At Draftable, we understand that trust is earned.

We understand that lawyers are required to keep their work confidential. That's why we've developed Draftable Legal a desktop application. This means your comparisons are performed securely on your computer. Your documents are never sent to our servers, and our team cannot see what you compare. Everything is confidential, just as it should be.

An overview of our security information is published below. If you or your team have any additional security requirements or concerns, please get in touch.

Product TermsWebsite TermsPrivacy PolicyCompliance

Draftable Legal

Your documents don't leave your computer

Your comparisons are performed securely on your computer. Your documents are never sent to our servers, and our team cannot see what you compare. Everything is confidential, just as it should be.

Your documents are safe

Draftable Legal never modifies your documents.

Information that is shared with Draftable

We collect data on how you use Draftable Legal to help us improve the product. Examples include how long your comparisons take to complete, recording when whether you open or save a comparison and what format you share via email. We use this information to make sure we Draftable Pro is performing well and easy to use. We might remove features that aren't being used, or work to reduce the time it takes to run a comparison if we see it is too slow. If you do not want these statistics to be shared you can update your preferences in the settings menu.  

Systems Administrator

We provide additional configuration options for deploying Draftable in a network environment.

Draftable Online

  • Documents you compare are protected by a secret URL. Please note that anyone you share this URL with will be able to view your comparison.
  • Comparisons will be automatically deleted from Draftable Online if they are not accessed for a period of time.

Draftable API

We have designed Draftable API to have the strongest security possible.

Encryption

  • All data ingress and egress to Draftable’s cloud services is encrypted via TLS over the HTTPS protocol.
  • Our website and API do not support or provide access via any unencrypted endpoints.
  • Our TLS security policy conforms to modern cryptographic best practices which are continually reviewed and updated.
  • All data at rest is encrypted using AES-256.

Data sovereignty and infrastructure

  • All comparisons are performed and all data is stored in the United States.

The comparison lifecycle

  • The Draftable API provides customers full control over the lifecycle of their submitted document comparisons.
  • Comparisons are private by default. Optionally, a comparison can be set to be public, allowing access to the viewer URL without authentication.
  • Lifecycle options can be set per comparison and therefore Draftable API is suitable for using in multi-tenant environments.
  • When a comparison is deleted, the comparison and all associated files are immediately removed from our servers, including any backups. This also means all access to the comparison will be lost. (Comparison metadata, which may include file names but not file content, may remain in Draftable’s database or backups of Draftable’s database for some time.)

End-user security

  • Many of our customers use the Comparison API to enable their own users to perform comparisons. These users are Draftable's "end users". If a customer runs a SAAS that provides access to documents and uses the Comparison API to enable the end users to perform comparisons of those documents, then it is important that if an end user’s permission to access the document is revoked, then the end user should also not be able to access a comparison of that document.
  • Draftable’s Comparison API makes this straightforward. All API endpoints intended for end-user consumption, in particular the comparison viewer, required signing by default. The client APIs make signing easy and enable you to grant access to load a comparison for a specific period. This is implemented using SHA-256 HMAC, an industry standard method of signing a request.

Draftable Employee Access

  • Only senior Draftable employees with an explicit need are granted access to the production infrastructure. Access credentials are tied to individual employees, regularly rotated, and decommissioned when access is no longer required or the employee is no longer with the company. All access to production infrastructure is audited.
  • Draftable never accesses any documents submitted via the Comparison API unless explicitly requested by the customer (typically for the purposes of providing support). By extension, we do not use documents submitted via the Comparison API for any internal testing or product improvements purposes.
  • We do use the data supplied by you for generating aggregate statistics (e.g. total number of documents submitted).

Jurisdiction and Law Enforcement

Draftable Pty Ltd is incorporated in Australia and so is subject to Australian law and the jurisdiction of Australian courts. By default, data is stored in the United States and not accessed from Australia without explicit permission.

Draftable API Self-hosted

Draftable API Self-hosted provides the same functionality as Draftable API but everything runs on your network.

What information is shared with Draftable:

Draftable Desktop communicates with our servers to check for updates and for licensing purposes only. No information about your documents is shared except two aggregate statistics, namely

  • the total number of comparisons performed, and
  • the total number of pages compared.