top of page

Privacy Policy

DRAI Privacy Policy

Effective: October 1, 2025

At Data Room AI (“DRAI”), we respect your privacy. This Policy explains what we collect, why we collect it, how we use it, and your choices. By using our Services, you agree to this Policy. This Policy complies with applicable laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Delaware Personal Data Privacy Act (DPDPA), the EU Data Act, and other U.S. state privacy laws.

0. Definitions

Simple: Key terms defined for clarity.

  • Personal Data: Information relating to an identified or identifiable individual (e.g., GDPR Art. 4(1), CCPA/CPRA, DPDPA).

  • Sensitive Data: Special categories of Personal Data (e.g., racial/ethnic origin, health, biometrics, genetics) as defined by law.

  • Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, etc.).

  • Services: The products and sites described in our Terms of Use.

 

1. Information We Collect

Simple: Only what’s needed to run DRAI.

  • Account Information: Name, email, organization, billing details.

  • Usage Data: Feature interactions, pages visited, logs, performance.

  • Device & Cookie Data: IP, browser/OS, cookies/identifiers for preferences and analytics.

  • Payment Data: Processed by PCI-compliant providers (we don’t store full card data).

 

2. How We Use Information

Simple: To provide, improve, and protect the service.

  • Deliver DRAI Chat and subscription features.

  • Personalize reports/dashboards; improve features and usability.

  • Secure accounts, detect/prevent fraud, enforce Terms of Use.

  • Comply with legal obligations and defend our rights.

  • AI & EU Data Act: We provide AI features (e.g., chat responses) but do not train models on your data without opt-in. We conduct risk assessments (e.g., ADMT) as required and support data access/portability consistent with the EU Data Act.

 

3. Sharing & Disclosure

Simple: Shared only when necessary.

  • Service Providers/Subprocessors: Hosting, analytics, support, and payment vendors under contract/DPA.

  • Legal: Where required by law, subpoena, or lawful process.

  • Business Transfers: In an M&A event (currently unplanned), Personal Data may transfer to the new owner with notice as required.

  • No Sale: We do not sell Personal Data.

 

4. Cookies & Tracking

Simple: Cookies remember preferences and help us improve.

  • We use essential, analytics, functionality, and—if you opt-in—marketing cookies.

  • Manage preferences via browser settings or our cookie banner/controls.

  • See the Cookie Policy for details.

 

5. Security

Simple: Defense in depth.

  • Encryption in transit and at rest; RBAC/SSO; logging/monitoring.

  • Vulnerability testing and third-party reviews where applicable.

  • Incident response with timely notifications consistent with law.

 

6. Your Rights & Choices

Simple: You’re in control.
Depending on your location (e.g., EU/EEA, UK, California, Delaware), you may have rights to:

  • Access/Portability: Get a copy of your data.

  • Rectification/Deletion: Fix or delete Personal Data.

  • Restriction/Objection: Limit certain Processing.

  • Opt-Outs: Marketing; sale/sharing (where applicable); profiling/ADMT where provided by law.

  • Sensitive Data: In some states (e.g., DPDPA and 2025 state updates  (link to policy tracking service)), consent may be required for Sensitive Data Processing.

  • How to exercise: Email legal@drai-commercial.com; we honor Global Privacy Control (GPC) signals where applicable.

 

7. Data Retention

Simple: Kept only as long as needed.

  • Account data: retained while your subscription is active (and as required by law).

  • Chat Content:

    • Enterprise: excluded from training; retention as configured by your admins who must opt-in via the Website. (default: Opt-Out).

    • Non-enterprise: retained up to 12 months post-activity for service quality and reporting, then deleted or anonymized.

  • You can request deletion via account settings or email.

  • Backups: For disaster recovery and business continuity, we maintain system backups that may temporarily contain your data. These backups are kept only for a short retention window and are automatically and securely deleted on a fixed schedule.

 

8. International Transfers

Simple: If data crosses borders, we use safeguards.

  • We use lawful transfer frameworks described in EU Standard Contractual Clauses (SCCs), the UK Addendum, adequacy decisions, or the EU-US Data Privacy Framework (where applicable).

  • Our subprocessors are vetted and listed in the Data Processing Addendum; we ensure appropriate safeguards before transfers.

 

9. Children’s Privacy

Simple: Not for kids.

  • Services are not directed to children; we do not knowingly collect children’s data.

  • U.S. COPPA: No collection from under-13 without parental consent.

  • EU/UK: Additional protections for under-16 (or local age).

  • No profiling or targeted ads to minors; age gates/parental consent may be required for certain features.

 

10. Changes to This Policy

Simple: We’ll let you know.

  • We may update this Policy from time to time.

  • Material changes will be posted and/or emailed to your registered contact; continued use after notice constitutes acceptance as permitted by law.

 

11. Contact Us

DRAI Commercial Services Inc.
621 23RD ST NW, Naples, FL 34120
Email: corey@product-ties.com

 

12. Miscellaneous

Simple: Standard legal protections.

  • Governing Law: Delaware law governs; disputes handled per our Terms of Use.

  • Severability: If any provision is invalid, the rest remain effective.

  • Entire Understanding: This Policy works together with our Terms of Use, Cookie Policy, Enterprise Privacy Policy, and Data Processing Addendum.

bottom of page