Version

1.2

Legal

/

Privacy Policy

Privacy Policy

Last Updated: December 11, 2025

Drott Labs LLC (“Drott,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our website, platform, applications, and related services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy.

1. Scope

This Privacy Policy applies to personal information we collect when you:

  • visit our website

  • request information from us

  • create or use an account

  • access the Services as an individual

  • access the Services through an organization, fund, pilot, or enterprise customer

  • communicate with us for onboarding, support, billing, or other business purposes

In some cases, our customers use Drott to manage information on behalf of their own users, employees, or clients. When we process that information solely on behalf of a customer, we act as a service provider or processor to that customer, and that customer’s privacy practices may apply instead.

This Privacy Policy does not apply to anonymized or deidentified information that cannot reasonably identify you.

2. Information We Collect

We collect personal information directly from you, automatically through your use of the Services, and from certain third parties.

Information you provide to us

We may collect:

  • name

  • email address

  • phone number

  • company name

  • job title

  • username and password

  • billing address

  • payment and transaction details

  • onboarding information

  • support requests

  • communications you send to us

  • files, prompts, documents, notes, images, and other content you upload or submit through the Services

Information collected automatically

We may automatically collect:

  • IP address

  • browser type and version

  • device type and operating system

  • referring pages and URLs

  • pages viewed and links clicked

  • timestamps and session activity

  • approximate location derived from IP address

  • logs, diagnostics, usage, and performance data

Information from third parties

We may receive information from:

  • payment processors

  • authentication or single sign-on providers

  • analytics providers

  • enterprise customers or workspace administrators

  • service providers that help us operate the Services

  • publicly available or referral sources

3. How We Use Information

We use personal information to:

  • provide, operate, maintain, and improve the Services

  • create and manage accounts and workspaces

  • authenticate users and manage access

  • onboard customers and configure the platform

  • process subscriptions, invoices, renewals, and related transactions

  • provide support and troubleshoot issues

  • respond to inquiries and communicate with you

  • monitor usage, performance, and reliability

  • protect the Services and prevent fraud, abuse, and unauthorized access

  • enforce our Terms of Service and other legal rights

  • comply with legal obligations

  • conduct internal analytics, testing, and product improvement

  • send service-related notices and updates

  • send marketing communications where permitted by law and consistent with your preferences

  • support corporate transactions such as financings, mergers, acquisitions, restructurings, or asset sales

4. Customer Content and Platform Processing

Drott allows customers to upload, organize, store, analyze, retrieve, and generate outputs from information submitted to the platform.

To provide the Services, we may process customer content to:

  • host and store content

  • organize and display content within the platform

  • create indexes, embeddings, retrieval layers, search structures, and related internal artifacts needed for functionality

  • generate summaries, analyses, workflows, and other outputs requested by users

  • administer accounts, permissions, and workspace features

  • support security, maintenance, troubleshooting, and service improvements

  • comply with law and enforce our Terms

We treat customer content as private.

We do not use customer content to train public or shared foundation models for the benefit of unrelated customers.

Access to customer content by Drott personnel is limited to authorized personnel with a legitimate need to know, such as for support, security, legal compliance, or service operations.

5. Cookies and Similar Technologies

We and our service providers may use cookies and similar technologies to:

  • keep you signed in

  • remember preferences

  • secure the website and platform

  • understand usage and traffic patterns

  • improve functionality and performance

  • measure the effectiveness of site communications and campaigns, where permitted

You can usually control cookies through your browser settings. Disabling cookies may affect certain features or functionality.

If required by applicable law, we will request consent before using non-essential cookies or similar technologies.

6. How We Share Information

We may share personal information with:

Service providers

We may share information with vendors and service providers that help us operate the Services, including providers of hosting, storage, analytics, billing, communications, authentication, security, customer support, and AI-related infrastructure.

Enterprise or organizational administrators

If you use Drott through an organization or managed workspace, authorized administrators for that organization may access information associated with your account or use of the Services, subject to applicable agreements and settings.

Legal and compliance recipients

We may disclose information if required by law or if we reasonably believe disclosure is necessary to:

  • comply with legal obligations or lawful requests

  • protect our rights, property, or safety

  • protect users or others

  • investigate fraud, security incidents, or violations of our Terms

Business transfers

We may disclose information in connection with an actual or proposed financing, merger, acquisition, reorganization, asset sale, bankruptcy, or similar transaction.

With your direction or consent

We may share information where you direct us to do so or otherwise consent.

We may also use or share aggregated, anonymized, or deidentified information that does not reasonably identify you.

We do not sell customer content to third parties, and we do not share customer content with third parties for their own marketing purposes.

7. Marketing Communications

We may send you marketing or promotional emails where permitted by law. You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us.

Even if you opt out of marketing messages, we may still send you service-related communications such as account notices, billing notices, support messages, security alerts, and legal updates.

8. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

  • provide the Services

  • maintain accounts and workspaces

  • comply with legal, tax, accounting, and regulatory obligations

  • resolve disputes

  • enforce agreements

  • maintain security and business continuity

If your account closes or your relationship with us ends, we may retain certain information for a limited period for legitimate business purposes, backup continuity, fraud prevention, legal compliance, dispute resolution, and enforcement of our rights.

Customer content may remain available for a limited retrieval period after termination or expiration, as described in our Terms of Service or applicable agreement, after which it may be deleted, anonymized, or retained in backup systems for a limited period consistent with our retention practices.

9. Security

We use commercially reasonable technical, administrative, and organizational safeguards designed to protect personal information and customer content against unauthorized access, loss, misuse, alteration, or disclosure.

No system is completely secure, and we cannot guarantee absolute security.

10. International Transfers

We may store and process personal information in the United States and other jurisdictions where we or our service providers operate.

If you access the Services from outside the United States, your information may be transferred to, stored in, or processed in countries that may not provide the same level of legal protection as your home jurisdiction.

Where required by law, we will implement appropriate safeguards for such transfers.

11. Your Rights and Choices

Depending on your location, you may have rights regarding your personal information, including the right to:

  • access personal information we hold about you

  • request correction of inaccurate information

  • request deletion of personal information

  • request restriction of certain processing

  • object to certain processing

  • withdraw consent where processing is based on consent

  • request portability of certain information

  • lodge a complaint with a regulator or supervisory authority

You may also be able to update certain account information through your account settings, where available.

To exercise privacy rights, contact us using the details below. We may need to verify your identity before processing your request.

If we process your information on behalf of one of our customers, we may direct your request to that customer where appropriate.

12. California and Nevada Disclosures

If you are a California resident, you may have rights under California law regarding access to, correction of, deletion of, or additional information about the personal information we collect, use, and disclose, subject to exceptions.

If you are a Nevada resident, you may have rights under Nevada law to request to opt out of certain future sales of covered information.

We do not sell customer content, and we do not share customer content for cross-context behavioral advertising.

13. EEA, UK, and Switzerland Disclosures

If you are located in the European Economic Area, United Kingdom, or Switzerland, the following additional disclosures apply.

Controller

Drott Labs LLC is the controller of your personal information where we process it as described in this Privacy Policy.

Legal bases

Where required by law, we process personal information on one or more of the following legal bases:

  • performance of a contract

  • legitimate interests, such as operating, securing, improving, and administering the Services

  • compliance with legal obligations

  • consent, where required

  • establishment, exercise, or defense of legal claims

International transfers

Where required, we use appropriate safeguards for transfers of personal information outside the EEA, UK, or Switzerland.

Your rights

You may have rights to access, correct, erase, restrict, object to, or port your personal information, and to withdraw consent where processing is based on consent. You may also lodge a complaint with your local data protection authority.

14. Third-Party Links and Services

The Services may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of those third parties. Your use of third-party services is governed by their own terms and privacy policies.

15. Children’s Privacy

The Services are not intended for anyone under 18, and we do not knowingly collect personal information from anyone under 18 in connection with the Services.

If you believe we have collected personal information from someone under 18 in violation of applicable law, please contact us.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by email, through the Services, or by other appropriate means. The “Last Updated” date above indicates when this Privacy Policy was last revised.

Your continued use of the Services after an updated Privacy Policy becomes effective constitutes acceptance of the revised Privacy Policy to the extent permitted by law.

17. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:

Drott Labs LLC
17 State Street, 40th Floor
New York, NY 10004
privacy@drott.ai

Simple launch add-ons to include on the site

Use these alongside the Privacy Policy for a clean launch setup:

Footer links

  • Terms of Service

  • Privacy Policy

  • Contact

Cookie banner text
We use cookies and similar technologies to operate, secure, and improve our site and services. By continuing to use the site, you agree to our use of cookies as described in our Privacy Policy.

Privacy contact line
For privacy questions or requests, contact privacy@drott.ai.