🛡️ ISO Certified Security

DraftBox Privacy Policy

Built on ISO 27001:2013 & ISO 9001:2015 certified infrastructure. Your data protection is our highest priority.

Effective Date: October 27, 2025

1. Introduction

DraftBox ("we," "our," or "us") is a secure, AI-powered email drafting platform developed and operated by Sapphire InfoSolutions Pvt. Ltd. ("Sapphire").

Sapphire is an ISO 27001:2013 and ISO 9001:2015 certified organization headquartered in the UK and India.

DraftBox enables organizations to manage and reply to emails efficiently using AI-generated drafts — always under full human control.

This Privacy Policy explains how DraftBox collects, uses, stores, and protects information in accordance with the EU General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other applicable data protection laws.

2. Data Controller and Data Processor Roles

For all data processed through DraftBox:

🏢

Sapphire InfoSolutions Pvt. Ltd.

Acts as the Data Processor on behalf of subscribing organizations.

👥

Subscribing Organization

Acts as the Data Controller, determining how mailbox data is used.

3. Information We Collect

👤

Account & Organization Data

Name, business email, role (Owner, Manager, Viewer), organization name and subscription information, authentication timestamps and session logs.

Purpose: Manage access, permissions, and secure authentication
📧

Mailbox Connection Data

Microsoft 365 OAuth 2.0 credentials (read + draft only), encrypted access & refresh tokens, connection activity and token refresh logs.

Purpose: Securely connect mailboxes; never access or send emails automatically
🤖

Email & AI Draft Data

Message metadata (subject, sender, recipients, timestamps), relevant message content for AI context, AI-generated draft text (HTML + plain text), optional user-uploaded context files.

All drafts remain under user control. DraftBox never sends messages automatically and purges transient data after processing.
📊

Technical & Performance Data

System logs (queue status, API calls, error traces), device, browser, and IP information, aggregated usage analytics (volume, latency, AI performance).

Purpose: Maintain platform reliability and SLA compliance

4. How We Use Data

🔐

Authentication & Management

Authenticate users and manage organizations

✍️

AI Draft Generation

Generate and store AI-powered draft replies

🔄

Outlook Synchronization

Synchronize drafts with Outlook Drafts folder

📈

Performance Monitoring

Monitor queue and system performance

🤖

AI Improvement

Improve AI accuracy and product experience

🛠️

Support & Compliance

Provide technical support and maintain compliance

We do not sell, rent, or share personal data with third parties for marketing.

5. Data Storage & Security

DraftBox is hosted on Amazon Web Services (AWS) cloud infrastructure managed by Sapphire. Sapphire's internal Security & Privacy Policy governs all operational practices, including:

🔒

Encryption

All sensitive data (tokens, messages, drafts) encrypted at rest and in transit (TLS 1.2+)

👥

Access Control

Role-based permissions per organization

🔄

Authentication

Passwords and tokens are rotated periodically and revocable instantly

📝

Audit Trails

All critical actions (login, draft generation, approval) are logged

🏢

Physical & Network Security

Multi-layer firewalls, VPN access control, and 24/7 CCTV surveillance (as detailed in Sapphire's ISO policy)

👁️

Monitoring

Continuous incident detection, vulnerability scans, and threat alerts

7. Data Sharing & Third-Party Processors

DraftBox shares limited data with secure, GDPR-compliant partners:

Purpose Processor Region
Cloud Infrastructure Amazon Web Services (AWS) EU / India / UK
Email Integration Microsoft Graph API EU / Global
AI Draft Generation OpenAI LLC (or equivalent regional provider) US / EU
Monitoring & Logs Internal Sapphire Ops Team India / UK

All processors are bound by strict Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) for international transfers.

9. Your Rights

👁️

Access & Correction

Access, correct, or delete your data

🚫

Withdraw Consent

Withdraw consent or disconnect a mailbox

📤

Data Portability

Request data export or portability

⚖️

Object to Processing

Object to processing or restrict specific activities

Contact us to exercise these rights:

support@sapphireinfo.net

Verified requests receive a response within 30 days

14. Summary of Key Commitments

🚫

No Auto-Send Ever

DraftBox never auto-sends emails. All drafts require human review and approval.

🔐

ISO Certified Security

Tokens and message data are encrypted and revocable. Sapphire's ISO-certified infrastructure ensures end-to-end protection.

🎯

Full User Control

Data stays under user and organization control at all times.

🤖

AI Privacy Protection

AI interactions are anonymized and not used for model training.

💰

No Data Selling

No personal data is sold or used for advertising.

Questions about our Privacy Policy?

Contact our data protection team for any inquiries.

📧 Email Support
🏢 Sapphire InfoSolutions Pvt. Ltd. – DraftBox Division
4 Whiteleys Parade, Uxbridge Road, Hillingdon, UK UB10 0PD