DRFT · Privacy

Privacy Policy

LAST UPDATED: 2026-06-11

1. The short version

No DRFT account. No DRFT server-side database. Your data lives on your device and, for Pro users, in your own private iCloud database.
DRFT never records, stores, or transmits audio. Audio is processed in real time on your device and immediately discarded.
All speech recognition and wake word detection happen entirely on your device — no audio ever leaves your phone or computer.
When you request an AI summary, a transcript snippet (≤250 words of text) is sent to OpenAI through DRFT's Cloudflare proxy. Never raw audio. AI summaries are a Pro feature; free users see a Go Pro prompt on locked summaries.
No ads and no product analytics SDKs in the app — no advertising and no Google Mobile Ads, and no Firebase, Mixpanel, or similar, on any platform or tier.
Our website logs anonymized page views via Vercel Analytics — no cookies, no personal data.

2. No-account architecture

DRFT does not maintain user accounts or a server-side database of your personal data. There is no sign-up, no password, and no DRFT profile. Your data lives in 2 places only: on your device (SwiftData, local), and for Pro subscribers, in your own private iCloud database (Apple CloudKit — encrypted at rest by Apple, scoped exclusively to your Apple ID).

The only DRFT-server-side data is a technical push-routing record (your APNs device token keyed by an opaque iCloud user record ID and DRFT device ID) stored with a 180-day rolling TTL. See section 7 for details.

3. Audio capture & microphone access

DRFT captures audio differently on each platform:

iPhone — DRFT uses the device microphone to capture ambient audio. Designed for speakerphone calls, in-person meetings, and other situations where audio is audible in the room. You must explicitly start each listening session; the microphone is only active while a session is running. DRFT does not tap into phone call audio directly — it listens to what is audible around the device.
Mac — DRFT uses Core Audio process taps to capture the audio output of other applications on your system (Zoom, Teams, Google Meet, etc.). This is system-level audio routing — not a microphone tap and not ScreenCaptureKit. The Mac app does not hold a microphone entitlement. You grant the System Audio Recording permission once through macOS System Settings.

On both platforms, audio is processed in real time by Apple's on-device SpeechAnalyzer framework and is immediately discarded. Audio is never recorded to disk, never uploaded to any server, and never retained after processing.

4. Wake word detection

Wake word detection runs entirely on your device. Audio is transcribed locally into text using Apple's on-device speech recognition (SpeechAnalyzer + SpeechTranscriber), then matched against your configured wake words. No audio or transcript data leaves your device during this process. The speech-to-text stream is processed in real time and discarded — DRFT does not maintain a recording or persistent transcript.

5. AI summaries

When a wake word is detected and you request an AI summary, a short window of transcript text surrounding the detection is sent to OpenAI's API through DRFT's Cloudflare proxy to generate a summary. Key details:

Only text is sent — never raw audio.
The transcript snippet is capped at approximately 250 words.
The text is sent over HTTPS through a Cloudflare Workers proxy that validates requests and enforces rate limits. The proxy does not log or store transcript content.
We do not retain transcript text — it passes through our proxy and is forwarded to OpenAI's API, then discarded.
Transcripts sent to OpenAI are governed by OpenAI's API data usage policies. OpenAI states that API inputs and outputs are not used to train its models by default unless the API customer opts in. We avoid sending personal identifiers to the API. Wake words and the surrounding transcript snippets are visible to OpenAI's systems during processing.
If the OpenAI API is unavailable, DRFT may fall back to Apple's on-device Foundation Models (Apple Intelligence) to generate the fallback summary locally after the cloud attempt fails. In normal mode, that earlier cloud attempt may have transmitted transcript text through the Cloudflare proxy and OpenAI; the no-server transcript guarantee applies only while Private Mode is active.
Private Mode (Pro). Pro users on Apple Intelligence–capable devices can turn on Private Mode in Settings when on-device summaries are currently available. While Private Mode is active, summaries are generated entirely on-device using Apple's Foundation Models and no transcript text is sent to the Cloudflare proxy or OpenAI — the cloud path is bypassed for those summaries, not just when OpenAI is unreachable.

Who can use AI summaries: AI summaries are a Pro feature. Free users see a Go Pro prompt on locked summaries. If you prefer never to send transcript text off-device, use Private Mode while it is active, or disable AI summaries.

6. Data stored on your device

DRFT stores the following data locally on your device using SwiftData:

Missed Moments — Detected wake word, timestamp, transcript snippet, and AI summary (if generated).
Wake Words & Profiles — Your configured custom wake words and wake-word profiles.
App Settings — Preferences such as detection sensitivity and notification settings.

This data stays on your device unless you opt into iCloud sync (Pro only, see section 8).

iCloud Key-Value Storage. DRFT also stores your first and last name (entered during onboarding) in Apple's iCloud Key-Value Storage. This is used to personalize feedback submissions and syncs automatically across your own devices. This data persists across app deletion per Apple's NSUbiquitousKeyValueStore semantics; to clear it, use Settings → Delete All Data within the App before deleting it.

6a. App Store privacy nutrition label categories

The following data types are declared in DRFT's App Store privacy manifest (PrivacyInfo.xcprivacy), mirroring what the App Store shows on the product page:

Name — First and last name entered during onboarding; stored in iCloud Key-Value Storage across all tiers.
Other User Content — Wake words and wake-word profiles you create; stored locally and (Pro only) synced to your private CloudKit zone.
Product Interaction — Detection events, session activity, and achievement progress; stored locally for the in-app gamification system.
Purchase History — Pro subscription status managed by Apple StoreKit; DRFT reads entitlement state only, never payment instrument details.
User ID — Opaque iCloud user record ID used to key the push-routing record in Cloudflare Workers KV and to pair devices for relay.
Device ID — DRFT's push-routing device key is a fixed platform label (iphone or mac) used alongside the User ID to locate the registered APNs token and confirm a registered DRFT install.

7. Push notifications & relay mode

DRFT sends all notifications through Apple Push Notification service (APNs) via our Cloudflare Worker relay. There are no local notifications. If you revoke notification permission, no push is delivered.

What push payloads contain. Detection push payloads contain only a generic title (“<KEYWORD> detected”), a generic body (“Open DRFT to view summary.”), and opaque identifiers (keyword name and detection ID). Transcripts and AI summaries are never sent over APNs. When you open a detection notification, the app loads the full moment (including any summary) from local app storage, or from your private CloudKit container when Pro sync is active.

Mac → iPhone relay (Pro only). Pro users can link their Mac and iPhone so detections from Mac system audio are relayed to the iPhone via APNs through our Cloudflare Worker.

Device token storage. When you enable notifications, DRFT transmits your Apple-issued APNs device token to our Cloudflare Worker. Tokens are stored in Cloudflare Workers KV with a rolling 180-day TTL and automatically expire if the device stops checking in. Each entry is keyed by {iCloud user record ID}:{device ID}. The iCloud user record ID is an opaque Apple identifier, not your Apple ID email or name; the device ID is DRFT's fixed iphone or mac routing label. Apple issues a distinct opaque iCloud user ID per app; DRFT's ID for you cannot be cross-referenced with any other app. We use these values solely to (1) pair your Mac and iPhone under the same iCloud account for cross-device relay and (2) confirm the caller is a registered DRFT install before forwarding transcript text to OpenAI through DRFT's Cloudflare proxy.

8. iCloud sync (Pro)

Pro users may enable iCloud sync, which uses Apple CloudKit to mirror Missed Moments, wake words, profiles, and achievements across your devices. This data is stored in a custom private CloudKit zone (DRFTUserDataV1) in your personal iCloud account — DRFT cannot access it. Apple's iCloud privacy practices and encryption-at-rest apply. DRFT has not enabled Apple's End-to-End Encryption option on this zone, so standard iCloud-at-rest encryption (Apple-key-managed) applies.

No audio data is ever synced. You can disable iCloud sync at any time in Settings, which stops future syncing. The Delete All Data action in Settings also deletes the Pro CloudKit zone when sync is active.

9. Feedback submissions

When you tap Send Feedback (Settings → Feedback), DRFT opens your device's default email client with a pre-addressed message to support@drft.ing via a standard mailto: link. Your email is sent entirely through your own mail app — DRFT does not use a transactional email service or relay your message through any third-party provider. By default, the draft is pre-filled with the first and last name you entered during onboarding; you may edit or remove these before sending if you want the submission to be anonymous. We retain feedback emails in our support inbox only as long as needed to respond to you.

10. Analytics

Website. Vercel Analytics collects anonymized page views on drft.ing. No cookies. No personal data. The analytics script is deferred and does not fire until after page load.

App. DRFT does not use third-party product analytics SDKs. There is no Firebase, Mixpanel, Amplitude, Segment, PostHog, or equivalent in the iOS or macOS app. Usage data (detection counts, session duration, achievement progress) is stored locally on your device for the in-app gamification system and is not transmitted to any server.

11. Advertising

DRFT contains no advertising. There are no ads on any platform or tier — iPhone or Mac, free or Pro. DRFT does not integrate Google Mobile Ads (AdMob), the Google User Messaging Platform (UMP) consent SDK, or App Tracking Transparency, and it collects no advertising identifiers (such as IDFA), ad-interaction events, or IP-derived location for advertising purposes.

An earlier version of the iPhone free tier showed ads served by Google Mobile Ads; advertising has since been removed from the app entirely.

12. Third-party services

OpenAI API Transcript text (≤250 words) when AI summary is requested. Governed by OpenAI's API data usage policies.

Cloudflare Workers DRFT proxy for AI summary requests and push relay. No transcript or response body content is logged in normal operation.

Cloudflare Workers KV APNs device token + opaque iCloud user record ID, 180-day rolling TTL.

Apple CloudKit (Pro sync) Missed Moments, wake words, profiles, and achievements synced to user's private CloudKit zone (DRFTUserDataV1). DRFT cannot access this data.

Apple iCloud Key-Value Storage First and last name (all tiers). Syncs across user's own devices. Persists across app deletion.

Apple APNs Push detection alerts (Pro, Mac → iPhone relay) and achievement notifications (all tiers, same device). No transcript content in payloads.

Apple StoreKit Subscription status (managed entirely by Apple). DRFT never sees payment instrument.

Vercel / Vercel Analytics Promo site hosting (drft.ing) + anonymized page views. No cookies.

We do not sell, rent, or share your personal data with any third party for their own marketing purposes.

13. Children's privacy

DRFT is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact us at support@drft.ing and we will delete it promptly.

Age verification (Texas SB 2420 — watch item). DRFT includes support for Apple's Declared Age Range API, which allows the OS to provide a coarse age band (e.g., "13–17") without revealing a specific age or identity. When this API becomes available and enabled, DRFT may use the age band solely to gate age-sensitive features on-device. We do not store or transmit the age band. This feature is currently log-only; the corresponding Apple Developer entitlement has not yet been enabled.

14. Your rights

Because virtually all DRFT data lives on your device, you have direct control. Deleting the app removes all local data. You can also use Settings → Delete All Data to wipe everything (Missed Moments, wake words, preferences, CloudKit zone if sync is active, push relay registration, and iCloud KV user name) in 1 action. The 1 item not deleted is your StoreKit Pro entitlement, which Apple owns.

GDPR (EEA, UK, Switzerland). If you are in the EEA, UK, or Switzerland, you have the following rights regarding any personal data DRFT processes:

Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate data.
Erasure — request deletion of your personal data.
Restriction — request that we restrict processing in certain circumstances.
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — withdraw any consent you have given at any time.
Lodge a complaint — with your national supervisory authority.

Lawful basis per data category: Push routing data (APNs token + opaque iCloud ID) — contract performance (delivering the notification service you enabled). Transcript text forwarded for AI summaries — legitimate interest (providing the feature you requested) with the ability to opt out at any time. Name in iCloud KV — contract performance (personalizing your feedback submissions).

We will respond to rights requests within 30 days. To submit a request, email support@drft.ing.

CCPA / CPRA (California residents). We do not sell or share personal information. DRFT serves no ads and uses no advertising identifiers or cross-context behavioral advertising. California residents have the right to know what personal information is collected, to delete it, to correct it, to limit use of sensitive PI, and to non-discrimination for exercising these rights. Categories of PI we collect: identifiers (opaque iCloud user record ID and device label, used for push routing); name (iCloud KV, if provided during onboarding).

15. Data retention

Audio is ephemeral — processed in real time and discarded immediately. No audio is ever written to disk or transmitted. Saved Moments (detection metadata and text) persist on your device until you delete them. Use Settings → Delete All Data to erase everything at once.

On our servers, the only data we retain is the push-routing record in Cloudflare Workers KV: your APNs device token paired with your opaque iCloud user record ID and DRFT device ID, with a rolling 180-day TTL that expires automatically if your device stops checking in. Transcript text sent for AI summaries is not logged or stored by our Worker. Feedback submissions are retained in our support inbox only as long as needed to respond to you.

16. Security

All network communication uses HTTPS/TLS encryption. On-device data is protected by iOS/macOS system encryption and your device passcode. Speech recognition runs locally in a sandboxed process — audio never leaves the device.

17. Changes to this policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. Material changes will be communicated through the App or this page at least 30 days before taking effect.

18. Contact

Questions, concerns, or rights requests? Reach out at support@drft.ing. We respond within 30 days.