Drawstry logoDrawstry

Privacy Policy

Effective Date: 2026-04-07

Drawstry is a product of Flowstry, an independent sole proprietorship based in Sri Lanka (not yet a registered legal entity). When we say "we," "us," or "our" in this policy, we are referring to Flowstry operating under the Drawstry brand. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our application available at drawstry.com. This policy applies primarily when you register and log in to the application.

If you use the standard version of Drawstry without logging in, your diagrams and data are stored locally in your browser's storage. In this local-only mode, no personal data or diagram content is transmitted to or stored on our servers.

1. Information We Collect

A. Personal Data

We collect personally identifiable information that you voluntarily provide to us when you register for an account or choose to participate in various activities related to the Application. Data we collect includes:

  • Identity Data: Name, Google ID (if using Google Auth).
  • Contact Data: Email address.
  • Profile Data: Avatar URL, user preferences (e.g., theme).
  • Billing Data: Subscription status and plan type. We do not store card details — all payment data is handled directly by Paddle.

B. Usage Data

We automatically collect certain information when you visit, use, or navigate the Application. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use our Application.

C. Workspace & Diagram Content

We store the content you create, such as workspaces and diagrams, securely on our servers.

2. Use of Your Information

We use the information we collect to:

  • Create and manage your account.
  • Facilitate the creation and editing of diagrams.
  • Manage your subscription and billing through Paddle.
  • Send you administrative information, such as updates, security alerts, and support messages.
  • Respond to your comments and questions.
  • Maintain the safety and security of our Application.

3. GDPR Compliance (General Data Protection Regulation)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights from the GDPR. Drawstry aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Your Rights:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data.
  • The right to object to processing: You have the right to object to our processing of your personal data.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you.

4. Encryption & Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process.

  • Data Security: All data stored in our database is encrypted at rest to ensure that it cannot be accessed by unauthorized parties. We verify and strictly control internal access to the database.
  • Early Access Disclaimer: Please be aware that Drawstry is currently in an Early Access phase. While we safeguard your data, we do not currently maintain strict historical backups. There is a possibility of data loss or service interruption.

5. Third-Party Service Providers

We may share information with strictly necessary third-party providers that enable our hosted service:

  • Google Cloud Platform: For data hosting and infrastructure.
  • MongoDB: For database services.
  • Google Auth: For user authentication.
  • Paddle: For payment processing and subscription management. Paddle acts as our Merchant of Record and handles all billing data in accordance with their own privacy policy.

6. Contact Us

If you have questions or comments about this policy, or to exercise your GDPR rights, please contact us at:

info@drawstry.com