Privacy Policy

DrawTheArt ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, and share your information when you use our design platform at drawtheart.com ("the Service"). This policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

1. Information We Collect

We collect the following categories of personal data:

a) Information from Google OAuth

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We do not receive or store your Google account password.

b) Account Information

Name, email address, and profile photo associated with your account. Subscription and billing details when you purchase a Pro plan.

c) Usage Data

Information about how you interact with the Service, including pages visited, features used, projects created, and session duration. Device information such as browser type, operating system, and IP address.

d) Content Data

Designs, images, and other files you create or upload to the Service. This data is stored to provide the Service to you and is not used for any other purpose.

2. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve the Service
• To authenticate your identity and manage your account
• To process subscription payments and manage billing
• To send transactional emails such as account confirmations and payment receipts
• To analyze usage patterns and improve user experience
• To detect, prevent, and address technical issues, fraud, or security threats
• To comply with legal obligations and enforce our Terms of Service

3. Cookies & Tracking Technologies

We use cookies and similar technologies to maintain your authenticated session, remember your preferences (such as theme settings), and understand how you use the Service. Essential cookies are required for the Service to function properly. Analytics cookies help us understand usage patterns and improve the Service. You can configure your browser to refuse cookies, though this may limit your ability to use certain features.

4. Data Storage & Security

Your data is stored on servers located in India (Google Cloud Platform, Mumbai region). We implement industry-standard security measures including encryption in transit (TLS/SSL) and at rest to protect your personal data. While we take reasonable precautions to safeguard your information, no method of electronic transmission or storage is completely secure. We encourage you to use a strong, unique password for your Google account.

5. Third-Party Services

We use the following third-party services that may process your data:

• Google OAuth — for authentication. Google's privacy policy applies to data processed by Google.
• PayU — for payment processing. We do not store your credit card or bank details; these are handled directly by PayU in compliance with PCI DSS standards.
• Google Cloud Platform — for hosting and data storage (India region).

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law (such as billing records). Your design content will be permanently deleted upon account deletion.

7. Your Rights Under DPDPA

Under India's Digital Personal Data Protection Act, 2023 (DPDPA), you have the following rights as a Data Principal:

• Right to Access — You can request a summary of the personal data we hold about you and the processing activities related to it.
• Right to Correction — You can request correction of inaccurate or incomplete personal data.
• Right to Erasure — You can request deletion of your personal data, subject to legal retention requirements.
• Right to Grievance Redressal — You have the right to file a complaint with us or with the Data Protection Board of India if you believe your data has been mishandled.
• Right to Nominate — You may nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, contact us at privacy@drawtheart.com. We will respond within 30 days.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly. For users under 18, parental or guardian consent is required as per the DPDPA.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting a prominent notice on the Service or by sending you an email. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: