Skip to main content

Privacy Policy

Last updated: February 9, 2026

1. Introduction

Digital Rights Defender Inc. (“we”, “us”, “our”) operates the DRD.io platform. This Privacy Policy describes how we collect, use, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organization details. Authentication is handled by Clerk, a third-party identity provider.

Agent and Event Data

We collect data about registered AI agents, their events, policy evaluations, enforcement actions, and reputation scores. This data is essential to providing the governance service.

Usage Data

We collect anonymized usage data including page views, API call patterns, and feature usage to improve the Service.

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Compute agent reputation scores and trust badges
  • Process enforcement actions and approval workflows
  • Send service notifications and security alerts
  • Generate aggregated, anonymized analytics
  • Comply with legal obligations

4. Data Storage and Security

Your data is stored in encrypted databases hosted on Neon (PostgreSQL). All data is encrypted in transit (TLS 1.3) and at rest. Event logs use hash-chained integrity verification to detect tampering. API keys are stored as SHA-256 hashes.

5. Data Retention

Event data is retained based on your plan: 7 days (Free), 90 days (Pro), or unlimited (Enterprise). Account data is retained for the duration of your account plus 30 days after deletion. You may request data export or deletion at any time.

6. Third-Party Services

We use the following third-party services:

  • Clerk — Authentication and identity management
  • Neon — Database hosting (PostgreSQL)
  • Sentry — Error monitoring
  • Vercel / Railway — Application hosting

Each provider has their own privacy policy and data processing agreements.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Lodge a complaint with a supervisory authority

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.

10. Contact

For privacy-related inquiries, contact us at our contact page or email privacy@drd.io.