Privacy Policy — DraftKai

Effective date: 14 April 2026 · Version 2.0

1. Data Controller

D. Stengel-Dori, Ostendstr. 88, 60314 Frankfurt am Main, Germany. Contact: support@medienkommission.de

2. Data Processed

DraftKai processes the following categories of data:

• Clause text and additional instructions you type, capture via OCR, or dictate
• Photographs of contract pages for Track Changes detection
• Voice input transcribed by Apple Speech Recognition
• Profile data and usage/billing records stored in your private iCloud database
• Subscription status managed by Apple StoreKit
• Local settings (drafting style, appearance) in UserDefaults
• Optional Anthropic API key stored in iOS Keychain
• Local diagnostic logs (os.Logger) that remain on your device

3. Purposes and Legal Bases

• Art. 6(1)(b) GDPR: Contract performance (providing rephrasing, analysis, Track Changes detection, export, subscription)
• Art. 6(1)(a) GDPR: Consent for camera, photo, and microphone input (revocable in iOS Settings)
• Art. 6(1)(f) GDPR: Legitimate interest for diagnostic logs and Anthropic's abuse prevention measures

4. Recipients

Anthropic, PBC (USA): When you rephrase, analyze, or photograph for Track Changes, content is transmitted to Anthropic's API. Anthropic processes content for response generation and retains it for abuse prevention (up to 30 days by default, longer for policy violations).

Apple Inc.: Profile and usage data stored in your private iCloud via CloudKit. Subscription managed by Apple. Voice input may be processed on-device or on Apple servers. Apple transfers certain data to the USA under EU Standard Contractual Clauses.

5. International Transfers

Anthropic processes data in the USA under EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914). Additional safeguards under Art. 46 GDPR apply.

6. Retention

• Clause and image content are not persistently stored by DraftKai; they remain transiently in memory during API calls
• Anthropic retains API inputs/outputs up to 30 days by default; up to 2 years for policy violations
• Profile and usage data in your iCloud remain for 24 months or longer if required by law
• Local settings and optional API key remain on device until uninstallation or manual removal
• Diagnostic logs are managed by the OS and do not leave your device

7. Your Rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR). You may withdraw consent at any time (Art. 7(3) GDPR). Contact support@medienkommission.de.

8. No Automated Decision-Making

No automated decision-making or profiling under Art. 22 GDPR occurs. AI-generated suggestions are proposals; you decide whether to use them.

9. IONOS WebAnalytics

This website uses IONOS WebAnalytics, a server-side, cookieless analytics tool. IP addresses are anonymized before analysis. No cookies are set. No personal profiles are created. No consent is required because no personal data within the meaning of GDPR Article 4(1) is processed.

10. Changes

We reserve the right to amend this Privacy Policy if changes to the app or applicable law require it. The current version is available at this link.