Privacy Policy

Privacy Policy

Effective Date: June 2, 2026 · Drawer Inc. · drawer.ai · Applies to users in the United States and Canada

1. Introduction and Scope

Drawer Inc. (“Drawer,” “we,” “our,” or “us”) is a Texas corporation that provides an AI-powered construction document processing platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with the Service and our website at drawer.ai.

This Privacy Policy applies to:

• Registered users and account holders who access the Service (“Customers”);
• Individuals whose personal information may be contained in construction documents or project files uploaded to the Service;
• Visitors to our website at drawer.ai;
• Individuals who submit a sales inquiry or contact form at drawer.ai before creating an account.
• Clients who engage Drawer for AI Enabled BIM Services under an AI Enabled BIM Services Agreement, including personal information contained in construction documents and project files submitted as part of those services.

This Privacy Policy applies to users located in the United States (including the State of California) and Canada (including the Province of Quebec). It is incorporated by reference into our Terms of Service at drawer.ai/terms.

By submitting a sales inquiry or contact form, using the Service, or creating an account, you acknowledge that you have read and understood this Privacy Policy. For Canadian users, your continued use of the Service constitutes consent to the collection, use, and disclosure of your personal information as described in this Policy, to the extent permitted by applicable law.

2. Information We Collect

2.1 Sales Inquiry, Account, and Registration Data

When you submit a sales inquiry or contact form at drawer.ai — before any account is created — we collect your name, email address, phone number, and company name. This information is used solely to respond to your inquiry. If you proceed to registration, this data pre-populates your account profile. This Privacy Policy applies from the moment you submit a sales inquiry; a link to this Policy is presented at the point of form submission.

When you create an account or subscribe to the Service, we additionally collect:

• Name, email address, job title, and company name;
• Account credentials (password stored in hashed form via Keycloak identity management);
• Billing contact information and payment method details (processed by our payment provider; we do not store full payment card numbers);
• Communication preferences and consent records.

2.2 Customer Content

“Customer Content” means all files, documents, drawings, data, and other materials that you upload to the Service. Customer Content may include:

• PDF construction drawings, plans, specifications, schedules, bid documents, submittals, and equipment catalogs;
• Project metadata including project names, addresses, owner names, and title block information;
• Personal information about individuals appearing in uploaded documents (such as architect names, engineer details, owner contact information, or other identifying data embedded in construction documentation).

You are the data controller for any personal information contained in Customer Content. Drawer processes that personal information on your behalf as a data processor. Your responsibilities as data controller — including ensuring you have the right to upload this material and that affected individuals have been appropriately informed — are described in Section 4 and in our Terms of Service.

Important:

2.3 Usage and Technical Data

When you use the Service or visit our website, we automatically collect:

• Log data: IP address, browser type, operating system, pages visited, timestamps, error logs;
• Device information: device identifiers, screen resolution, language settings;
• Usage data: feature interactions, project creation/deletion events, processing job status, and session duration;
• Authentication events: login timestamps, session tokens — managed via Keycloak;
• Website analytics: page views, traffic sources, user flow — collected via Google Analytics on our marketing website only. Google Analytics does not have access to Customer Content.

2.4 Communications Data

We collect information you provide when you contact us for support, submit feedback, respond to surveys, or communicate with our team. This includes the content of your messages and any attachments you share during support interactions.

2.5 Information We Do Not Knowingly Collect

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child, please contact us at privacy@drawer.ai and we will delete it promptly. See Section 14 for our full Children’s Privacy statement.

3. AI Training and Product Improvement — Important Disclosure

Drawer uses Customer Content — including uploaded drawings and derived data — to improve its AI systems. This section discloses exactly what that means and what your options are.

Read this section carefully:

3.1 What We Use and Why

Drawer uses Customer Content for “Product Improvement” purposes, which include:

• Training, fine-tuning, and evaluating Drawer’s AI and machine learning models;
• Quality assurance (QA) and validation of AI-generated outputs;
• Debugging, error analysis, and system testing;
• Developing new features and improving overall Service performance.

Product Improvement use may involve raw uploaded drawings, extracted data elements, derived data, document metadata, and document snippets. Drawer prioritizes the use of aggregated or anonymized data where technically feasible, but complete de-identification cannot be guaranteed for all Product Improvement activities.

3.2 Human Review of Customer Content

Authorized Drawer personnel and contractors — including DevOps engineers, QA team members, and data labeling contractors — may access Customer Content on a need-to-know basis for the Product Improvement purposes described in Section 3.1, as well as for customer support, troubleshooting, and system validation. All such access requires prior internal approval and is subject to Drawer’s access control policies. Drawer does not share Customer Content with external parties for review outside of the subprocessors listed in Section 6.1.

3.3 Aggregated and Anonymized Data

Drawer may create aggregated, anonymized, or de-identified data derived from Customer Content (“Aggregated Data”). Aggregated Data does not identify you, your customers, or any individual. Drawer may use Aggregated Data without restriction, including for benchmarking, research, and product development.

3.4 Enterprise Opt-Out

Enterprise customers may request that their Customer Content be excluded from Product Improvement use cases (other than what is strictly necessary to provide the Service) by including a written data use restriction in their Order Document or by contacting legal@drawer.ai. Such restrictions may affect certain Service features that depend on continuous model improvement. Absent a written agreement to the contrary, Drawer’s default data use practices as described in this Section apply.

California users: Section 3 constitutes a pre-use disclosure of Automated Decision-Making Technology (ADMT) as required under the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.). See Section 12 for your ADMT rights.

4. Personal Data in Customer Content

Construction documents uploaded to the Service may contain personal information about third parties — including project owners, architects, engineers, subcontractors, and other individuals identified in title blocks, bid documents, or project files. As between Drawer and you:

• You are the data controller for that personal information;
• Drawer processes it solely on your instructions as a data processor;
• You are responsible for ensuring you have a lawful basis for uploading that personal information, for providing any required notices to affected individuals, and for complying with applicable privacy law in your jurisdiction with respect to that data.

Drawer processes personal information in Customer Content only to the extent necessary to provide the Service, as described in Sections 3 and 5. Drawer does not use personal information contained in Customer Content for its own marketing or advertising purposes.

If you are a construction professional uploading drawings that contain personal information about project owners or third parties, you should ensure your use of the Service is consistent with any applicable confidentiality obligations in your project contracts.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery

• To create and manage your account;
• To process and analyze uploaded documents and generate AI outputs (takeoffs, reports, estimates);
• To provide customer support and respond to your inquiries;
• To send transactional communications (account confirmations, billing receipts, service alerts);
• To manage authentication and account security via Keycloak.

5.2 Product Improvement

• As described in Section 3: to train, evaluate, and improve Drawer’s AI models and overall Service performance.

5.3 Analytics and Product Development

• To analyze website traffic and user behavior to improve the Service and user experience;
• To analyze website traffic and marketing performance (via Google Analytics, HubSpot, Google Ads, Bing Ads, Meta Ads Manager) on our marketing website only.

 

5.4 Legal, Safety, and Compliance

• To comply with applicable law, legal process, or regulatory obligations;
• To enforce our Terms of Service;
• To detect, prevent, or investigate fraud, security incidents, or violations of our Acceptable Use Policy;
• To protect the rights, property, and safety of Drawer, our customers, and the public.

5.5 Business Operations

• To process billing and payments;
• To send commercial electronic messages where you have provided consent (Canadian users: see Section 17);
• To conduct customer satisfaction surveys and gather product feedback.

We do not sell your personal information to third parties for their own marketing purposes, and we do not use personal information from Customer Content for advertising. See Section 11 for our “Do Not Sell or Share” policy.

6. How We Share Your Information

6.1 Subprocessors with Access to Customer Content

The following subprocessors may access Customer Content in connection with providing the Service:

• Amazon Web Services, Inc. (AWS): Primary cloud infrastructure provider. Customer Content is stored and processed on AWS infrastructure (compute, storage) in the United States.
• Amazon Web Services, Inc. — AWS Bedrock (Claude by Anthropic): AI model inference services used to process and analyze construction documents. Processing occurs within AWS infrastructure in the United States.

No other third-party vendors have access to Customer Content. Drawer relies on AWS’s standard service terms and security commitments for data protection. Enterprise customers requiring separately negotiated Data Processing Agreements (DPAs) should contact legal@drawer.ai.

6.2 Analytics, Marketing, and Product Services

The following third-party services process account-level and usage data in connection with the Service. None of these services have access to Customer Content:

• Keycloak: Identity and access management. Processes account authentication data.
• HubSpot: CRM and customer communications. Processes account contact information and support interactions.
• Google Analytics: Website traffic analytics (marketing website only).
• Google Ads / Bing Ads / Meta Ads Manager: Online advertising platforms (marketing website only). Data sharing with these platforms for advertising purposes may constitute a “sale” or “sharing” under the CCPA/CPRA. See Section 11.

A complete and current list of third-party services, their scope, and instructions for managing your preferences is maintained in our Cookies Policy at drawer.ai/cookie-policy.

6.3 Legal Disclosures

We may disclose personal information to government authorities, law enforcement, or other parties when required by applicable law, court order, subpoena, or legal process; when we believe disclosure is necessary to prevent harm or enforce our rights; or as otherwise required by law. Where legally permitted, we will notify you of such requests.

6.4 Business Transfers

If Drawer is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected users by email or prominent notice on our website before any such transfer results in a material change to this Privacy Policy.

6.5 No Sale of Personal Information for Marketing

Drawer does not sell personal information to third parties for their own direct marketing purposes. For CCPA/CPRA “sale” or “sharing” in the context of advertising technology, see Section 11.

7. Data Retention

Drawer retains Customer Content indefinitely by default. Deleting content in the interface creates a “soft delete” — the data is not permanently removed until you submit a written deletion request. This section explains your options.

Transparency notice:

7.1 Account and Registration Data

We retain your account and registration data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. Upon permanent account deletion, we will delete or anonymize account data within a commercially reasonable timeframe, subject to the exceptions below.

7.2 Customer Content

Customer Content (including raw PDFs, extracted data, generated reports, previews, and project logs) is retained for as long as your account is active and, unless otherwise agreed in writing, for an indefinite period after account termination or project deletion. Drawer does not apply automatic deletion schedules to project-level Customer Content.

When you delete a project through the Service interface, it becomes inaccessible to you (“soft delete”). The underlying data, including associated derived data, cached files, QA copies, and backup copies, is not automatically or immediately deleted.

7.3 How to Request Permanent Deletion

To request permanent (“hard”) deletion of your Customer Content, submit a written request to privacy@drawer.ai. We will use commercially reasonable efforts to honor your request within a reasonable timeframe. Please note:

• Data already incorporated into Aggregated Data (as defined in Section 3.3) from which re-identification is not reasonably possible cannot be removed;
• Backup copies may persist for up to one (1) month following confirmed hard deletion of primary data;
• We may retain data as required by applicable law, regulatory obligations, litigation holds, or legitimate business record-keeping.

7.4 Logs and Backups

System and activity logs are retained for approximately one (1) month. Backup copies of Customer Content are retained for approximately one (1) month in accordance with Drawer’s backup rotation policy.

7.5 Communications and Support Data

Support tickets, email correspondence, and materials provided during support interactions may be retained as part of Customer Content or separately in our support systems for as long as necessary to provide support and comply with our legal obligations.

8. Data Security and Breach Notification

Drawer implements commercially reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our infrastructure is hosted on Amazon Web Services (AWS) in the United States.

Drawer is working toward SOC 2 Type II certification. A current summary of our security practices is available upon reasonable written request by enterprise customers.

No data transmission or storage system is 100% secure. You are responsible for maintaining the security of your account credentials and for notifying us promptly if you suspect unauthorized access.

8.1 Breach Notification — U.S. Users

In the event of a personal data breach that affects your personal information, Drawer will notify you in accordance with applicable U.S. state data breach notification laws, including the Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code § 521.001 et seq.) and California’s data breach notification law (Cal. Civ. Code § 1798.82). We will provide notice without unreasonable delay and, where required, within the timeframes specified by applicable law.

8.2 Breach Notification — Canadian Users

For Canadian users, Drawer will comply with PIPEDA’s mandatory breach of security safeguards reporting requirements (Breach of Security Safeguards Regulations, SOR/2018-64). Where a breach creates a real risk of significant harm to affected individuals, Drawer will report to the Office of the Privacy Commissioner of Canada and notify affected individuals as required. Quebec users: Drawer will also comply with notification obligations under Law 25 (S.Q. 2021, c. 25) to the Commission d’accès à l’information (CAI).

9. Cross-Border Data Transfer

Drawer is a U.S.-based company. All Customer Content and personal information submitted through the Service is stored and processed in the United States on Amazon Web Services infrastructure.

9.1 Transfer from Canada to the United States

By using the Service, Canadian users explicitly consent to the transfer and processing of their personal information, including any personal information contained in Customer Content, in the United States. You acknowledge that the United States may apply different privacy protections than Canadian law.

Under PIPEDA’s accountability principle, Drawer remains responsible for the protection of personal information transferred to third-party processors (including AWS) and maintains appropriate contractual and organizational safeguards for transferred data. Quebec users: prior to transferring personal information outside Quebec as required under Law 25 (S.Q. 2021, c. 25, amending R.S.Q. c. P-39.1), Drawer has conducted a privacy impact assessment and implemented measures to provide equivalent protection.

9.2 Data Residency

Customer Content is not replicated outside of AWS U.S. infrastructure under Drawer’s current architecture. Enterprise customers with data residency requirements should contact legal@drawer.ai before using the Service.

10. Your Privacy Rights

10.1 California Residents — CCPA/CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) (Cal. Civ. Code § 1798.100 et seq.), provides you with the following rights:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (e.g., information necessary to complete a transaction, comply with a legal obligation, or as otherwise permitted by law).
• Right to Correct: You have the right to request correction of inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information. See Section 11.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit Drawer’s use of sensitive personal information to purposes necessary to provide the Service or as otherwise permitted by the CPRA.
• Right of Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Shine the Light (Cal. Civ. Code § 1798.83): California residents may request information about personal information disclosed to third parties for their direct marketing purposes in the prior calendar year. Drawer does not share personal information with third parties for their own direct marketing purposes.

CCPA Categories of Personal Information Collected:

• Identifiers: Name, email address, IP address, account ID.
• Commercial information: Subscription details, billing records, transaction history.
• Internet or other network activity: Usage data, log data, website interaction data.
• Professional or employment-related information: Job title, company name, professional information appearing in uploaded documents.
• Inferences: Inferences drawn from usage data to understand user preferences and improve the Service.

10.2 Other U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have similar rights to access, delete, correct, and opt out of certain processing of their personal information. Drawer extends equivalent rights to all U.S. users regardless of state. To exercise these rights, contact privacy@drawer.ai.

10.3 Canadian Users — PIPEDA Rights

If you are a Canadian user, PIPEDA (S.C. 2000, c. 5) provides you with rights under its ten Fair Information Principles, including:

• Right of Access: You have the right to request access to the personal information Drawer holds about you and to receive information about how it has been used and disclosed.
• Right of Correction: You have the right to challenge the accuracy and completeness of your personal information and request corrections.
• Right to Withdraw Consent: You may withdraw consent to Drawer’s collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Note that withdrawal of consent may prevent Drawer from providing the Service.
• Right to Complain: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca if you believe Drawer has not complied with PIPEDA.

Alberta users: you may file a complaint with the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca) under PIPA (S.A. 2003, c. P-6.5). British Columbia users: you may file with the Office of the Information and Privacy Commissioner for BC (oipc.bc.ca) under PIPA (S.B.C. 2003, c. 63).

10.4 Quebec Residents — Law 25 Additional Rights

Quebec residents have additional rights under the Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (Law 25, S.Q. 2021, c. 25, amending R.S.Q. c. P-39.1), fully in force as of September 22, 2024:

• Right to Data Portability: You have the right to receive personal information you have provided to Drawer in a structured, commonly used technological format, and to have it communicated to any person or body authorized by law.
• Right to De-indexing (Right to Be Forgotten): You have the right to request that Drawer cease disseminating your personal information or de-index any hyperlink attached to your name if dissemination causes you injury.
• Right Regarding Automated Decision-Making: Where Drawer makes a decision based exclusively on automated processing of your personal information that produces legal or significant effects, you have the right to be informed of the personal information used, to have a human review the decision, and to submit observations.
• Right to File a Complaint with the CAI: You have the right to file a complaint with the Commission d’accès à l’information (CAI) at cai.quebec.ca if you believe your rights under Law 25 have been violated. Non-compliance penalties under Law 25 can reach CAD $25,000,000 or 4% of worldwide annual revenue.

10.5 How to Exercise Your Rights

To exercise any of the rights described in this Section 10, submit a written request to:

• Email: privacy@drawer.ai
• Subject line: “Privacy Rights Request”
• Please include your name, account email address, the right(s) you wish to exercise, and sufficient information to verify your identity.

We will respond to verifiable requests within the following timeframes:

• CCPA/CPRA (California): Acknowledgment within 10 business days; substantive response within 45 days (extendable by an additional 45 days with notice).
• PIPEDA (Canada): Response within 30 days (extendable by up to 30 additional days with notice).
• Law 25 (Quebec): Response within 30 days. Failure to respond within the statutory period is an enforcement trigger for the CAI.

We will verify your identity before processing any rights request. We will not discriminate against you for exercising your privacy rights.

11. Do Not Sell or Share My Personal Information (CCPA/CPRA)

Drawer does not sell personal information to third parties in the traditional sense. However, sharing certain data with advertising technology platforms (Google Ads, Bing Ads, Meta Ads Manager) on our marketing website may constitute a “sale” or “sharing” of personal information under the CCPA/CPRA.

You have the right to opt out of this sharing at any time by:

• Using the cookie preference controls available at drawer.ai/cookie-policy or in the cookie banner on our website;
• Submitting a request to privacy@drawer.ai with the subject line “Do Not Sell or Share.”

We do not sell or share personal information from registered Service accounts for advertising purposes. The advertising technology data sharing described above relates exclusively to our marketing website and does not involve Customer Content or account data.

We do not respond to browser Do Not Track (DNT) signals at this time, as there is no uniform standard for how such signals should be interpreted. You may use the cookie preference controls described above to manage your choices.

12. Automated Decision-Making Technology (ADMT)

The Service uses automated systems to analyze construction documents, generate takeoffs, produce estimates, and process project data. These systems constitute Automated Decision-Making Technology (ADMT) as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code § 1798.100 et seq., as amended by Proposition 24, effective January 1, 2023).

The California Privacy Protection Agency (CPPA) has adopted ADMT-specific regulations. Drawer complies with those regulations to the extent they are in legal force and monitors ongoing regulatory and judicial developments affecting ADMT obligations.

Currently, where required by applicable law, Drawer provides:

• Pre-use disclosure of ADMT use (this Section 12 and Section 3 of this Policy constitute that disclosure);
• The ability to opt out of ADMT processing by contacting privacy@drawer.ai. Note that opting out of ADMT will materially affect or eliminate your ability to use the Service, as AI-powered document processing is the core function of the platform.

Quebec residents: automated decisions based exclusively on personal information may trigger additional rights under Law 25. See Section 10.4.

13. Cookies and Tracking Technologies

Drawer uses cookies and similar tracking technologies on its marketing website (drawer.ai) and within the Service. Cookies are small text files stored on your device that help us provide and improve the Service.

13.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for the Service to function. These include authentication cookies (managed by Keycloak) and session management cookies. These cannot be disabled without breaking core functionality.
• Analytics Cookies: Used to understand how visitors interact with our marketing website (Google Analytics, HubSpot). Help us improve website performance and user experience.
• Marketing and Advertising Cookies: Used to deliver relevant advertising on our marketing website and to measure campaign effectiveness (Google Ads, Bing Ads, Meta Ads Manager, HubSpot). These may involve data sharing that constitutes a “sale” or “sharing” under the CCPA/CPRA. See Section 11.

13.2 Managing Cookie Preferences

You can manage your cookie preferences at any time through:

• The cookie banner displayed on your first visit to our website;
• Our Cookies Policy and preference center at drawer.ai/cookie-policy;
• Your browser settings (note: disabling all cookies may affect Service functionality).

A complete and current list of all cookies we use, their purposes, durations, and the third parties involved is maintained at drawer.ai/cookie-policy.

14. Children’s Privacy

The Service is intended for use by business professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from individuals under 13 years of age.

In compliance with the Children’s Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501 et seq.), if we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at privacy@drawer.ai.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or Service features. When we make material changes, we will:

• Post the updated Policy at drawer.ai/privacy-policy with a revised “Effective Date”;
• Send an email notification to the address associated with your account at least thirty (30) days before material changes take effect.

Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the changes. If you do not agree with the updated Policy, you must stop using the Service.

We may make changes effective immediately if required by applicable law or to address a security emergency, with notice provided as promptly as reasonably practicable.

16. Contact Information

For questions, concerns, or to exercise your privacy rights, please contact:

Drawer Inc.

Privacy Officer / Data Protection Contact

Email: privacy@drawer.ai

Legal: legal@drawer.ai

Website: drawer.ai

Physical address: 14425 Falcon Head Blvd, Building E, Suite 100, Austin, TX 78738, USA

We aim to respond to all privacy inquiries within five (5) business days. For formal rights requests, statutory response timelines apply as described in Section 10.5.

17. Additional Information for Canadian Users

All users and customers located in Canada, including all provinces and territories. Where any provision in this Section conflicts with a provision elsewhere in this Policy, this Section prevails for Canadian users.

Section applies to:

17.1 PIPEDA Compliance

Drawer complies with the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and its ten Fair Information Principles: Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use/Disclosure/Retention, Accuracy, Safeguards, Openness, Individual Access, and Challenging Compliance.

Drawer has designated privacy@drawer.ai as its primary privacy contact responsible for PIPEDA compliance. For complaints that cannot be resolved directly with Drawer, Canadian users may contact the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

17.2 Applicable Canadian Privacy Legislation

• PIPEDA (S.C. 2000, c. 5): Applies to Drawer’s collection, use, and disclosure of personal information in the course of commercial activity, including cross-border transfers of personal information from Canada to the United States.
• Law 25 (S.Q. 2021, c. 25, amending R.S.Q. c. P-39.1) — Quebec: Fully in force September 22, 2024. Applies to users and data subjects located in Quebec. Recognized by the OPC as substantially similar to PIPEDA for intra-provincial commercial activities.
• PIPA (S.A. 2003, c. P-6.5) — Alberta: Applies to personal information collected in the course of commercial activity within Alberta. Recognized as substantially similar to PIPEDA. PIPEDA continues to apply to cross-border transfers.
• PIPA (S.B.C. 2003, c. 63) — British Columbia: Applies to personal information collected in the course of commercial activity within BC. Recognized as substantially similar to PIPEDA. PIPEDA applies to cross-border transfers.

17.3 Consent

Where Drawer relies on consent as the legal basis for processing your personal information, you provided that consent at account registration. You may withdraw consent at any time by contacting privacy@drawer.ai, with the understanding that withdrawal may affect Drawer’s ability to provide the Service. Drawer relies on implied consent for processing activities reasonably expected given the nature of the Service, and on express consent for Product Improvement use of Customer Content.

17.4 Commercial Electronic Messages (CASL)

Drawer’s obligations under Canada’s Anti-Spam Legislation (CASL, S.C. 2010, c. 23) — including consent requirements, message types, and unsubscribe procedures — are governed by Section 19 of our Terms of Service at drawer.ai/terms.

17.5 Quebec — French Language

Cette Politique de confidentialité est disponible en français à l’adresse drawer.ai/fr/privacy-policy. Conformément à la Charte de la langue française (R.L.R.Q. c. C-11), telle que modifiée par la Loi sur la langue officielle et commune du Québec, le français (Loi 14 / Projet de loi 96, L.Q. 2022, c. 14), les résidents du Québec peuvent obtenir la version française en tout temps.

This Privacy Policy is available in French at drawer.ai/fr/privacy-policy. Quebec residents may request the French version at any time by contacting privacy@drawer.ai.

This document constitutes the Privacy Policy of Drawer Inc. for users in the United States and Canada. A French version is available at drawer.ai/fr/privacy-policy. Last reviewed: June 2, 2026.

 

Do Not Sell or Share My Personal Information

Disable Analytics and Marketing Cookies