Privacy and Data Protection Policy

Draftable Pty Ltd and its related entities (together, “Draftable”, “we”, “our” or “us”) have created this Privacy and Data Protection Policy (the “Policy”) to demonstrate our respect, commitment and vigilance in safeguarding the privacy and data security of the individuals and organizations with whom we deal and to ensure compliance with all applicable privacy, data protection and data security laws.

Draftable collects, uses, keeps or otherwise processes personal information in compliance with all applicable privacy and data protection legislation, namely the Australian Privacy Principles set out in the Australian Privacy Act 1988, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), and all relevant regulations.

This Policy gives you information on how Draftable collects, uses, keeps or otherwise processes your personal data, including when you contact us, visit our website, apply for a job, or use our products or services.

Please note that this Policy does not apply to any products, services, websites or content that are offered by third parties or have their own privacy policy or notice.

Personal data we may process about you

The nature of our products and services and the fact we operate in a business-to-business (“B2B”) environment means that we intend to retain very little or none of your personal data, and we continue to strive to ensure that we retain as little personal data as possible of our customers.

The personal data we collect, hold, use or otherwise process about you depends on the nature of our interactions and the circumstances about its collection. We may collect, hold, use or process the following data about you:

  • contact and identity data – such as your name, email, job title, industry, address and telephone number(s)
  • technical data – including your Internet Protocol (IP) address, login data, operating system and web browser type, browser plug-in types and version, traffic data, location (and other communication) data and the resources that you access
  • profile data – including usernames, passwords, and feedback data
  • telemetry/usage data – telemetry means the gathering of software data on your use of and the performance of applications and application components, e.g. how you use certain features, measurements of applications’ start-up time and processing time, hardware, application crashes, and general usage statistics and/or your user behaviour
  • communications and marketing data – including your communication preferences and communications in receiving marketing from us

We may also collect other data you choose to provide to us and details of the interactions that you have with us.

How we may collect your personal data

Whenever it is reasonable and practicable to do so we will collect data about you directly from you. We do this in various ways including when you:

  • enter and use our website – as you interact with our website, we will collect technical data (e.g. about your equipment, browsing actions and patterns) either automatically by using cookies and other similar technologies or from other websites that you visit which use our cookies
  • purchase our products and services – if you purchase or use our products or services, we may use your personal data for specific purposes, including verifying your credentials, carrying out end-user compliance checks for export control purposes, and processing orders and generating billing information
  • contact us and/or provide feedback
  • request and receive marketing communication
  • submit a job application
  • use our products

We may also collect data about you through our business relationships and contacts as well as from third-party sources, including publicly available sources such as Twitter, Facebook pages, LinkedIn profiles, company websites and online directories.

Why we collect, hold, use, disclose and process your personal data

We are not in the business of selling our customers' personal data.

We collect, hold, use, disclose and otherwise process personal data for a range of purposes, including:

  • to verify your identity
  • to enable secure access to our website
  • to activate and develop our products and services
  • to help us operate, protect, improve, develop and research our products and services
  • to measure, support and improve the presentation and content of our website
  • to provide, recommend and personalize our products and services to you
  • to provide technical support and respond to feedback, queries or complaints from you
  • to analyse our performance
  • to customise and enhance your experience
  • to provide you with information that is relevant to your use of our products and services
  • to market and promote our products and services
  • to notify you about changes to our products and services
  • to direct you to content or to provide you with information, products and services which we feel may be of interest to you and your business
  • to perform any proposed or signed contract we have entered into with you, including notification of changes to our products and services
  • to participate in any potential corporate activity or transaction that involves us or our assets
  • to manage relationships with our clients, suppliers and contractors
  • to comply with any legal or regulatory obligations
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

If we are unable to collect your personal data, we may not be able to communicate or respond to you or do business with you or your organisation.

We have set out below, in a table format, a description of the primary ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Lawful basis
To register you as a customer or account holder
To perform a contract with you
To manage our relationship with you
(a) To perform a contract with you
(b) To comply with a legal obligation
(c) For our legitimate interests (to keep our records updated and to analyse how customers use our products or services)
To administer and protect our business and this website (including trouble-shooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) To comply with a legal obligation
(b) For our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
For our legitimate interests (to analyse how customers use our products or services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
For our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
For our legitimate interests (to develop our products or services and grow our business)

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates or third parties. The linked sites are not under the control or supervision of Draftable. If you follow a link to any of these websites, please note that these websites have their own privacy policies or notices and that Draftable does not accept any responsibility or liability for these policies or notices. We recommend that you check these policies or notices before you submit any personal data to these websites. These links are provided merely as a convenience, and do not imply any endorsement of the site by Draftable.

Children’s privacy

Draftable products and services are not designed for and are not marketed to people under the age of eighteen (18) or such other age designated by applicable law (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our products or services. If you are a minor, please do not use our products or services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us at if you believe we might have personal information from or about a minor that should be removed from our system.

Marketing and promotion

You have the right to withdraw consent to marketing at any time by contacting us or by using the opt-out links in our communications. Where you opt out of receiving these marketing or promotional messages, this will not apply to personal data provided to us as a result of a product or service purchase.

If you are an existing customer, we will only contact you by email with information about products and services similar to those that were the subject of a previous sale to you.

We will not sell or rent your personal information to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes, but such third parties will not have access to or be able to read your personal information.

If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to so we can investigate.


We use Internet Protocol (“IP”) addresses to analyse trends, administer our websites, track your navigations among out webpages and gather broad information for aggregate use. Our web servers may also send a small data file known as a "cookie" to your internet browser or hard drive. We may use cookies to help us personalise and improve your experience with us and to ensure that our site stays easy to navigate and useful. For example, cookies may be used to track your onsite behaviour to ensure transaction pages, such as "shopping cart" interactions and support pages, work correctly.

Most cookies don't collect personal data and only contain coded information that cannot be used by third parties to access your personal data. In addition, some cookies remain only for so long as you leave the website (i.e. session cookies) while others remain for a set period of time after session (i.e. persistent cookies) unless deleted by you. Most web browsers allow you to adjust settings to erase, refuse, disallow all or some cookies, or alert you when websites set or access cookies. We note that some parts of our websites may become inaccessible or not function properly if you disable or refuse cookies.

We or third parties may use cookies and other technologies such as chat bots, web beacons and JavaScript on our websites in connection with online services (including banner advertising, website analytics and surveys). These technologies enable information to be collected about your use of our websites (including your computer’s IP address), which may be stored in Australia, the United States, or other countries. The information collected by these technologies give us and third party collectors the ability to deliver customised advertising content, measure advertising effectiveness, evaluate the use of our websites and other websites and provide other services relating to website activity and internet usage. We and third parties (including Google Analytics, Google AdSense, DoubleClick, Yahoo, Adobe, Bing, Kenshoo, Microsoft and Segment) may also transfer collected information to others where, for example, required by applicable law or regulation, or where those third parties process the information on our behalf.

Personal data transfer, storage, security and processing

The security of your personal data is fundamental to the way that we do business and starts with our core infrastructure.

We securely store your personal data on our servers located in the EU and the US.

We endeavour to hold all personal data securely in accordance with our internal security procedures, industry standards and applicable law. We update and test our security on an ongoing basis.

We maintain appropriate administrative, physical, technical and organizational measures to protect your personal data received, accessed or processed by us against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.

As a global enterprise, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. We will only transfer personal information to a supplier with appropriate safeguards in place (including, where appropriate, ‘standard contractual clauses’ set down from time to time by the European Commission) and where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy and in compliance with law. We will take necessary steps to prevent or stop such processing where we know that a supplier is using or sharing personal information in a way that is contrary to this Policy.

Personal data use and processing

In addition to those described in the “Why we collect, hold, use, disclose and process your personal data” section above, we may also use and/or process your personal data for one or more of the following purposes:

  • Provide our products: we use data to operate our products and services, and to provide you with rich, interactive experiences. For example, if you use Draftable Online, we process the documents you upload to enable you to view, retrieve, edit, forward, or otherwise process it, at your direction as part of the service. Additionally, as communications are a feature of various products and services, we use data to contact you. For example, we may contact you by phone or email or other means to inform you when a subscription is ending or discuss your account. We also communicate with you to secure our products, for example by letting you know when product updates are available.
  • Product improvement: we use data to continually improve our products, including adding new features or capabilities. For example, we use error reports to improve security features, search queries to improve the relevancy of the search results, usage data to determine what new features to prioritise, and other data to develop and improve functionality and accuracy.
  • Product development: we use data to develop new products. For example, we use data, often de-identified, to better understand our customers’ computing and productivity needs which can shape the development of new products.
  • Security, safety and troubleshooting: we use data to help protect the security and safety of our products and customers by detecting malware and malicious activities; troubleshooting performance and compatibility issues to help customers get the most out of their experiences; identifying suspected spam, viruses, abusive actions, or URLs that have been flagged as fraud, phishing, or malware links; and notifying customers of updates to our products. This may include using automated systems to detect security and safety issues.
  • Updates: we use data we collect to develop product and security updates. Such updates are intended to maximise your experience with our products and services, help you protect the privacy and security of your data, provide new features and ensure that your device is able to process such updates.
  • Reporting and business operations: we use data to analyse our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.

Personal data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Keeping your personal information complete, accurate and accessible

We take all reasonable measures to ensure that all personal data we collect, hold and use is complete, up to date and relevant. You can contact us at any time (using the “Contact Details” below) to request access to or to correct your personal information. Once we have verified your identity, we will generally provide you access to your personal data. However, there may be some instances where we are permitted or required (such as by law or regulation) to deny access or where we may refuse to correct your personal data. In such a situation, we will communicate the reasons for our decision. If we do not allow you to access or correct such data, and you do not agree with our decision, you can make a complaint by following the process below.

Legal rights under the GDPR

GDPR gives EU-based individuals certain rights with respect to their personal data, including the right to access information held about them.

In accordance with the GDPR, data subjects in the EU can exercise their rights by emailing our General Counsel and making one of the following requests:

  • information about how your personal data is processed
  • a copy of your personal data
  • immediate correction to your personal data
  • raise an objection about how your personal data is processed
  • erasure of your personal data if there is no longer a justification for it
  • restricting the processing of your personal data in certain circumstances
  • opt out of the use of your personal data for any purposes or a specific purpose
  • not be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affecting you.

Our General Counsel is contactable at

Questions, concerns and complaints

If you have any questions, concerns or complaints about how we have handled your personal information, then you may contact us using our “Contact Details” below. To help us respond to you, please include as much detail as possible about the information that you would like to access or correct and, if applicable, how you'd like to access this information.

Once we have received your message, we will investigate and respond to you as soon as practically possible. We will try to respond to your message or resolve your complaint as quickly as possible and by no later than thirty (30) days after we receive your message. If your complaint takes longer to resolve, we'll keep you informed of our progress with the investigation.

If you are not satisfied with our response, you can contact us to further discuss your concerns or exercise your legal rights in the relevant jurisdiction. For example, in Australia, you may lodge a complaint with the Australian Information Commissioner (for more information here, please visit:

Product-specific information

Draftable Online

Documents you compare are protected by a secret URL. Anyone you share the URL with can view the comparison. Comparisons are deleted after no one has viewed them for a period of time.

Draftable Desktop (including Draftable Desktop for Legal)

Documents you compare are not shared with us. All operations on documents take place locally, so you can safely use Draftable Desktop on confidential documents.

The information that is shared with Draftable includes your name, email address, company, number of potential users, and your phone number on an optional basis, to start a trial.

Draftable Desktop communicates with our servers to check for updates and to ensure that your license key is valid.

Draftable Desktop submits information about usage statistics and errors that occur when running. Error reports may sometimes contain confidential information such as filenames. This feature can be disabled via the settings function or by contacting Support.

Changes to this Policy

Draftable reserves the right to amend this Privacy and Data Protection Policy at any time, for any reason, without notice to you, other than the posting of the updated Privacy and Data Protection Policy at this website. We encourage you to regularly check our website for any such updates and to see the current Privacy and Data Protection Policy that is in effect and any changes that may have been made to it.

Contact Details

If you would like more information about our approach to privacy and data protection, or if you wish to contact us regarding the terms in this Policy and how it may apply to you, please contact us:

Last updated: February 2023