Privacy

Privacy policy.

The short version: your text isn’t kept, isn’t sold, and never trains a model.

Last updated: 2026-04-29 · Operator: Acumen Holdings (Humdraft)

What we collect

Humdraft is a writing tool, so the data we touch is mostly the text you give us. We try to keep that footprint small:

Text you submit to our humanize, AI-check, plagiarism, readability, grammar, and bulk-scan tools. We process this on demand to return a result and then drop it (see retention below).
Account information if you create an account — your email address, hashed password (or OAuth identifier), plan tier, and billing identifiers from our payment processor. We don’t store full card numbers; that lives with Stripe.
Anonymous usage analytics — page views, button clicks, request counts, error rates. These help us know what to fix. They are not tied to your text content and are aggregated where possible.
Standard server logs — IP address, user agent, timestamp — kept for abuse-prevention and debugging.

We do not ask for, collect, or store: your real name (unless you tell us), phone number, location beyond country-level inference from IP, or anything from contact lists / address books.

How we store your text

By default, the text you submit is kept only as long as it takes to run the API call and return your result. Once we’ve responded, the in-memory copy is dropped and any temporary cache entry expires within 24 hours.

We never train models on your text. Not first-party models, not third-party. Your draft is your draft.

If you opt in to draft history (a Pro/Team feature), your saved drafts are encrypted at rest and visible only to you (or, on Team plans, your workspace admins). You can delete any saved draft at any time from your dashboard, and deletions are irrecoverable within 30 days.

Third-party processors

To run the service we use a handful of vendors. They each see only the data they need to do their job:

Originality.ai, GPTZero, Turnitin, ZeroGPT, Copyleaks — receive the text you submit to verify a humanize or AI-check pass, only at the moment of the check, and only the text required for scoring.
Stripe — receives your payment details (card, billing address) for subscription processing. We never see your full card number.
Vercel — hosts the application. Server logs (IP, user agent, request path) live there for routine operations.
Postmark — sends transactional email (receipts, password resets). Receives your email address only.

We don’t share your data with advertising networks or data brokers. Full stop.

Your rights (GDPR / CCPA)

If you’re in the EU, UK, California, or another jurisdiction with similar protections, you have the right to:

Access the data we hold about you.
Correct anything inaccurate.
Delete your account and all associated data.
Export your data in a portable format.
Object to processing or restrict it for specific purposes.
Withdraw consent at any time, where consent is the legal basis.

To exercise any of these, email hello@humdraft.ai from the address tied to your account. We respond within 30 days, usually faster.

Retention windows

Submitted text — dropped within 24 hours of the API call.
Saved drafts (opt-in only) — kept until you delete them; backups age out within 30 days.
Account record — kept while your account is active. Deleted within 30 days of account closure.
Billing records — kept for 7 years to satisfy tax / accounting law.
Server logs — kept for 30 days.

Contact

Questions, requests, or concerns about this policy or your data — reach us at hello@humdraft.ai. We read every message.

Humdraft is a product of Acumen Holdings. Mailing address available on request.