Privacy Policy

Last updated: May 22, 2026

This policy explains what personal data we process when you use Drakata (drakata.app), why we process it, and the rights you have. We are committed to collecting as little personal data as possible.

In short: your drills are yours. We never sell your data, and we never share your training content with advertisers, other users, or other teams.

1. Controller

The controller responsible for data processing on this website is: HeyHo Systems GmbH Kurfürstenstr. 9b, 31275 Lehrte, Germany Email: support@drakata.app

For any questions about data protection, contact us at support@drakata.app.

2. What data we process

  • Account data: when you create an account, we store your email address. If you sign in with Google, we receive your email address and basic profile information (such as your name) from Google.
  • Drill content: the text you enter to generate a diagram, and the diagrams generated from it. For signed-in users this is stored in our database so you can reach your drills across devices; for anonymous use it stays in your browser unless you save or share it. We also retain submitted text and generated output so we can investigate and fix cases where a diagram did not generate correctly.
  • Usage data: counts and timestamps of diagram generations, used to operate the service and prevent abuse.
  • Technical data: when you use the service, our hosting and error-monitoring systems automatically process technical information such as your IP address, browser and device type, and request and error logs.

Cookies: we use a strictly necessary cookie to keep you signed in. We do not currently use tracking or advertising cookies, and we do not use third-party analytics at this time.

3. Why we process it (legal bases)

  • To provide the service and operate your account — Art. 6(1)(b) GDPR (performance of a contract).
  • For security, abuse prevention, error monitoring, and debugging failed diagram generations — Art. 6(1)(f) GDPR (our legitimate interest in a stable, reliable service).
  • Where we ask for it — on the basis of your consent, Art. 6(1)(a) GDPR (for example, for any analytics we may introduce in future).

4. AI processing of your input

To turn your description into a diagram, the text you submit is transmitted to our AI provider, Anthropic, which processes it on our behalf to generate the result. Under Anthropic's commercial API terms, inputs submitted through the API are not used to train their models. Please avoid entering personal data or confidential information you do not want processed this way.

5. Service providers and recipients

We use carefully selected service providers who process data on our behalf as processors:

  • Anthropic PBC (USA) — AI generation of diagrams from your input.
  • Neon (database hosting) — stores your account and saved drills.
  • Vercel Inc. (USA) — application hosting, content delivery, and server logs.
  • Resend (USA) — sending transactional emails such as sign-in links.
  • Google (USA) — sign-in, only if you choose “Continue with Google”.
  • Rollbar (USA) — error monitoring (technical error reports).
  • Slack (USA) — internal operational notifications to our team, which can include your email address and a drill title.
  • Stripe (USA / Ireland) — payment processing; relevant only if and when paid features are offered. The service is currently free.

We never sell or rent your data, and we never share your drills or training content with advertisers, with other users, or with other teams. The only parties that process your drill content are the service providers listed above — they act strictly on our instructions, never use it for their own purposes, and our AI provider does not use it to train its models.

6. International data transfers

Some of these providers are located in the USA or other countries outside the EU/EEA. Where personal data is transferred there, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

7. How long we keep your data

  • Account data and saved drills: until you delete them or close your account.
  • Submitted text and generated output retained for debugging: kept no longer than necessary for that purpose.
  • Technical and error logs: kept for a limited period, typically up to 90 days.

If we discontinue the service, we will delete the associated data (see our Terms of Service).

8. Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing based on our legitimate interests. Where processing is based on consent, you may withdraw it at any time with effect for the future.

To exercise any of these rights, contact us at support@drakata.app. You also have the right to lodge a complaint with a data protection supervisory authority — for us this is the State Commissioner for Data Protection of Lower Saxony (Die Landesbeauftragte für den Datenschutz Niedersachsen) — or with the authority where you live or work.

9. Deleting your data

You can delete individual drills at any time. To delete your account and the personal data associated with it, contact us at support@drakata.app and we will carry out the deletion.

10. Future changes to our processing

We may later add features such as feedback and ratings on diagrams, contact or feedback forms, and product analytics. Analytics or other non-essential processing will be introduced only with your consent (for example via a cookie banner), and we will update this policy before such processing begins.

11. Children

Drakata is not directed at children under 16, and we do not knowingly collect personal data from them.

12. Changes to this policy

We may update this policy as the service evolves. The current version, with its date, is always available on this page.