DriftMapper Privacy Policy

1. Introduction

DriftMapper ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our release orchestration platform. We believe in keeping things simple and transparent, so you know exactly what happens to your data.

2. Information We Collect

To provide you with reliable release workflows, we collect the following types of information:

Account Information

• Name and email address for account creation
• Password (encrypted and never stored in plain text)
• Profile information you choose to provide

Release Workflow Data

• Project and release details (name, scope, owner, status)
• Gate definitions, version history, and gate selections
• Attestation records, comments, and release readiness notes
• Team member identifiers and role assignments
• Exported summary metadata and workflow preferences

Usage Information

• Device type, browser type, and operating system
• IP address for security and service delivery
• Pages visited and features used within DriftMapper
• Time spent on the platform and interaction patterns

Payment Information

If you purchase premium features, payment information is processed securely through third-party payment processors. We do not store your full credit card numbers on our servers.

3. How We Use Your Information

We use the information we collect exclusively for internal purposes to provide and improve DriftMapper:

• Service Delivery: To create, manage, and coordinate your release workflows
• Communication: To provide operational updates related to your account and release activities
• Product Improvement: To analyze usage patterns and identify areas for enhancement
• Customer Support: To respond to your questions and resolve technical issues
• Security: To protect against fraud, abuse, and unauthorized access
• Legal Compliance: To comply with applicable laws and regulations
• Account Management: To manage organization access and subscriptions

Data Use and Purpose Limitation

We use your information only for the specific purposes described in this policy and as needed to provide the services you have requested. We do not process your data for unrelated commercial purposes. In particular, we will not use customer content or identifiable workflow data for advertising, profiling, or any purpose other than delivering and improving the DriftMapper service as agreed with your organization.

AI and Model Training

DriftMapper does not use your organization's content, release data, attestations, or identifiable user information to train or improve AI models without your explicit, opt-in consent. We may use aggregated, de-identified telemetry and usage metrics to analyze product performance and prioritize improvements, but such signals are stripped of any identifiers and cannot be tied back to your organization or individuals.

4. We Do NOT Sell Your Data

We want to be absolutely clear: DriftMapper does NOT sell, rent, trade, or share your personal information with third parties for their marketing purposes. Your trust is more valuable to us than any revenue from data brokers.

The only exceptions are service providers who help us operate DriftMapper (like email delivery services or hosting providers), and they are contractually obligated to keep your data confidential and use it only for the specific services they provide to us.

5. Cookies and Tracking

Unlike many websites, DriftMapper does not use tracking cookies to monitor your behavior across the internet or serve you targeted advertisements. We believe in a cleaner, more respectful web experience.

Essential Cookies Only: We only use strictly necessary cookies that are required for the website to function properly, such as:

• Session cookies to keep you logged in
• Security cookies to protect against fraud
• Preference cookies to remember your settings (like language preferences)

These cookies do not track your behavior and are deleted when you close your browser or log out.

6. Data Sharing and Disclosure

We only share your information in the following limited circumstances:

• With Your Team: When collaborating in DriftMapper, workflow information is visible to authorized members of your organization
• Service Providers: With trusted third parties who help operate our service (email delivery, hosting, payment processing), under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to you)
• With Your Consent: Any other sharing requires your explicit permission

7. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

• Encryption in transit (HTTPS/SSL) and at rest
• Secure password hashing using modern algorithms
• Regular security audits and vulnerability assessments
• Access controls limiting who can view your data
• Automated backups to prevent data loss
• Monitoring for suspicious activity and unauthorized access

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our safeguards.

8. Your Rights and Choices

You have control over your personal information. You can:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information in your account settings
• Deletion: Request deletion of your account and associated data
• Export: Download your invitation data in a portable format
• Opt-Out: Unsubscribe from marketing emails (service emails may still be necessary)
• Object: Object to certain data processing activities

To exercise these rights, contact us at privacy@driftmapper.io . We will respond within 30 days.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. After you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal, tax, or regulatory purposes. Release and attestation records may be retained longer if requested by your organization for audit purposes.

10. Children's Privacy

DriftMapper is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete it promptly.

11. International Data Transfers

DriftMapper may store and process data in multiple countries to provide our service globally. If your data is transferred internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

Data Residency & Enterprise Controls

We recognize that enterprise customers may have specific data residency and regulatory requirements. DriftMapper can accommodate data residency requests and contractual controls for enterprise plans, including regional storage boundaries, contractual commitments about where data is stored, and additional security controls. If your organization requires a specific residency or handling agreement, please contact our Sales or Privacy team to discuss options and contractual terms.

Any such arrangements will be documented in your contract or order form and will take precedence over the general international transfer language in this policy to the extent permitted by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a prominent notice on our website. The "Last Updated" date at the top indicates when the policy was last revised. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to the appropriate team below and we'll respond promptly.