Privacy Policy

Effective Date: 14 March of 2025

At Drellia, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Data Controller

Drellia OÜ ("Company," "we," "us," or "our") acts as the data controller for personal data collected through the Drellia platform (the "Service") and is responsible for processing your personal data as described in this Privacy Policy.

2. Personal Data We Collect

We collect various types of personal data to operate, improve, and provide our Services. This includes information you provide directly, data generated through your interactions, and information we receive from third parties.

At a Glance: What We Collect

  • Profile Details: Name, email, contact info, and payment data
  • Service Usage Data: IP address, device info, browser type, and interaction logs
  • AI-Related Content: Prompts, inputs, and outputs processed by our platform
  • Cookies & Tracking Technologies: Data collected through browser tools and similar methods
  • Third-Party Connections: Information required to enable integrations with external services

Detailed Breakdown

a. Information You Provide to Us: We collect personal data when you interact directly with Drellia, such as when you sign up, use features, or contact us.

  • Account Details: When you register, we collect basic account information including your name, email address, contact details, date of birth, payment method, and transaction history.
  • Content You Share: You may provide content while using our AI-powered features—this includes text prompts, uploaded files, images, or audio. This input, along with generated outputs, may contain personal data depending on what you choose to share.
  • Communications with Us: If you contact us by email or through social platforms, we collect your name, contact information, and the content of your messages.
  • Additional Voluntary Information: You might provide us with additional data during surveys, events, beta testing, or identity/age verification.

b. Information Collected Automatically: When you access Drellia, we collect certain technical data automatically to ensure security and improve performance.

  • Log and Usage Information: This includes your IP address, time zone, browser type, language preferences, interaction timestamps, and how you engage with different features on the platform.
  • Device Information: We collect data about the devices you use, such as hardware model, operating system, and browser identifiers.
  • Location Data: Based on your IP address or device settings, we may determine a general location for security purposes and to personalize content. Some features may also request more precise location data, with your permission.

c. Cookies and Tracking Technologies: We use cookies and similar tools to remember your settings, analyze usage, and enhance your experience. If you access our Services without logging in, we may still store some data locally to support these functions.

d. Data from Third Parties: We may receive personal data from:

  • Third-Party Integrations: When you connect other apps or services to Drellia, we collect the necessary information to facilitate those connections securely.
  • Security and Compliance Partners: To help detect fraud, abuse, or other security threats.
  • Marketing and Analytics Providers: These services may share aggregated or interest-based information about potential users of our platform.
  • Publicly Available Sources: In limited cases, we may use publicly available data (e.g., websites, publications) to train or evaluate our systems, in line with applicable laws and ethical guidelines.

3. How We Use Your Data

We use the Personal Data we collect for a variety of purposes to operate, secure, and improve our Services. These include:

  • Providing and Managing the Service: To deliver core functionality, respond to user requests, manage accounts, and support customer service operations.
  • Improving and Evolving Our Services: To develop new features, refine existing tools, analyze usage patterns, and conduct research that supports innovation.
  • Personalizing the User Experience: To tailor content, features, and interactions based on user preferences and behavior.
  • Communicating with You: To send service-related updates, notify you of changes or improvements, and provide information about events or offerings you may be interested in.
  • Processing Payments and Subscriptions: To handle billing, transactions, and subscription management in a secure and efficient manner.
  • Ensuring Security and Preventing Misuse: To protect against fraud, abuse, unauthorized access, and other threats to the integrity of our systems.
  • Legal and Compliance Obligations: To comply with applicable laws, enforce our terms, and safeguard the rights, safety, and property of our users, Drellia, and third parties.
  • AI Training and Service Optimization: With appropriate safeguards in place, we may use user-provided inputs and interaction data to enhance the quality and accuracy of our AI models. You may opt out of this use.
  • Collaboration and Knowledge Sharing (Where Applicable): To support interactive or shared features, such as workspaces or collaborative environments, if offered.

We may also use aggregated or de-identified information—data that can no longer be linked to you—for analytics, service improvements, and research. This information is maintained in a de-identified state and is not re-identified unless required by law.

4. How We Share Personal Data

We may share your Personal Data with third parties in specific situations, always in line with applicable data protection regulations:

Third-Party Partners and Service Providers

We engage trusted external partners to help us operate, support, and enhance our Services. These include, but are not limited to, providers of web hosting, cloud storage, customer support, payment gateways, security monitoring, analytics, AI Service Providers, communication platforms, and other IT services. These entities process Personal Data strictly under our direction and only to the extent necessary to perform the tasks we assign to them. They are contractually obligated to maintain the confidentiality and security of your data.

Organizational and Business Accounts

If you access Drellia through a business or enterprise account, certain information—such as your name, email address, and service usage—may be visible to and managed by the account administrators. Additionally, when you register using an email associated with a company or institution, we may share relevant account details with that organization for account association and administrative purposes.

Affiliated Companies

Your Personal Data may be shared with companies that are owned by, controlled by, or under common control with Drellia OÜ. These affiliates may process your data in accordance with this Privacy Policy and for the same reasons outlined here, such as providing or improving our Services.

User-Directed Sharing and Integrations

Certain features may allow you to share content or data with others or connect with third-party platforms. For instance, you may share AI-generated conversations via link or enable integrations with other tools. Any information you choose to disclose in this way is governed by the terms and privacy practices of those third parties, and we recommend reviewing those policies before proceeding.

Corporate Changes and Business Transfers

In the context of a potential or completed corporate event—such as a merger, acquisition, restructuring, insolvency proceeding, or asset transfer—your Personal Data may be included as part of the business assets shared or transferred to another entity. In such cases, we will ensure your data continues to be protected appropriately.

Compliance, Safety, and Legal Requirements

We may disclose Personal Data where required to comply with legal obligations, governmental requests, or lawful proceedings. We may also share information if we believe it is necessary to:

  • Satisfy applicable legal or regulatory requirements;
  • Safeguard the rights, property, or safety of users, Drellia, or others;
  • Detect, prevent, or address fraud, abuse, or violations of our terms;
  • Enforce our agreements and legal rights.

5. Legal Bases for Processing Personal Data

We process personal data based on one or more of the following legal bases, as required by applicable data protection laws:

  • Contractual Necessity — When processing is required to fulfill our contractual obligations, such as providing the Services, managing accounts, or processing payments.
  • Legitimate Interests — When processing supports our legitimate interests or those of third parties—such as improving service functionality, preventing abuse, or conducting research—provided these interests are not overridden by your rights and freedoms.
  • Legal Obligations — When processing is necessary to comply with applicable legal requirements, including tax, accounting, or regulatory obligations.
  • Consent — When we request your explicit consent for specific processing activities, such as marketing communications, the use of non-essential cookies, or participation in certain AI training. You may withdraw consent at any time.

Purpose-Based Processing Overview:

Purpose of Processing Types of Personal Data Legal Basis
To provide, analyze, and maintain our Services Account Information, User Content, Communication Information, Other Information You Provide, Log Data, Usage Data, Device Information, Location Information, Cookies and Similar Technologies Contractual Necessity
To improve and develop the Services, including research and model training Account Information, User Content, Communication Information, Other Information You Provide, Data from Other Sources, Log Data, Usage Data, Device Information, Cookies and Similar Technologies Legitimate Interests (including broader societal interests)
To communicate with users about Services, updates, and events Account Information, Communication Information, Social Media Information, Other Information You Provide, Log Data, Usage Data, Device Information, Cookies and Similar Technologies Contractual Necessity (e.g. service updates), or Consent (e.g. marketing communications)
To prevent fraud, abuse, or security risks Account Information, User Content, Communication Information, Social Media Information, Other Information You Provide, Data from Other Sources, Log Data, Usage Data, Device Information, Cookies and Similar Technologies Legal Obligation or Legitimate Interests
To comply with legal obligations and protect rights and safety Account Information, User Content, Communication Information, Social Media Information, Other Information You Provide, Data from Other Sources, Log Data, Usage Data, Device Information, Cookies and Similar Technologies Legal Obligation or Legitimate Interests (e.g. fraud detection, service protection)

6. Data Retention

We retain your personal data only for as long as necessary to provide our services or for legitimate business purposes, such as ensuring security, resolving disputes, or fulfilling legal obligations. The retention period may vary based on factors including:

  • The purpose for which the data was processed (e.g., to provide our services);
  • The nature, amount, and sensitivity of the data;
  • The potential risks associated with unauthorized use or disclosure;
  • Any applicable legal requirements.

In some instances, data retention may depend on your settings. For more details, you can review our data controls here.

7. Data Sharing & Transfers

  • We do not sell your personal data.
  • We may share your data with trusted third-party service providers—such as those handling hosting, analytics, and payment processing—to help us operate and improve our services. All such sharing is done in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
  • If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or other legally recognized mechanisms, to protect your information.

8. Your Rights

As a user, you have the following rights in relation to your personal data, subject to applicable laws:

  • Access — Request a copy of the personal data we hold about you, along with information on how it is processed.
  • Rectification — Request correction of inaccurate or incomplete personal data.
  • Erasure — Request deletion of your personal data in certain circumstances, including knowledge inputs stored for AI response improvements.
  • Restriction — Request a limitation on how your personal data is processed.
  • Portability — Request a structured, commonly used, and machine-readable copy of your data, or have it transferred to a third party.
  • Objection — Object to the processing of your personal data when it is based on legitimate interests, or for direct marketing purposes.
  • Withdraw Consent — Where processing is based on your consent, you may withdraw that consent at any time.

If you are unable to exercise your rights through your account settings, you may contact us at contact@drellia.com to submit a request.

For concerns regarding data protection, you may also contact your local data protection authority.

9. Children

The Services are not intended for people under the age of 13, and we do not knowingly collect personal data from anyone in that age group. Users under 18 must have permission from a parent or guardian to use the Services.

If personal data from a child under 13 is discovered, it may be removed. To report a concern, contact contact@drellia.com.

10. Security Measures

Technical, administrative, and organizational measures are in place to help protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures may include encryption, access controls, and periodic security assessments.

Despite these safeguards, no method of data transmission over the Internet or email is completely secure or error-free. Users should consider this when sharing information through the Services. The Service cannot guarantee protection against the circumvention of privacy settings or security features, including on third-party websites linked through the platform.

11. Data Transfers

Drellia stores and processes personal data primarily on servers located within the European Union. This ensures that user data benefits from the protections provided under EU data protection laws.

In cases where users choose to enable AI-powered features, the processing of data may involve applying external AI models (OpenAI, Deepseak, Gemini...), which could be hosted outside the European Economic Area (EEA), Switzerland, or the UK. The specific location of this processing depends on the model selected and the service integration enabled by the user.

When personal data is transferred outside of these jurisdictions, Drellia ensures that appropriate safeguards are in place to comply with applicable data protection regulations. These safeguards may include:

  • Reliance on the European Commission's adequacy decisions under Article 45(1) GDPR for countries deemed to provide an adequate level of protection;
  • Use of Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Data Transfer Addendum where applicable.

Regardless of where processing occurs, personal data is handled in accordance with this Privacy Policy and relevant legal requirements. For more information or to request details about applicable safeguards, contact us at contact@drellia.com.

12. Google User Data

Drellia’s Gmail Add-on uses Google APIs to access specific Gmail data to help users draft high-quality, personalized email replies and retrieve answers from past communications. This access is governed by your explicit authorization and complies with Google’s OAuth policies and Limited Use requirements.

a. Data Accessed from Google Services

With your consent, Drellia may access:

  • Email metadata: Sender, recipient, subject, date/time
  • Email body content: Full content of emails you explicitly grant access to (inbound and outbound)
  • Your Gmail address: Used to associate stored data with your account and support personalized experiences

Drellia only accesses emails that match filters you configure (e.g., specific senders, labels, or date ranges). We do not access your entire inbox unless you explicitly allow it.

b. Purpose of Access

  • To learn your writing style and draft email replies that sound like you
  • To retrieve answers to questions previously addressed in past emails
  • To improve the relevance and tone of suggestions from our AI-powered system
  • To allow you to interactively configure and manage which emails are used for learning and reply generation

c. Data Storage

We store only emails or fragments of emails you’ve explicitly allowed us to access, in accordance with your configured filters. These stored messages are used to:

  • Train and fine-tune your personal writing model
  • Power semantic search to find relevant past conversations

Stored data is encrypted both at rest and in transit. You may delete your stored email data at any time through the account settings or by contacting us.

d. Data Sharing

We do not sell or share your Gmail content or personal information with third parties, except:

  • As required by law
  • With trusted subprocessors bound by strict confidentiality and security agreements
  • With your explicit consent in collaborative or shared environments

e. Limited Use Compliance

Drellia’s use of information obtained from Gmail APIs fully complies with the Google API Services User Data Policy, including the Limited Use restrictions. Your Gmail data is used solely to provide and improve the functionality explicitly requested by you, and is never used for advertising or profiling.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience. You can manage cookie preferences in your browser settings. Some cookies may be required for integrations with third-party services. For more details, see our cookie page.

14. Third-Party Services and Integrations

Drellia may integrate with third-party platforms. When users enable such integrations, data necessary for functionality may be exchanged while ensuring compliance with privacy regulations. We encourage reviewing the privacy policies of third-party services before enabling integrations.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes, and continued use of the Service constitutes acceptance of the updated policy.

16. Contact Information

For questions or concerns about this Privacy Policy, please contact us at contact@drellia.com.

By using Drellia, you acknowledge that you have read and agree to this Privacy Policy.