Privacy Policy

Last updated: March 3, 2026

1. Information We Collect

We collect information you provide when you create an account, including your name, business name, email address, and phone number. Payment information is collected by our payment processor, Stripe, and is governed by Stripe's Privacy Policy; FluteOS stores only a tokenized reference and the last four digits of your card.

We also collect usage data (features accessed, pages visited, session duration), technical data (IP address, browser type, device identifiers), and customer data that you store within the platform (guest profiles, contact lists, conversation logs). Communications between you and FluteOS support are retained for quality and training purposes.

2. How We Use Information

We use collected information to:

  • Operate, maintain, and improve the DramWell platform
  • Process payments, manage subscriptions, and send billing communications
  • Send transactional emails and in-app notifications necessary to deliver the Service
  • Analyze aggregated, anonymized usage to develop new features and improve performance
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and respond to lawful requests from public authorities

We do not use your customer data (the data belonging to your guests or contacts) for any purpose other than operating the features you have enabled.

3. Data Sharing

DramWell does not sell, rent, or trade your personal data or your customers' data to third parties for marketing purposes.

We share data only with service providers who assist us in operating the platform, including payment processors (Stripe), cloud infrastructure providers, transactional email and SMS providers, and AI model providers. All service providers are contractually bound to use data only as directed by DramWell and to implement appropriate security measures.

We may disclose data when required by law, regulation, court order, or valid governmental request, or when necessary to protect the rights, property, or safety of DramWell, our users, or the public.

4. Data Retention

Active accounts:Data is retained for the life of the account.
Canceled accounts:Data enters a read-only state for 30 days, then is permanently deleted.
Billing records:Retained for 7 years to comply with tax and accounting regulations.
Anonymized data:May be retained indefinitely for product analytics and improvement.

5. Data Security

DramWell employs industry-standard security controls to protect your data:

  • AES-256 encryption for all data at rest
  • TLS 1.3 encryption for all data in transit
  • SOC 2 compliant cloud infrastructure
  • Role-based access controls and least-privilege principles
  • Regular security audits and vulnerability assessments

While we take security seriously, no system is completely immune to risk. In the event of a data breach affecting your personal data, we will notify you in accordance with applicable law.

6. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

  • Access and portability: Export your data at any time via the account dashboard.
  • Deletion: Request deletion of your account and associated personal data.
  • Correction: Update inaccurate or incomplete personal information.
  • Opt-out of marketing: Unsubscribe from marketing emails at any time using the link in any email we send.
  • CCPA rights: California residents may request disclosure of data we have collected and opt out of any sale (we do not sell personal data).
  • GDPR rights: EEA/UK residents may exercise rights to access, rectification, erasure, restriction, and portability under the GDPR.

To exercise any of these rights, contact us at customer.support@dramwell.ai.

7. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at customer.support@dramwell.ai.