DrillFlow Privacy Policy

Last Updated: May 20, 2026

We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect when you use DrillFlow.ca, how we use it, and the choices you have. By using the Service, you consent to the practices described here.

Information We Collect

We collect only what is necessary to provide and improve the Service:

Account information: your name, email address, and hashed password, collected when you register.
Usage data: drills created, features accessed, and session activity. Used to improve the product over time.
Payment information: billing is handled entirely by Stripe. We store only your Stripe Customer ID. We never store raw card numbers or CVV codes.
Technical data: IP address, browser type, device information, and referral source, collected automatically via standard web logs.

How We Use Your Information

We use collected data strictly to operate and improve the Service:

To create and manage your account, and authenticate your identity at login.
To manage your subscription and billing via Stripe.
To communicate with you about your account: confirmations, password resets, trial-end reminders, and payment receipts.
To analyse aggregate usage patterns and improve the drill builder, animation engine, and library.
To respond to support requests and inquiries you send us directly.

We do not use your data for advertising profiling, behavioural targeting, or sale to any third party.

Data Sharing

We do not sell your personal data. DrillFlow is a tools business, not an advertising business.

We may share limited data with the following trusted service providers solely to operate the Service:

Stripe for payment processing and subscription management. Stripe is PCI-DSS compliant.
Hosting and infrastructure providers to store and serve the application and your drill data.
Email delivery services to send transactional notifications on our behalf.

All providers are bound by strict data processing agreements and are prohibited from using your data for their own purposes. We may also disclose data if required by law or court order.

Data Retention & Security

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain certain records.

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), hashed password storage, and strict access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Correction: ask us to correct inaccurate or incomplete data.
Deletion: request that we delete your personal data, subject to legal retention obligations.
Portability: receive your data in a structured, machine-readable format.
Withdrawal of consent: opt out of non-essential communications at any time.

To exercise any of these rights, contact us below. We will respond within 30 days.

Cookies & Local Storage

DrillFlow uses browser local storage to save your drills and application preferences directly on your device. This data never leaves your browser unless you explicitly share a drill via a share link.

We may use minimal session cookies for authentication. We do not use third-party tracking cookies or advertising cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes, we will notify you by email or by a prominent notice within the Service. Your continued use of DrillFlow after changes are posted constitutes acceptance of the revised policy.

Contact Us

Questions about this Privacy Policy? Reach out directly:

Ryan Werk, Sole Proprietor

British Columbia, Canada

DrillFlowca@gmail.com