Privacy Policy

Last updated 28 September 2022
Welcome to DrawKit. At DesignStripe Software Inc. in which DrawKit is under (herein referred to as “DrawKit”, “we”, or “us”), we understand that you want transparency about how we process your personal data. This Privacy Policy contains information about your privacy and your rights. We know there are many privacy policies to read, but we encourage you to take the time to read it before using DrawKit.

What do we mean by personal data?

This Privacy Policy applies to personal data. We consider that “personal data” means any information which allows us to identify you directly or indirectly, including “cookies” and other electronic data.

Some information may not be personal on its own but may become personal data if associated with or if the sum of the information allows us to identify you.A “cookie” is information that a website installs on your computer’s hard drive so that the website can remember something about you at a later time.

In this Privacy Policy, when we refer to “cookies” we include other technologies with similar purposes, such as pixels, tags and beacons. If you are looking for more information on cookies, you can refer to websites such as http://www.cookiecentral.com/ and https://www.allaboutcookies.org/.

This Privacy Policy is for transparency purposes and some of the data that we identify in this Privacy Policy as personal data may not be protected as personal data under applicable laws. For instance, business contact information is excluded under some privacy laws, but is considered personal data under the GDPR.
When does this Privacy Policy not apply?
If you click through to links to third parties’ websites, applications, or services from our Services, this Privacy Policy does not apply to the processing of personal data by such external services. It is always a good idea to read the privacy policies of such third parties’ websites to understand what they do with your personal data!
What type of personal data do we collect and why?
We collect personal data to offer our Services, to perform analytics, and to process job applications. Below is a table containing the categories of personal data that we collect, along with the purpose for collection.Depending on the jurisdiction we are in, we use different legal bases to process your personal data. In Canada, we rely on your consent. If you are in the European Union, we rely on different legal basis to justify our processing of your personal data, such as consent, the performance of a contract and our legitimate interests. These legal bases may not be valid under all jurisdictions and are only indicative. Each time consent is the legal basis, you can withdraw your consent at any time.
Category
Description
Purposes and Legal Basis
Electronic Data
We collect:
• Device type
• Operating system and Internet browser type
• Screen resolution
• Operating system name and version
• Language
• Location/Time zone information
This information is collected automatically by our Services to function effectively, to repair bugs, or ensure the security of our Services. We collect electronic data based on our legitimate interest to make our Services functional and secure.
Usage and Performance Data
We collect:
• Time spent on the Services
• Pages visited
• Links clicked
• Language preferences
• Pages that led or referred you to the Services
We collect this information to understand the usage of our Services, whether there are bugs, and generally, to improve our Services. Usage data do not allow us to determine your identity, and are generally provided as aggregated data or by reference to an anonymous identifier.
Communication Data
We collect:
• Email addresses
• Publicly available information
• Email content
• Content of your message
If you communicate with us by email, on social media, by using the form on our Website, or by any other means, we collect the personal data that you share with us, such as your email address and the content of your communication. If you communicate with us using social media, we will have access to your publicly available information. We collect communication data based on consent.
Error-Related Data
We collect error-related data associated with their user, if their app crashes
We collect error-related data so that we can support users of our Services. We collect this data to perform our contract with you.
Account Information
When you make an account with us, we collect the following information:
• Email address
We collect this information so you can create an account to use our Website and Application. We collect this data based on consent.
Login Credentials
You can login into our Services in one of two ways:
• Login with an email and password
• Login through social identity providers
We require an email and password for you to login into the Services. When you use a third-party service to login, your password and email are automatically pulled to allow you to login. We collect this data based on consent.
Marketing Data
We collect:
• Email
• Consent to receive emails
We collect marketing data so that we can send you newsletters and marketing communications. You can unsubscribe at any time directly in the emails or by contacting us. We collect marketing data based on consent.
Financial Information
To process payments:
• Credit card information
We require payment information to allow our payment processor Stripe to process payments. Stripe also uses your Identification Data that you provide with your Financial Information to conduct verifications to prevent fraud. Stripe is certified PCI DSS Level 1.
Social Media Data
Publicly available information
If you follow us or interact with us on social media, we may process your personal data for marketing or advertising purposes, subject to applicable laws, including those on consent. We collect this data based on our legitimate interests as part of our direct marketing strategy.
What cookies do you use and why?
We use cookies for our Services to function as intended, to provide functionalities on our Platform, to analyze our performance and to ensure that our Services are secure. Cookies are also useful to identify bugs and errors. We use both first-party and third-party cookies installed by partners on our Website.

We collect essential, functional and analytics cookies. These are installed by us and third parties. We install essential cookies based on our legitimate interests, as essential cookies are required to provide you with the Services. However, we only install functional and analytics cookies based on your consent.

We collect cookies that classify in each of these categories:
Type of cookie
Description
Essential
Essential cookies are necessary to operate the core functions of our Services. These include login cookies, session ID cookies, language cookies as well as security cookies. We are not required to obtain your consent for these cookies.
Functional cookies are used to provide you with some functionalities, such as a live chat, and to remember preferences, consents and configurations.
Functional cookies are used to provide you with some functionalities, such as a live chat, and to remember preferences, consents and configurations.
Essential
Analytics
Analytics cookies are used to generate aggregated statistical data about traffic and behaviour of Users when using our Services. For instance, we can determine how much time Users spend on a page, and how successful our advertising is.
Do you use Google Analytics?
Yes, DrawKit uses Google Analytics to view key metrics such as how many visitors view the website, and peak hours of traffic. Google Analytics is Google’s analytical tool that helps us to understand how Users engage with our Services. It uses a set of cookies to collect information and report site usage statistics without allowing us to identify individual visitors. We also track paid ads on Google Analytics. For more information on Google Analytics, including how to opt out from certain data collection, please visit https://tools.google.com/dlpage/gaoptout?hl=en.
Do you share my personal data and if so, with whom?
Yes, we share your personal data with third parties for a number of reasons including: (1) to provide you with the Services, (2) to provide IT support, (3) to process payments, (4) to send emails and communicate with you, and (5) as required by the law. We can also share your personal data in the context of a merger and acquisition, as part of bankruptcy procedures or for other corporate requirements.

Just to be clear, we are not data brokers, and we do not sell your personal data to third parties.

In the table below, we provide more information on the third parties we share your personal data with, and provide their privacy policies by hyperlinks.
Category
Description
IT Service Providers
We use IT service providers to offer you the Services, such as to host the Services.

For example we use:
• Supabase for secure access to the Services;
• Google Cloud Platform (GCP) for storing data.
Communication Providers
We use communication partners to send you emails, to manage our live chats, and to send other communications.
Financial Partners
We share personal data with financial partners to complete payments. For example, we use Stripe to process payments.
Integration Partners
If we integrate our Platform with third parties’ applications, such as a payment platform, this may require the sharing of personal data with these third parties.

Integration partners are not our suppliers. You are required to enter into distinct agreements with them and review their privacy policy. We are not responsible for the privacy practices of third parties that are not our suppliers, such as an ERP software. You must review their privacy policies. We only share your personal data with integration partners if requested through a contract with the organization that gave you access to our Services.
Law Enforcement and other authorities
We may receive requests by authorities to access your personal data. We will validate that the request is licit before responding. When possible, we will advise you. We will only share what is strictly required.
In the case of a merger or acquisition, sale of assets, corporate reorganization, bankruptcy filing, insolvency procedures or similar circumstances, your personal data would be considered our assets and property. In these circumstances, ownership of the personal data we collected may be transferred or we may have to share some of your personal data to conclude, negotiate or discuss with third parties. We will only share what we are required to share for these specific purposes.
Where do you store my personal data?
We use in GCP, Supabase & Mongo Atlas to store your personal data in the United States and Canada. Our service providers may process your personal data internationally, including in the United States, depending on where they are located.

If you are in the European Union, we are required to ensure that appropriate safeguards are in place prior for transferring your personal data out of the European Union. We do so through standard contractual clauses or through other safeguards when they are available.
How long do you retain my personal data?
We retain personal data for as long as necessary to provide you with the Services, to perform our marketing campaigns effectively or as required by applicable laws, whichever is longer. We use both persistent and session cookies. Session cookies are deleted once you close your browser, whereas persistent cookies remain active on your device for longer. For instance, Google Analytics cookies remain installed on your device for 2 years. This allows Google Analytics to track you for analytic purposes, as well as for marketing purposes, and to provide us with aggregated data on your behaviour.
How do you keep my personal data secure?
We use Google Cloud Platform and AWS to host our Services which are certified by independent auditors based on several frameworks, such as SOC 1/ISAE 3402, SOC 2, ISO 27001, ISO 27017 and ISO 27018. Our payment processor, Stripe, is certified PCI DSS Level 1.

However, securing your personal data requires teamwork. You also need to do your part, such as by keeping your credentials confidential and using secure networks, especially when you make a payment.
Can I manage my cookie preferences?
You can manage your cookie preferences through your browser. However, if you turn all cookies off, you may not have access to the same functionalities that other users have.

Click on your browser for more information:
Google Chrome
Firefox
• Safari
• Opera
What are my rights with regard to my personal data?
The law provides you with rights over your personal data. Your rights vary depending on the laws that apply to your situation, and the specific circumstances of the request. DrawKit acknowledges the right of individuals to access their personal data. Upon request to hello@drawkit.com, we will provide you with confirmation as to whether we are processing your personal data, and have the data communicated to you within a reasonable amount of time. Your rights differ depending on where you are located in the world.

In most locations, you have the right to correct, amend or delete your personal data where it is inaccurate or has been processed in violation of this Privacy Policy.

In the European Union, you may also benefit from these additional rights:The right to revoke your consent when processing is based on consent.
• The right to object to the processing of your personal data.
• The right to restrict the processing of your personal data.
• The right to data portability, which means that your personal data is provided to you or a third party in normal format to allow you to re-use them, including with another provider.
• The right to have automated decisions being reviewed by a human in some cases, and some rights over profiling.

If you would like to learn more about these rights, please click here for a more detailed explanation. All of these rights are subject to limitations within the law, so if we cannot comply, we will respond to you and let you know why.

If you want to exercise one of these rights and the situation allows for such exercise, you can contact us at hello@drawkit.com.

We will try to help you with your request free of charge. However, we may request that you pay a reasonable fee if you request a transcript, or a reproduction or wish for us to send a copy of your personal data, if the law allows us to do so. If we need to charge a fee to process your application, we will contact you before addressing your request.

For security reasons and to avoid any fraudulent request, we may require that you provide proof of identity with your request. We will not use such personal data for any other purposes.

We will respond to your request within thirty (30) days, unless agreed otherwise. If your request is denied, we will notify you in writing, and provide you with detailed motives and information on how to contest our decision. If you are in the European Union, you can contact your local data protection authority. The list of data protection authorities can be found here.

The Office of the Privacy Commissioner of Canada drafted this FAQ to help you access your personal data when it is held by a business.

You can also contact the Office of the Privacy Commissioner of Canada’s Information Center:
Telephone
9:00 am to 4:00 pm EST
Toll-free: 1-800-282-1376

Mailing address
Office of the Privacy Commissioner
30 Victoria Street Gatineau, Québec
K1A 1H3f

You can also use this online form.

If you have any issue with how we process your personal data, or how we responded to your request, please let us know. We will do our best to improve our processes to make certain that it does not happen again. We will also provide you with additional information about our practices if you would like us to do so.

If you are still not satisfied, you can lodge a complaint with the Office of the Privacy Commissioner of Canada using this online form, or to your local privacy regulators, or if you are in the European Union, with your local data protection authority.
Changes to this Privacy Policy
We may change this Privacy Policy from time to time. When material changes are made to this Privacy Policy, Customers will be notified through the contact email given to us at least two (2) weeks prior to modifications taking effect. Questions about the new Privacy Policy should be addressed to hello@drawkit.com.