Privacy Policy

Last Updated: November 16, 2025

This Privacy Policy describes how Lightspark Games LLC (referred to as 'Subdraft', 'we', 'our', or 'us') collects, uses, and protects your personal data when you use our website (subdraft.ai) and related AI-powered content creation services (the 'Services'). We value your privacy and are committed to protecting your information. By using Subdraft, you agree to the practices described below.

1. Overview

  • Who we are: Lightspark Games LLC operates Subdraft, an AI-powered marketing and content creation platform.

  • What we collect: Account, billing, usage, and content data you provide or generate.

  • Why we collect it: To deliver, improve, and secure the Services; to process payments; and to comply with law.

  • Google Sign-In: If you sign in with Google, we receive your name, email, and profile picture to create and authenticate your account.

  • Your rights: You may access, correct, delete, or restrict your personal data, and opt out of marketing.

  • Contact: support@subdraft.ai.

2. Information We Collect

A. Information You Provide

We collect the following data when you use Subdraft:

  • Account information: name, email, password, and organization details.

  • Payment details handled by third-party providers such as Stripe.

  • Content and prompts ('User Content') that you enter for content generation.

  • Feedback and support requests, including messages and contact details.

B. Information Collected Automatically

When you use our site or app, we automatically collect:

  • Device and browser information (IP address, operating system, and version).

  • Usage data such as page views, session length, and interaction patterns.

  • Cookies and similar technologies to remember preferences and analyze performance.

  • Security and system log data, including repeated failed logins, API rate-limit events, integration errors, and other telemetry used to detect fraud or abuse.

You can manage cookies through your browser settings. Essential cookies are required for site functionality.

C. Information From Other Sources

We may receive information from payment processors, analytics partners, and integrations you connect to your account.

Authorized Subdraft personnel may access limited account metadata and logs solely to provide support, investigate performance issues, or protect the Services from abuse. Access is restricted and audited.

Google Sign-In

When you choose Google Sign-In, we receive your Google account name, email address, and profile picture from Google. We use this information solely to create and authenticate your Subdraft account, personalize your profile, and protect access to your account. We do not request access to Gmail, Drive, or other Google content.

You can revoke Subdraft’s Google Sign-In access anytime via your Google Account settings. Revoking access will prevent new sign-ins with Google until you reconnect; it does not delete your Subdraft account. You can delete your Subdraft account any time in Settings -> Account or contact support@subdraft.ai.

3. How We Use Your Information

  • Provide, maintain, and improve the Subdraft platform.

  • Authenticate users and secure accounts.

  • Process payments for subscriptions or AI credits.

  • Generate AI-powered content at your request.

  • Communicate with you about updates or support.

  • Detect, prevent, and address fraud or abuse.

  • Comply with legal obligations.

  • Personalize your experience and recommend relevant features.

We do not sell or rent personal data to third parties.

4. Third-Party Integrations

Subdraft currently offers optional integrations with Trello, Monday.com, Slack, and Notion (collectively, the "Connected Apps"). When you link one of these services, we access only the scopes you grant so we can create cards, tasks, messages, or pages on your behalf. We send only the finished document content (including any metrics contained in that document) that you explicitly choose to export. Prompts and other instructions stay within Subdraft and are never transmitted to Connected Apps.

  • Trello (Atlassian, USA): Receives the card title, description, checklist text, and attachments you explicitly push from Subdraft.

  • Monday.com (Globally distributed infrastructure): Receives the pulses/items, column values, and supporting files that you direct us to create in your chosen board

  • Slack (USA): Receives only the message text (including any metrics you include), optional attachments, and the workspace/channel identifiers required to post the message you request.

  • Notion (USA): Receives the page title and body blocks (content and metrics), and database properties you instruct us to write; we do not read existing Notion content.

We store access tokens for the Connected Apps in encrypted form solely to execute the exports you request. You can disconnect an integration at any time from Settings, which invalidates stored tokens. We may change or discontinue integrations at our discretion.

5. AI-Generated and User Content

User Content may be processed by third-party AI models. Generated outputs may be stored temporarily to deliver results and improve quality. You retain ownership of Generated Content. We may analyze anonymized usage patterns to improve performance and never use User Content for public AI training without your consent.

Subdraft does not use User Content or Generated Content to train or fine-tune third-party AI models such as OpenAI, Google, or xAI systems.

6. Legal Bases for Processing (EEA/UK Users)

  • Contract performance to provide the Services.

  • Legitimate interests to improve and secure our Services.

  • Consent for marketing communications or integrations.

  • Legal obligations to comply with applicable law.

You may withdraw consent at any time without affecting prior processing.

Subdraft does not engage in automated decision-making that produces legal or similarly significant effects under GDPR Article 22.

7. Sharing of Information

We share data only when necessary and under strict confidentiality agreements with trusted service providers:

  • Supabase (USA): Provides managed Postgres database, authentication, and storage services.

  • Google Cloud / Firebase (USA): Provides cloud hosting, serverless runtime infrastructure, logging, and monitoring.

  • Stripe (USA): Processes payments and subscriptions securely.

  • OpenAI, xAI, and Google (USA): Supply AI language model APIs used for generating marketing content.

  • Connected Apps (Trello, Monday.com, Slack, Notion): Receive only the document content (including any metrics within those documents) and identifiers that you explicitly export through their integrations.

  • Brevo (Sendinblue, EU): Handles transactional and customer email delivery through EU-based data centers.

We may also disclose information for legal compliance, corporate transactions, or to affiliates supporting the Services.

8. Retention of Data

We retain personal data only while your account remains active and for up to sixty (60) days after you close your account or request deletion. During this window we keep limited records to comply with legal, tax, and fraud prevention obligations. After 60 days, we delete or irreversibly anonymize personal data, and system copies are overwritten on the same schedule unless we are required by law, regulation, or a valid law-enforcement hold to retain specific data longer.

This retention schedule applies to documents, generated text, metrics, and other workspace content stored in our databases. You should export any needed materials before closing an account or requesting deletion.

Aggregated analytics that no longer identify you may be stored beyond 60 days to improve the Services. You may request deletion at any time, and we will confirm once removal is complete.

9. Your Privacy Rights

All users may access, correct, delete, or restrict personal data and opt out of marketing communications.

EEA/UK/Swiss residents also have data portability rights and may lodge complaints with their supervisory authority.

Requests can be sent to support@subdraft.ai with the subject 'Privacy Request'. We may verify identity before fulfilling requests.

10. Data Transfers

Subdraft operates primarily in the United States. We use safeguards such as Standard Contractual Clauses and comply with the EU-US Data Privacy Framework for cross-border transfers.

11. Security

We implement industry-standard security measures including encrypted HTTPS connections, secure cloud storage with strict access controls, and regular vulnerability scans. If a data breach occurs, we will notify affected users and authorities as required by law.

12. Cookies and Tracking Technologies

Subdraft uses cookies to maintain login sessions, measure traffic and performance, and personalize experiences. You can disable non-essential cookies through your browser settings, but essential cookies are required for operation. We do not currently show a cookie banner or offer in-app cookie controls; by using the Services you consent to our use of analytics cookies, and you may opt out by adjusting your browser or device-level privacy settings. Declining analytics cookies may limit certain personalization features.

13. Communications Preferences

You may unsubscribe from marketing emails at any time via the unsubscribe link or by contacting support@subdraft.ai. We may still send essential service or billing notices.

14. U.S. State Privacy Disclosures

Residents of California, Virginia, Colorado, and other U.S. states have rights to know what personal data is collected, request deletion or correction, and opt out of sale (Subdraft does not sell personal data). Requests may be sent to support@subdraft.ai, which is our dedicated privacy channel.

If we deny your request, you may appeal by replying to our response or emailing support@subdraft.ai with the subject line "Privacy Appeal." We will review and respond to appeals within 45 days as required by applicable law. We do not currently maintain a toll-free hotline; email is the exclusive method for privacy requests and appeals.

California "Shine the Light" disclosure: Subdraft does not share personal information with third parties for their own direct marketing purposes.

15. Children's Privacy

Subdraft is not directed toward children under 13 (or under the minimum age required in your jurisdiction). In the EEA and United Kingdom, the Services are not intended for children under 16. We do not knowingly collect children's data; if discovered, it will be promptly deleted.

16. Data Retention and Deletion Summary

  • Account profile and workspace content: deleted within 60 days after cancellation or verified deletion request.

  • Billing and anti-fraud records: stored up to 60 days, then deleted unless a longer period is required by law enforcement.

  • Aggregated or anonymized analytics: retained indefinitely without personal identifiers.

You may contact support@subdraft.ai at any time to confirm the status of your data deletion request.

17. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will appear at subdraft.ai/privacy-policy with an updated 'Last Updated' date. If we make material changes, we will notify you by email or in-app message.

18. Contact Us

Email: support@subdraft.ai

EU/UK privacy inquiries (Article 27 contact): support@subdraft.ai (Attention: Founder)

Address: Lightspark Games LLC, 3911 Concord Pike #8030, SMB#66982, Wilmington, DE 19803

We may update our contact methods or designated privacy representative as needed; please review this section for the latest details.