This tool generates business correspondence templates for informational purposes only. It does not constitute legal advice. Consult a qualified legal professional for advice specific to your situation.

Privacy Policy

Last updated: March 2026

1. Overview

FormalDraft (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our business communication generation service.

2. Information We Collect

Account Data: When you sign up, we collect your email address to create your account and send verification codes. Your email is stored in our database for authentication purposes.

Form Data: When you use our generator, you provide business information such as company name, business type, contract details, and situation specifics. For paid generations, we store a summary of input fields and the generated output text in our database so you can access your generation history.

Payment Data: Payment processing is handled entirely by DodoPayments, our Merchant of Record. We do not collect, store, or process any payment card information. We store a record of your purchase (tier, generation count, and payment reference) for account management. DodoPayments' privacy policy governs the handling of your payment data.

Local Storage: We use your browser's localStorage for UI preferences such as dismissed banners and form draft persistence. This data remains on your device and is not transmitted to our servers.

3. How We Use Your Information

Your information is used to:

  • Authenticate your account via email verification codes
  • Generate the force majeure notice you requested
  • Provide your generation history so you can revisit previous notices
  • Track your remaining generations against your purchased plan

We do not use your data for training AI models, marketing, or any purpose other than providing the service described above.

4. Data Retention

Account data (email address) is retained for as long as your account exists. Generation records (input summary and output text) are retained for the duration of your purchased plan. Free risk assessments are processed in-memory and are not stored on our servers. Authentication codes expire after 10 minutes and are purged daily.

5. Cookies and Tracking

FormalDraft uses a session cookie to keep you signed in after email verification. This cookie is HMAC-signed, expires after 7 days, and contains only your user identifier — no personal information. We also use browser localStorage for UI preferences (dismissed banners, form drafts). We use Vercel Analytics for anonymous, aggregated usage metrics (page views, custom events). No third-party advertising or tracking cookies are used.

6. Third-Party Services

We use the following third-party services:

  • Anthropic (Claude API): To generate force majeure notices. Your form data is sent to Anthropic's API for processing. Anthropic's data usage policies apply.
  • DodoPayments: Merchant of Record for payment processing. DodoPayments handles all payment card data independently.
  • Resend: For sending email verification codes.
  • Supabase: For database hosting (account data, generation records, payment records).
  • Upstash: For rate limiting via Redis.
  • Vercel: For hosting, serving our application, and anonymous analytics.

7. Data Security

All data transmission between your browser and our servers is encrypted using HTTPS/TLS. Database access is restricted to server-side operations using service role credentials. Session cookies are HMAC-signed to prevent tampering. Rate limiting protects against brute-force attacks on authentication endpoints.

8. Your Rights

You may request access to, correction of, or deletion of your personal data (email address and generation history) by contacting us. You can clear your browser's localStorage at any time through your browser settings to remove locally stored preferences.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@formaldraft.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.