At Draftable, we understand that trust is earned.

That's why we take the utmost care in providing you with the safest, most secure experience possible.

Our security information is published below. If you have any additional security requirements or concerns, please get in touch.

Product TermsWebsite TermsPrivacy PolicyCompliance

Draftable Desktop

Your documents don't leave your computer

Documents you compare are not shared with us. All operations on documents take place locally, so it's okay to use Draftable Desktop on confidential documents.

Your documents are safe

Draftable never modifies your documents.

Information that is shared with Draftable

  • Your name and email address, which are needed to start a trial.
  • Draftable Desktop communicates with our servers to check for updates and to ensure that your license key is valid.
  • Should an error occur whilst using Draftable Desktop, our program will submit an error report to us by default. These error reports assist us in improving your Draftable experience, but may contain sensitive information such as file names. You can disable error reporting.

Systems Administrator

We provide additional configuration options for deploying Draftable in a network environment.

Draftable Online

  • Documents you compare are protected by a secret URL. Please note that anyone you share this URL with will be able to view your comparison.
  • Comparisons will be automatically deleted from Draftable Online if they are not accessed for a period of time.

Draftable API

We have designed Draftable API to have the strongest security possible.

Encryption

  • All data ingress and egress to Draftable’s cloud services is encrypted via TLS over the HTTPS protocol.
  • Our website and API do not support or provide access via any unencrypted endpoints.
  • Our TLS security policy conforms to modern cryptographic best practices which are continually reviewed and updated.
  • All data at rest is encrypted using AES-256.

Data sovereignty and infrastructure

  • All comparisons are performed and all data is stored in the United States.

The comparison lifecycle

  • The Draftable API provides customers full control over the lifecycle of their submitted document comparisons.
  • Comparisons are private by default. Optionally, a comparison can be set to be public, allowing access to the viewer URL without authentication.
  • Lifecycle options can be set per comparison and therefore Draftable API is suitable for using in multi-tenant environments.
  • When a comparison is deleted, the comparison and all associated files are immediately removed from our servers, including any backups. This also means all access to the comparison will be lost. (Comparison metadata, which may include file names but not file content, may remain in Draftable’s database or backups of Draftable’s database for some time.)

End-user security

  • Many of our customers use the Comparison API to enable their own users to perform comparisons. These users are Draftable's "end users". If a customer runs a SAAS that provides access to documents and uses the Comparison API to enable the end users to perform comparisons of those documents, then it is important that if an end user’s permission to access the document is revoked, then the end user should also not be able to access a comparison of that document.
  • Draftable’s Comparison API makes this straightforward. All API endpoints intended for end-user consumption, in particular the comparison viewer, required signing by default. The client APIs make signing easy and enable you to grant access to load a comparison for a specific period. This is implemented using SHA-256 HMAC, an industry standard method of signing a request.

Draftable Employee Access

  • Only senior Draftable employees with an explicit need are granted access to the production infrastructure. Access credentials are tied to individual employees, regularly rotated, and decommissioned when access is no longer required or the employee is no longer with the company. All access to production infrastructure is audited.
  • Draftable never accesses any documents submitted via the Comparison API unless explicitly requested by the customer (typically for the purposes of providing support). By extension, we do not use documents submitted via the Comparison API for any internal testing or product improvements purposes.
  • We do use the data supplied by you for generating aggregate statistics (e.g. total number of documents submitted).

Jurisdiction and Law Enforcement

Draftable Pty Ltd is incorporated in Australia and so is subject to Australian law and the jurisdiction of Australian courts. By default, data is stored in the United States and not accessed from Australia without explicit permission.

Draftable API Self-hosted

Draftable API Self-hosted provides the same functionality as Draftable API but everything runs on your network.

What information is shared with Draftable:

Draftable Desktop communicates with our servers to check for updates and for licensing purposes only. No information about your documents is shared except two aggregate statistics, namely

  • the total number of comparisons performed, and
  • the total number of pages compared.