Privacy Policy

Last updated: March 2026  ·  DrawStack, Inc. · Needham, MA

1. Data We Collect

When you use DrawStack, we collect the following categories of information:

  • Account information: Name, email address, company name, and organization type provided during sign-up and onboarding.
  • Project and draw data: Construction project details, schedule of values, draw applications, invoices, line items, payment records, and related documents you upload or create.
  • Usage data: Pages visited, features used, timestamps, IP address, browser type, and device information collected automatically.
  • Payment information: Billing details processed by Stripe. DrawStack does not store raw card numbers.
  • Uploaded files: PDFs, images, insurance certificates, lien waivers, and other documents you upload to the platform.
  • Communications: Messages, comments, and notes you create within the platform.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the DrawStack platform and its features.
  • Authenticate users and manage access to your organization's data.
  • Process payments and manage billing subscriptions.
  • Generate PDF draw applications and reports from your project data.
  • Power AI-based features such as invoice parsing and AI draw auditing.
  • Send transactional emails (draw status updates, invitations, notifications).
  • Analyze usage patterns to improve product quality (using anonymized or aggregated data).
  • Comply with legal obligations and enforce our Terms of Service.

3. Third-Party Service Providers

DrawStack uses the following third-party service providers to operate the platform. Each provider's use of your data is governed by their own privacy policies.

Clerk

Authentication and user identity management. Clerk stores user credentials, session tokens, and authentication metadata.

Stripe

Payment processing and subscription billing. Stripe stores payment method details and transaction history on our behalf.

Vercel

Application hosting and edge deployment. Vercel may process request logs and metadata as part of serving the application.

Neon (PostgreSQL)

Primary database hosting. All structured application data — projects, draws, invoices, and org records — is stored in Neon's managed PostgreSQL.

AWS S3

File and document storage. Uploaded files (PDFs, images, insurance certificates, lien waivers) are stored in AWS S3 buckets with server-side encryption.

Google Gemini (AI)

AI-powered invoice parsing and analysis. Invoice content may be sent to Google's Gemini API for processing. We do not send personally identifiable information beyond what is contained in uploaded invoices.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specifically:

  • Account and organization data is retained for the lifetime of your account.
  • Project, draw, and financial data is retained for at least 7 years to support your audit and compliance needs.
  • Uploaded documents are retained for the duration of your subscription and for up to 90 days after account closure.
  • Usage logs are typically retained for 90 days.

You may request deletion of your account and associated data by contacting us at privacy@drawstack.ai. Note that certain data may be retained as required by law or for legitimate business purposes.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to applicable legal requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain types of data processing.

To exercise any of these rights, contact us at privacy@drawstack.ai.

6. Security

We implement appropriate technical and organizational measures to protect your data. This includes encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

DrawStack, Inc.

Needham, MA

privacy@drawstack.ai

DrawStack
Privacy PolicyTerms of Service© 2026 DrawStack