. Your files remain in your Drive, fully accessible to you.

AI Processing

When you use the AI rewrite feature, the text you select is sent to OpenAI (our AI provider) for processing. Here is what you should know:

  • Only the specific text you select for rewriting is sent to OpenAI. We do not send your entire manuscript.
  • OpenAI processes the text to generate a rewrite suggestion, which is returned to you for review. You always choose whether to accept or reject the suggestion.
  • We do not use your content to train AI models. Our agreement with OpenAI specifies that data sent through the API is not used for model training.
  • AI interaction metadata (timestamps, word counts, accept/reject decisions) is stored in our database for product improvement. The actual text content is not retained after the request completes.

Where Your Data Lives

  • Your manuscripts: In your own Google Drive account, always under your control.
  • Project and chapter metadata: In our database (Cloudflare D1), including project names, chapter titles, and file references.
  • Export files: Temporarily cached in cloud storage (Cloudflare R2) when you generate PDF or EPUB exports. These are treated as temporary artifacts.
  • Authentication tokens: Google OAuth refresh tokens are stored server-side, encrypted with AES-256-GCM. They are used solely to maintain your Google Drive connection.

Authentication

DraftCrane uses Clerk as its authentication provider. When you sign in, Clerk handles your credentials securely. DraftCrane never sees or stores your password. If you sign in with Google, the OAuth flow is handled by Clerk and Google directly. For details on how Clerk handles your authentication data, see Clerk's Privacy Policy.

What We Do Not Do

  • We do not sell your data to anyone.
  • We do not use your manuscripts to train AI models.
  • We do not show you ads.
  • We do not share your content with other users.
  • We do not access files in your Google Drive beyond the ones DraftCrane creates.

Deleting Your Data

You can request account deletion at any time by contacting us. When you do:

  • Your account and all associated metadata (project records, chapter records, AI interaction logs) will be permanently deleted from our database.
  • Any cached export files in our cloud storage will be deleted.
  • Your Google OAuth tokens will be revoked and deleted.
  • Your files in Google Drive are not deleted, because they belong to you. They remain in your Drive, fully accessible.

Data Security

We use industry-standard security practices to protect your data. All connections use HTTPS. OAuth tokens are encrypted at rest with AES-256-GCM. Our infrastructure runs on Cloudflare, which provides DDoS protection and edge security. Access to production systems is restricted and audited.

Changes to This Policy

If we make significant changes to this privacy policy, we will notify you by email or through a notice in the app before the changes take effect.

Contact

If you have questions about this privacy policy or your data, contact us at privacy@draftcrane.app.