Privacy Policy — DraftKai

Effective date: 4 May 2026 · Version 2.1

Translation for convenience only. The German version is the legally binding text.

1. Data Controller

Daniel Stengel-Dori
Ostendstr. 88, 60314 Frankfurt am Main, Germany
Contact: support@medienkommission.de

2. Data Processed

DraftKai processes the following categories of data:

• Clause text and additional instructions you type, capture via OCR, or dictate
• Photographs of contract pages for Track Changes detection
• Voice input transcribed by Apple Speech Recognition
• Profile data and usage/billing records stored in your private iCloud database
• Subscription status managed by Apple StoreKit
• Local settings (drafting style, appearance) in UserDefaults
• Optional Anthropic API key stored in iOS Keychain
• Local diagnostic logs (os.Logger) that remain on your device

3. Purposes and Legal Bases

• Art. 6(1)(b) GDPR: Contract performance (providing rephrasing, analysis, Track Changes detection, export, subscription management)
• Art. 6(1)(a) GDPR: Consent for camera, photo library, and microphone input (revocable in iOS Settings)
• Art. 6(1)(f) GDPR: Legitimate interest for diagnostic logs and Anthropic’s abuse prevention measures

4. Recipients

Anthropic, PBC (USA): When you rephrase, analyze, or photograph for Track Changes, content is transmitted to the Anthropic API. Anthropic processes content for response generation and retains it for abuse prevention (up to 30 days by default; up to 2 years for violations of its usage policies).

Apple Inc.: Profile and usage data are stored in your private iCloud via CloudKit. The subscription is managed by Apple. Voice input may be processed on-device or on Apple servers. Apple transfers certain data to the USA under EU Standard Contractual Clauses.

5. International Transfers

Anthropic processes data in the USA under EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914). Additional appropriate safeguards under Art. 46 GDPR are in place.

6. Retention

• By default, clause and image content are not persistently stored by DraftKai; they remain only transiently in memory during the API call. You may, however, use the new “Memory” feature to store drafts only on this device: up to three manual slots (“Memory 1”, “Memory 2”, “Memory 3”) are written only when you explicitly tap the Memory button; a fourth slot (“Auto”) is updated automatically in the background only if you enable the “Auto-save current draft” setting. All four slots are held in a device-protected store (iOS Data Protection class “after first user authentication”). The data is transmitted to Anthropic, Apple, or other third parties only during the regular API call; no off-device copy is created, although encrypted iOS device backups may include this data. You can overwrite individual slots, disable auto-save at any time in Settings, or remove all four slots via the “Wipe all memory” button; on uninstall, the data is removed by iOS together with the app. Images are excluded from this storage.
• Anthropic retains API inputs/outputs up to 30 days by default; up to 2 years for policy violations
• Profile and usage data in your iCloud remain for 24 months or longer if required by law
• Local settings and optional API key remain on device until uninstallation or manual removal
• Diagnostic logs are managed by the OS and do not leave your device

7. Your Rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR). You may withdraw consent at any time (Art. 7(3) GDPR). To exercise your rights or for any enquiries, contact support@medienkommission.de. You also have the right to lodge a complaint with the competent supervisory authority (in Hesse, Germany: Hessischer Beauftragter für Datenschutz und Informationsfreiheit).

8. No Automated Decision-Making

No automated decision-making or profiling under Art. 22 GDPR takes place. AI-generated text suggestions are proposals; you decide whether to use them.

9. IONOS WebAnalytics

This website uses IONOS WebAnalytics, a server-side, cookieless analytics tool. IP addresses are anonymized before analysis. No cookies are set. No personal profiles are created. No consent banner is required because no personal data within the meaning of Art. 4(1) GDPR is processed for this purpose.

10. Amendments

We reserve the right to amend this Privacy Policy if changes to the app or applicable law require it. The current version is available at this link at all times.

11. Version History

• Version 2.1 — 4 May 2026: Added optional local Memory feature (three manual slots plus an optional auto-save slot). Clause and image content remain non-persistent by default. No transmission to Anthropic, Apple, or other third parties beyond the regular API calls.
• Version 2.0 — 14 April 2026: Substantive rewrite. Addition of all actual data flows (Track Changes Vision, “Tell Me” analysis, BYOK key, local logs, UserDefaults, Keychain); legal bases, recipients, third-country transfers (SCCs instead of DPF), retention periods, data subject rights, and complaint right.
• Version 1.x — until 13 April 2026: Predecessor version with short description and reference to Anthropic and Apple.