Last updated: February 9, 2026
1. Introduction
Drift ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Name (if provided)
- Profile picture (if using Google sign-in)
Google Data (Gmail & Calendar)
When you connect your Google account, we request specific permissions (OAuth scopes) that are necessary for the Service to function. Here is what we access and why:
- Read email metadata (sender, recipient, subject, date) — Required to categorize and prioritize your emails while you're away
- Read email snippets (first ~200 characters) — Used by our AI to determine email urgency and generate summaries
- Send email on your behalf — Only used to send auto-reply messages when you enable this feature
- Read calendar events — Required to detect existing OOO periods and avoid scheduling conflicts
- Create calendar events — Used to add OOO events to your calendar when you enable this feature
- We do NOT store the full content of your emails
Slack Data
When you connect your Slack workspace, we request specific permissions that are necessary for the Service to function. Here is what we access and why:
- Read and update your profile — Required to set your status to "Out of Office" and enable Do Not Disturb
- Read direct messages — Used to include important DMs in your Return Playbook summary
- Read channel messages — Only used to find messages where you are @mentioned while away
- Send messages — Only used to send auto-reply messages when you enable this feature
- We do NOT store the full content of your Slack messages
- We only read messages to include in your Return Playbook summary
Payment Information
Payment processing is handled by Stripe. We do not store your credit card information. We only receive confirmation of successful payments and subscription status.
3. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Categorize and prioritize your emails and Slack messages during OOO periods
- Generate personalized Return Playbooks
- Send auto-reply messages on your behalf (when enabled)
- Update your Slack status and enable Do Not Disturb during OOO
- Process payments and manage subscriptions
- Send service-related communications
- Improve and optimize the Service
4. AI Processing
We use AI (artificial intelligence) to analyze email and Slack message metadata and content snippets to:
- Categorize emails and messages by urgency and type
- Generate summaries and action items
- Create your Return Playbook
AI processing is performed by a SOC 2 Type II-certified third-party provider. Your data is processed securely over encrypted connections and is not used to train AI models.
5. Data Sharing
We do not sell your personal information. We may share data with:
- Service Providers: Third parties that help us operate the Service (e.g., Stripe for payments, hosting providers)
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets
6. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest
- OAuth tokens encrypted with AES-256-GCM before storage
- Passwords hashed using bcrypt with strong cost factors
- Rate limiting on authentication endpoints to prevent brute-force attacks
- Regular security audits
- Access controls and monitoring
7. Data Retention
We retain your data for as long as your account is active. Upon account deletion:
- Your account information is deleted immediately upon confirmation
- Email metadata, playbooks, and integration tokens are permanently deleted
- Deletion is cascading and includes all associated data (sessions, analytics, team memberships)
- Some data may be retained for legal compliance purposes
8. Your Rights
You have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Export your data
- Disconnect integrations at any time
- Cancel your subscription
9. Cookies
We use essential cookies to maintain your session and remember your preferences. We do not use advertising or tracking cookies.
10. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a notice on the Service.