Legal
Privacy Policy
Last updated: March 27, 2026
This Privacy Policy explains how DREXIFY AI collects, uses, and protects your personal information. We are committed to being transparent and keeping your data safe. We never sell your personal information.
01 — Who We Are
DREXIFY AI is an AI automation services company located in the Inland Empire, CA. We provide done-for-you AI agent stacks that automate business operations for small and medium-sized businesses.
When we say "DREXIFY AI," "we," "us," or "our" in this policy, we mean the DREXIFY AI business. When we say "you," we mean any person or business that visits our website, contacts us, or uses our services.
02 — What We Collect
We collect information in two ways: information you give us directly, and limited information collected automatically when you use our website.
Information you provide directly:
- Contact information: Name, email address, phone number, and business name when you fill out a contact form, book a call, or purchase our services.
- Payment information: Billing details processed by Stripe. We never see or store your full card number — Stripe handles all payment data under PCI-DSS compliance.
- Business credentials: When you become a client, you share login credentials for third-party platforms (email, CRM, calendar) so we can configure your automation stack. These are stored encrypted and used solely to operate your Stack.
- Business data: Lead lists, client contact information, brand guidelines, and other business assets you share with us to configure your Stack.
- Communications: Email correspondence and support messages you send us.
Information collected automatically:
- Usage data: Pages visited, time spent, and basic interaction data on our website, collected via standard server logs.
- Device and browser information: IP address, browser type, and operating system — standard data included in any web request.
03 — How We Use Your Information
We use your information only for legitimate business purposes:
- To provide the Services: Configuring and operating your AI automation stack, communicating about your account, and delivering the deliverables described in your service agreement.
- To process payments: Billing you for services via Stripe.
- To communicate with you: Responding to inquiries, sending account-related notifications, and providing service updates.
- To improve our Services: Understanding how clients use our systems to make them better. We use aggregated, non-identifiable data only — never individual client data — for this purpose.
- To comply with law: Responding to legal obligations, court orders, or government requests where required.
We do not use your information for behavioral advertising, data brokering, or any purpose not listed above.
04 — Third-Party Services
Operating your Stack requires your data to flow through trusted third-party platforms. We only work with reputable providers with strong security standards. Here is who we use and why:
| Provider |
Purpose |
Data Shared |
| Anthropic (Claude) |
AI processing — generates email drafts, content, and automation logic |
Business context, prompts, and workflow data. Anthropic's API does not use submitted data for model training by default. |
| Stripe |
Payment processing |
Billing details. Stripe is PCI-DSS Level 1 certified. We never see your card number. |
| SendGrid |
Email delivery for automated outreach |
Email content and recipient addresses from your lead/client lists. |
| Supabase |
Secure data storage for automation state and credentials |
Encrypted credentials and workflow data. Hosted on AWS infrastructure. |
| Google (Calendar, Gmail) |
Appointment booking and email integration if you use Google Workspace |
Calendar availability and email access limited to the scope you authorize via OAuth. |
| Calendly |
Appointment scheduling (our own booking system) |
Your name and email when you book a call with us. |
| DigitalOcean |
Cloud hosting for our API and automation infrastructure |
All service data passes through our DigitalOcean servers, which are secured and located in the United States. |
We do not sell your data to any of these providers or any other third party. Each provider is contractually obligated to protect your data under their own privacy policies and applicable law.
05 — Data Security
We take the security of your data seriously and implement industry-standard safeguards:
- Encryption in transit: All data transmitted to and from our servers is encrypted via HTTPS/TLS.
- Encrypted credential storage: Any third-party credentials you share with us are stored encrypted and never transmitted in plaintext.
- Access controls: Only authorized DREXIFY AI personnel have access to client data, and only as needed to operate your Stack.
- Server hardening: Our infrastructure uses firewalls, intrusion detection, and regular security reviews.
- Minimal data principle: We only collect what is necessary to deliver the Services.
No method of electronic storage or transmission is 100% secure. While we do our best to protect your information, we cannot guarantee absolute security. If you have reason to believe your data has been compromised, contact us immediately at team@drexify.tech.
06 — Data Retention
We retain your data only as long as necessary to provide the Services or comply with legal obligations:
- Active clients: Data is retained for the duration of your subscription plus 90 days after cancellation, to allow for account reactivation or dispute resolution.
- After cancellation: Business credentials and configuration data are securely deleted within 30 days. Billing records are retained for 7 years as required by tax law.
- Inquiries: Contact form and email inquiries are retained for up to 2 years unless you request deletion.
- Deletion requests: Upon a verified request, we will delete your personal data within 45 days except where retention is required by law.
07 — California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
- Right to Know: You may request a report of the personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of personal information we hold about you. We will comply unless we are required to retain it by law.
- Right to Correct: You may request that we correct inaccurate personal information we hold about you.
- Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. This right does not apply, but we acknowledge it here for transparency.
- Right to Limit Sensitive Information Use: We do not process sensitive personal information beyond what is necessary to provide the Services.
- Right to Non-Discrimination: Exercising any of your CCPA rights will not result in discrimination in the price or quality of our Services.
How to submit a request: Email us at team@drexify.tech with the subject line "CCPA Rights Request" and specify which right you are exercising. We may ask you to verify your identity before processing the request. We will respond within 45 days as required by law.
Categories of personal information collected in the past 12 months:
- Identifiers: name, email, phone number, IP address
- Commercial information: services purchased, billing history
- Professional or employment-related information: business name, role, business data shared to configure your Stack
- Internet or other electronic network activity: website usage data
08 — Your Rights & Choices
Regardless of where you live, you have the right to:
- Access your data: Request a copy of the personal information we hold about you.
- Correct your data: Ask us to update inaccurate information.
- Delete your data: Ask us to erase your personal information (subject to legal retention requirements).
- Withdraw consent: If you previously gave consent for a specific use of your data, you may withdraw it at any time by contacting us.
- Opt out of marketing: Unsubscribe from any marketing communications using the unsubscribe link in any email we send, or by contacting us directly.
To exercise any of these rights, email team@drexify.tech. We will respond within 30 days.
09 — Cookies & Tracking
Our website uses minimal cookies. We do not use advertising trackers, third-party analytics platforms, or behavioral tracking scripts.
- Functional cookies: Small files that enable basic site functionality (e.g., remembering form state). These are session-based and do not track you across sites.
- No third-party ad trackers: We do not embed Facebook Pixel, Google Ads, or similar advertising tracking technologies.
You can disable cookies in your browser settings. Doing so will not materially affect your ability to use our website.
10 — Children's Privacy
Our Services are intended for businesses and are not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us at team@drexify.tech and we will delete it promptly.
11 — Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify active clients by email.
Continued use of our Services after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, reach out:
- Email: team@drexify.tech
- Location: DREXIFY AI, Inland Empire, CA, United States
- Response time: We aim to respond to all privacy inquiries within 5 business days.
This Privacy Policy is governed by the laws of the State of California. If you are located outside the United States, please be aware that information you provide will be transferred to and processed in the United States.