← Back to home

Privacy Policy

Last updated: April 10, 2026

1. General Provisions

This Privacy Policy explains how Aklima Polska sp. z o.o., with its registered office in Warsaw (ul. Postępu 15, 02-676 Warszawa, KRS: 0000978391, NIP: 9512544995, REGON: 522520422) (hereinafter “Operator”, “we”), which operates the Draft2Live platform (hereinafter “Platform”), collects, processes, stores and protects your personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) and the Polish Act of 10 May 2018 on the Protection of Personal Data.

By using the Platform, you confirm that you have read this Policy. If you do not agree with the terms of data processing, please do not use the Platform.

2. Data Controller

Aklima Polska sp. z o.o.

ul. Postępu 15, 02-676 Warszawa, Polska

KRS: 0000978391 | NIP: 9512544995 | REGON: 522520422

Platform: Draft2Live

Email: info@draft2live.ai

Website: draft2live.ai

3. What Data We Collect

3.1. Data You Provide Directly

  • Registration data: first name, surname, email address, password
  • Payment data: credit/debit card information, billing address (processed via a certified payment provider)
  • Profile data: company name, website, language settings, Brand Voice
  • Uploaded files: Knowledge Base documents, images, text for processing
  • Communication data: messages to customer support, feedback

3.2. Data Collected Automatically

  • Technical data: IP address, browser type and version, operating system, screen resolution
  • Usage data: pages visited, session duration, actions on the Platform, number of generated articles
  • Cookies and similar technologies: see our Cookie Policy for details

4. Purposes and Legal Basis for Processing

We process your personal data on the following legal grounds (Article 6 GDPR):

Performance of a contract (Art. 6(1)(b) GDPR)

  • Creating and managing your Account
  • Providing the Platform's services (content generation, SEO optimisation, publishing)
  • Processing payments and issuing invoices
  • Technical support

Legitimate interests (Art. 6(1)(f) GDPR)

  • Improving and developing the Platform
  • Usage and performance analytics
  • Ensuring security and preventing fraud
  • Sending service notifications regarding Platform operation

Consent (Art. 6(1)(a) GDPR)

  • Marketing communications and SEO tips
  • Analytics and marketing cookies
  • Processing data for personalised recommendations

Legal obligation (Art. 6(1)(c) GDPR)

  • Maintaining accounting and tax records
  • Complying with data protection legal requirements

5. Transfer of Data to Third Parties

To provide the Services, we transfer your data to third-party service providers (data processors). Below are the categories of recipients and specific services.

Infrastructure and Hosting

  • Hetzner Online GmbH (Germany/EU) — server infrastructure and data storage

AI Services

The Platform uses OpenRouter, Inc. (USA) as the sole API gateway for accessing artificial intelligence models. Through OpenRouter, your content may be processed by the following providers:

  • Anthropic (USA) — Claude: text generation, content humanisation
  • OpenAI (USA) — GPT: text generation, translation, embeddings (vector search), image generation
  • Google (USA) — Gemini: text and image generation
  • Meta (USA) — Llama: text generation
  • Mistral AI (France/EU) — text generation
  • Black Forest Labs (FLUX) — image generation

AI Detection and Content Quality

  • GPTZero (USA) — checking text for AI markers
  • ZeroGPT — alternative AI-text detector
  • Winston AI — AI content detection

Media Processing

  • Replicate, Inc. (USA) — image resolution enhancement (upscaling)
  • Kling AI — video generation from text and images

SEO and Content Analysis

  • Serpstat — keyword research, search volume, competitor analysis
  • Jina AI (Germany/EU) — extracting text from web pages for competitor analysis
  • Tavily — web search and data collection for research

Payments

  • Stripe, Inc. (USA) — payment processing, subscriptions, billing management. Card data is processed exclusively by Stripe (PCI DSS Level 1) and is not stored on our servers.

Analytics and Marketing

  • Google Analytics (Google LLC, USA) — analysis of traffic and Platform usage
  • Meta Pixel (Meta Platforms, Inc., USA) — measurement of advertising effectiveness
  • Google Ads (Google LLC, USA) — conversion tracking
  • LinkedIn Insight Tag (LinkedIn Corp., USA) — advertising campaign analytics

These services use cookies. For details, see our Cookie Policy.

Notifications

  • Telegram Bot API (Telegram FZ-LLC, UAE) — service notifications to Platform administrators

Optional Integrations (at the User's discretion)

The following services are activated only if the User connects their own API key. In such case, the User enters into a direct contractual relationship with the relevant provider:

  • DeepL SE (Germany/EU) — automated content translation

Important Notice Regarding Third-Party Services

We transfer to third-party providers only the data necessary to perform a specific function (the principle of data minimisation, Art. 5(1)(c) GDPR). We do not store data on behalf of third-party providers and do not control their data processing practices after the data has been transferred.

Each third-party provider is an independent data controller or processor and operates in accordance with its own privacy policy. In particular, but not limited to:

The Operator shall not be liable for the personal data processing practices of third-party providers following the proper transfer of data in accordance with the terms of the DPA. We recommend reviewing their privacy policies.

Data Processing Agreements (DPAs) in accordance with Art. 28 GDPR have been concluded with all data processors to whom personal data is transferred.

6. International Data Transfers

Some of our providers are located outside the European Economic Area (EEA). In such cases, we ensure an adequate level of data protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions adopted by the European Commission
  • Additional technical and organisational measures in accordance with EDPB recommendations

7. Data Retention Periods

  • Account data: for the duration of your Account and 30 days after its deletion
  • Payment data: in accordance with tax law requirements (typically up to 10 years)
  • Analytics data: up to 26 months
  • Marketing consent: until consent is withdrawn
  • Uploaded files: for the duration of the Account; deleted within 30 days of Account deletion

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — to obtain a copy of your personal data
  • Right to rectification (Art. 16 GDPR) — to correct inaccurate or incomplete data
  • Right to erasure (Art. 17 GDPR) — the “right to be forgotten”
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise any of these rights, please write to info@draft2live.ai. We shall respond within 30 days.

You also have the right to lodge a complaint with a data protection supervisory authority. In Poland, this is the Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl. If you are located in another EU country, you may contact the supervisory authority in your country.

9. Obligation to Provide Data

Providing registration data (name, email) is a necessary condition for concluding the Agreement and using the Platform. Without this data, we shall be unable to create an Account and provide the Services.

Providing payment data is necessary for paying for the Subscription. Providing data for marketing communications is voluntary and does not affect the ability to use the Platform.

10. Data Security

  • Data encryption in transit (TLS/SSL) and at rest
  • Regular backups
  • Access control and authentication
  • Infrastructure security monitoring
  • Regular review and update of security measures

11. Automated Decision-Making

The Platform uses AI to generate content, which is its core service function. We do not use automated decision-making or profiling that has legal effects concerning you (Art. 22 GDPR).

12. Children's Data

The Platform is not intended for individuals under 16 years of age. We do not knowingly collect data from children. If you learn that a child has provided us with personal data, please contact info@draft2live.ai.

13. Amendments to the Policy

We may update this Policy. We shall notify you of material changes by email or through the Platform interface. The date of the last update is indicated at the top of this page.

14. Contact

Aklima Polska sp. z o.o.

ul. Postępu 15, 02-676 Warszawa, Polska

Email: info@draft2live.ai

Website: draft2live.ai