DRAGOPS

Privacy Policy

How DRAGOPS collects, uses, and protects your data.

This Privacy Policy describes how DRAGOPS (“Company,” “we,” or “us”) collects, uses, discloses, and protects your personal information when you use the DRAGOPS visual automation platform, our website at dragops.dev, and all related services (collectively, the “Service”).

By accessing or using the Service, you agree to the practices described in this policy. If you do not agree, do not use the Service.

1. Information We Collect

We collect information in the following categories:

Information you provide directly:

  • Account information. Name and email address when you create an account.
  • Billing information. Payment method details and billing address when you subscribe to a paid plan. Payment processing is handled by our third-party payment processor; we do not store full payment card numbers.
  • Content and configurations. Patterns, integrations, and other data you create or upload through the Service (“Your Content”).
  • Communications. Information you provide when you contact support, respond to surveys, or communicate with us.

Information collected automatically:

  • Usage data. Features and functionality used, actions taken, timestamps, and frequency of use.
  • Device and connection data. IP address, browser type and version, operating system, device type, and screen resolution.
  • Log data. Server logs including access times, pages viewed, referring URLs, and error logs.
  • Cookies and similar technologies. See Section 8 below.

Information from third parties:

  • Authentication providers. If you sign in using a third-party service, we receive your name, email, and profile information as permitted by that provider.
  • Analytics providers. We may receive aggregated or pseudonymized analytics data from third-party tools we use to understand how the Service is used.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service. Operating, maintaining, and delivering the features of the Service, including executing patterns, managing integrations, and processing your requests.
  • Account management. Creating and managing your account, authenticating your identity, and processing payments.
  • Communication. Sending transactional notifications (account activity, billing, security alerts), responding to your inquiries, and providing support.
  • Improvement and analytics. Analyzing usage patterns to improve the Service, fix issues, develop new features, and monitor performance and reliability.
  • Security. Detecting, investigating, and preventing fraud, abuse, security incidents, and violations of our Terms of Service.
  • Legal compliance. Complying with applicable laws, regulations, legal processes, and government requests.
  • Marketing. With your consent, sending product updates, newsletters, and promotional materials. You may opt out at any time.

We do not use Your Content for any purpose other than providing and maintaining the Service.

3. Data Processing Roles

DRAGOPS is the data controller for personal information we collect directly, such as account information, billing details, and usage data.

When you build and run automations through the Service, data may pass through our infrastructure as directed by your configurations. DRAGOPS does not request, determine, or control the content of that data. You are the data controller for any personal data processed through your automations and are solely responsible for ensuring that your use complies with applicable data protection laws, including obtaining any necessary consents from data subjects. DRAGOPS processes such data solely to execute your automations as configured and does not access, analyze, or retain it beyond what is necessary to do so. If your automations involve sensitive or special categories of personal data, you are responsible for ensuring appropriate safeguards are in place, such as encryption or tokenization.

If you require a Data Processing Agreement (DPA), contact us at [email protected].

4. Legal Basis for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Performance of a contract. Processing necessary to provide the Service under our Terms of Service (account data, billing, service delivery).
  • Legitimate interests. Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and preventing fraud, where those interests are not overridden by your rights.
  • Consent. Processing based on your consent, such as marketing communications. You may withdraw consent at any time.
  • Legal obligation. Processing necessary to comply with applicable laws.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

  • Service providers (sub-processors). We share information with third-party providers who perform services on our behalf in the following categories: cloud infrastructure and hosting, content delivery and security, payment processing, and authentication. These providers are contractually obligated to use your information only for the purposes we specify and to protect it in accordance with this policy. A current list of sub-processors is available on request at [email protected].
  • Third-party integrations. When you configure integrations with third-party services through the Service, data necessary for those integrations is transmitted to the third-party services you select. Your use of third-party services is governed by their own privacy policies.
  • Legal requirements. We may disclose your information if required by law, regulation, legal process, or enforceable government request.
  • Business transfers. In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change.
  • With your consent. We may share information for any other purpose with your explicit consent.
  • Aggregated and de-identified data. We may share aggregated or de-identified information that cannot reasonably be used to identify you, without restriction.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention practices:

  • Account data. Retained for the duration of your account. Upon account deletion, personal data is deleted or anonymized within thirty (30) days, except as required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).
  • Your Content. Available for export for thirty (30) days after account closure, then permanently deleted.
  • Billing records. Retained as required by tax and financial regulations, typically for seven (7) years.
  • Usage and log data. Retained in identifiable form for up to twelve (12) months, then aggregated or deleted.

7. Data Security

We implement industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security assessments.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the security of your account credentials.

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities in accordance with applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

  • Essential cookies. Required for the Service to function (authentication, session management, security). These cannot be disabled.
  • Analytics cookies. Help us understand how the Service is used so we can improve it. These collect aggregated, anonymized data.
  • Preference cookies. Remember your settings and preferences (such as theme or language).

We do not use third-party advertising cookies or sell data to advertisers.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

9. International Data Transfers

The Service is hosted and operated in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data is protected in accordance with applicable data protection laws.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

All users:

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Request correction of inaccurate or incomplete personal data.
  • Deletion. Request deletion of your personal data, subject to legal retention requirements.
  • Data export. Export Your Content through the Service at any time during your subscription.
  • Marketing opt-out. Unsubscribe from marketing communications at any time using the link in any marketing email or by contacting us.

EEA, UK, and Switzerland residents (GDPR):

In addition to the rights above, you have the right to:

  • Restriction. Request restriction of processing of your personal data in certain circumstances.
  • Portability. Receive your personal data in a structured, commonly used, machine-readable format.
  • Objection. Object to processing based on legitimate interests.
  • Withdraw consent. Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Lodge a complaint. File a complaint with your local supervisory authority.

We will respond to rights requests within thirty (30) days. We may request verification of your identity before fulfilling a request.

California residents (CCPA/CPRA):

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to know. Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete. Request deletion of personal information we have collected from you.
  • Right to opt out of sale or sharing. We do not sell your personal information or share it for cross-context behavioral advertising.
  • Right to non-discrimination. We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within forty-five (45) days.

Nevada residents: We do not sell your personal information. If you wish to submit an opt-out request, contact us at [email protected].

11. Children’s Privacy

The Service is not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at [email protected].

12. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least thirty (30) days before the changes take effect. The date of the most recent revision will be indicated at the top of this page.

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to file a complaint, contact us at: [email protected]

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.