Legal

Privacy Policy

Last Updated: May 8, 2026

1. Introduction

Driftcheck (“we,” “our,” or “us”) operates driftcheck.app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Driftcheck, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information — Email address, name, and password when you create an account
  • Payment Information — Processed through Stripe (we do not store credit card details)
  • Figma Credentials — OAuth tokens to access your Figma files (stored securely, never your password)
  • URLs — Website URLs you submit for design auditing

2.2 Information We Automatically Collect

  • Usage Data — Pages visited, features used, time spent (via PostHog analytics)
  • Device Information — Browser type, IP address, operating system
  • Cookies — Session cookies for authentication, analytics cookies for PostHog

2.3 Information We Generate

  • Screenshots — Automated screenshots of URLs you submit for comparison
  • Analysis Results — AI-generated reports of design drift, accessibility issues, and UX problems
  • Audit History — Records of checks you've run, stored in our Supabase database

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Process your payments via Stripe
  • Access Figma designs you authorize (read-only)
  • Generate design audit reports
  • Send service-related notifications
  • Improve our Service through analytics
  • Detect and prevent fraud or abuse

4. Data Storage and Security

  • Database — User data stored in Supabase (PostgreSQL) with encryption at rest
  • File Storage — Screenshots and images stored in Supabase Storage with signed URLs
  • Access Control — Row Level Security (RLS) policies restrict data access to authorized users only
  • Payment Data — All payment information handled exclusively by Stripe (PCI-DSS compliant)
  • API Keys — Stored as environment variables, never exposed to clients

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

5.1 Service Providers

  • Stripe — For payment processing
  • Figma — To access designs you authorize (OAuth scope-limited)
  • Vercel — Hosting infrastructure
  • Supabase — Database and file storage
  • PostHog — Analytics (anonymized where possible)
  • Anthropic — AI analysis via Claude API (screenshots and URLs only, no personal data)

5.2 Legal Requirements

We may disclose information if required by law, court order, or to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent fraud or security issues
  • Protect user safety

6. Third-Party Integrations

6.1 Figma

  • We use OAuth to access only the Figma files you explicitly authorize
  • We request read-only access to file content
  • We do not modify your Figma files
  • You can revoke access at any time via Figma's settings

6.2 Jira, Slack, Teams (Optional)

  • If you enable these integrations, we send audit results to your connected workspaces
  • You control which issues are exported
  • You can disconnect at any time

7. Data Retention

  • Account Data — Retained while your account is active
  • Audit Results — Retained for 90 days unless deleted earlier
  • Screenshots — Automatically deleted after 90 days
  • Deleted Accounts — All associated data deleted within 30 days

8. Your Rights

You have the right to:

  • Access — Request a copy of your data
  • Correction — Update inaccurate information
  • Deletion — Request account and data deletion
  • Portability — Export your data in JSON format
  • Opt-out — Disable analytics cookies (settings page)
  • Revoke OAuth — Disconnect Figma access at any time

To exercise these rights, email: privacy@driftcheck.app

9. Cookies

We use:

  • Essential Cookies — Session authentication (required)
  • Analytics Cookies — PostHog tracking (optional, can be disabled)

You can disable non-essential cookies in your browser settings or our app settings. See our Cookie Policy for details.

10. International Data Transfers

Your data may be transferred to and stored in servers located outside your country. We ensure appropriate safeguards are in place for international transfers.

11. Children's Privacy

Driftcheck is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us immediately.

12. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination for exercising rights

Contact privacy@driftcheck.app to exercise these rights.

13. GDPR Rights (EU Users)

EU users have rights under GDPR:

  • Right to access, rectify, erase, restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: Consent, contract performance, legitimate interests

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted with a new “Last Updated” date. Continued use after changes constitutes acceptance.

15. Contact Us

For privacy questions or requests:

This policy was last reviewed and updated on May 8, 2026.