1. Overview
DrawLint.ai ("we", "us", "our") is an AI-powered system design review platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services at drawlint.ai.
2. Information We Collect
Account Information
- Email address — used for authentication, email verification, and transactional emails.
- Display name — shown on your public submissions.
- OAuth profile data — when you sign in with Google or GitHub, we receive your name, email, and profile picture from the provider. We do not access your repositories, contacts, or other data.
Design Data
- System design diagrams — the drawings you create and submit for review.
- AI review results — the feedback generated by our AI reviewers.
- Your responses — text you write when responding to AI feedback.
API Keys (BYO Mode)
- If you choose to bring your own AI provider (Gemini or Azure OpenAI), your API keys are stored locally in your browser's localStorage.
- Keys are sent to our server only during analysis requests and are never stored on our servers.
- Clearing your browser data will remove your stored keys.
Automatically Collected Data
- Cookies — we use essential cookies for authentication (session management via NextAuth.js). We do not use tracking or advertising cookies.
- Server logs — standard web server logs (IP address, browser type, access times) for security and debugging purposes.
3. How We Use Your Information
- To provide and maintain the DrawLint.ai service.
- To authenticate your identity and manage your account.
- To process your design diagrams through AI review.
- To send transactional emails (verification, welcome).
- To improve our service and fix issues.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Third-Party Services
We use the following third-party services to operate DrawLint.ai:
- Microsoft Azure — hosting, database (Cosmos DB), and AI services (Azure OpenAI) for managed AI reviews.
- Google OAuth — optional sign-in provider. Subject to Google's Privacy Policy.
- GitHub OAuth — optional sign-in provider. Subject to GitHub's Privacy Statement.
- Google Gemini API — if you choose the free AI option, your design data is sent to Google's Gemini API for analysis. Subject to Gemini API Terms.
- Resend — transactional email delivery.
5. Data Storage & Security
- Your data is stored on Microsoft Azure infrastructure.
- Passwords are hashed using bcrypt before storage.
- Authentication tokens are signed with HMAC-SHA256 and stored in HttpOnly Secure cookies.
- All data is transmitted over HTTPS.
- BYO API keys are stored only in your browser and never persisted on our servers.
6. Data Retention
- Account data is retained as long as your account is active.
- Design submissions and reviews are retained indefinitely unless you delete them.
- You may request deletion of your account and all associated data by contacting us.
7. Your Rights
You have the right to:
- Access your personal data stored by us.
- Correct inaccurate data.
- Delete your account and all associated data.
- Export your design data.
- Withdraw consent for data processing at any time.
To exercise any of these rights, contact us at drawlint.ai.support@gmail.com.
8. Children's Privacy
DrawLint.ai is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.