Privacy Policy
Your privacy and data security are our top priorities. Learn how we protect your information.
Quick Summary
Security First
End-to-end encryption & secure processing
No Storage
Content processed in memory, never stored
Full Control
Revoke access anytime
Transparency
Clear data handling policies
Introduction
At ZapDrafts, we prioritize the security and privacy of your data. This Privacy Policy provides a detailed explanation of how we collect, process, and protect your information, with a special focus on our integration with Google and WordPress services.
Authentication & Security
Google OAuth Integration
We use Google's OAuth 2.0 for authentication, which means:
- You authenticate directly with Google - we never see or store your Google password
- We only request the minimum required permissions (scopes) to access your Google Docs
- You can revoke our access to your Google account at any time through your Google Security settings
- All communication with Google APIs is encrypted using industry-standard TLS
WordPress Integration Security
We implement secure WordPress integration using:
- Application Passwords: A secure authentication method that generates unique credentials for our app only
- These credentials cannot be used to log into your WordPress dashboard - they only work with the API
- Each site connection uses a separate set of encrypted credentials
- You can revoke our access instantly through your WordPress dashboard
💡 Pro Tip
You can manage application passwords in your WordPress dashboard under Users → Security → Application Passwords
Information We Collect
Google User Data Access
Through Google OAuth integration, we access the following data:
- Google Drive files and folders that you explicitly share with our application
- Document content and metadata for files you choose to edit through ZapDrafts
- Basic profile information (name and email) for authentication purposes
Important: We only access the specific files you choose to work with through our application. We do not access or scan your entire Google Drive.
Data Protection
Security Measures
We implement robust security measures to protect your data:
- End-to-end encryption for all data in transit using TLS 1.3
- Secure memory-only processing - no persistent storage of document content
- Regular security audits and penetration testing
- Access controls and authentication mechanisms to prevent unauthorized access
- Secure infrastructure hosted on Google Cloud Platform with industry-standard security practices
Data Retention & Deletion
Our Data Retention Policy
ZapDrafts follows a strict data minimization principle:
- Document content is processed in memory only and is never permanently stored
- Authentication tokens are stored securely and deleted when you revoke access or after 7 days of inactivity
- Basic user profile information is retained only while you maintain an active account
Data Deletion
You can request immediate deletion of your data by:
- Revoking access through your Google Account settings
- Contacting us at hello@zapdrafts.com for account deletion
- Using the account deletion option in your ZapDrafts dashboard
Data Sharing & Third-Party Access
No Third-Party Data Sharing
ZapDrafts does not share, sell, or rent your personal information with any third-party services, advertisers, or data brokers.
Google Data Usage: Data accessed via Google OAuth is used only within ZapDrafts for its intended purpose (document editing and management). No Google user data is shared externally.
How to Revoke Access
Revoking ZapDrafts' Access to Your Google Account
If you wish to disconnect ZapDrafts from your Google account, follow these steps:
- Visit Google Account Permissions
- Find ZapDrafts in the list of connected apps
- Click "Remove Access" to disconnect ZapDrafts immediately
Note: This action removes all permissions, and ZapDrafts will no longer have access to your Google Drive or Docs.
Compliance & Policies
ZapDrafts maintains strict compliance with:
Google API Services User Data Policy
Ensuring proper handling of Google user data
General Data Protection Regulation (GDPR)
Protecting EU-based users' privacy rights
California Consumer Privacy Act (CCPA)
Safeguarding California residents' privacy
We do not engage in unauthorized data storage or access outside permitted OAuth scopes.
Use of Google APIs
ZapDrafts' use of Google APIs follows the Google API Services User Data Policy.
Data Access & Usage
- • We only access user data with explicit consent
- • Data usage is strictly limited to allowed scopes
- • No human access to Google user data unless required for legal compliance or debugging with user permission
Security Certifications & Compliance
For more details, please review our Terms of Service.
If you have any questions about our Privacy Policy, please contact us at hello@zapdrafts.com