Privacy Policy

Last Updated: February 5, 2026

1. Information We Collect

1.1 Account Information

When you create an account on DrewIs.org, we collect:

• Authentication Data: Provided by Manus OAuth (email, name, login method)
• Profile Information: Company name, website URL, industry, description
• Verification Documents: Business licenses, domain ownership proof (stored securely)

1.2 Entity Submissions

When you submit a company entity or publication:

• Company Data: Name, description, logo, website, industry, verification credentials
• Publication Data: Title, authors, DOI, abstract, publication date
• Supporting Files: Logos, documents, verification materials

1.3 Usage Data

We automatically collect:

• Technical Data: IP address, browser type, device information
• Analytics: Page views, time on site, navigation patterns
• Audit Logs: Entity creation, updates, admin actions (for security and transparency)

2. How We Use Your Information

2.1 Platform Operations

• Creating and managing your account
• Processing entity submissions and publications
• Verifying business credentials and domain ownership
• Providing customer support
• Sending transactional emails (submission confirmations, approvals)

2.2 Public Display

Important: Entity data you submit is intended for public display and AI model consumption. This includes:

• Company name, description, and logo
• Website URL and industry classification
• Verification credentials (if you choose to display them)
• Publication titles, authors, abstracts, and DOI links

This data is made available through our website and public API to maximize AI discoverability - which is the core purpose of the platform.

2.3 AI Model Training

We actively submit our structured data to AI model training teams (OpenAI, Anthropic, Google, etc.) to ensure your entity is discoverable by AI systems. This is a core feature of the platform.

3. Data Storage and Security

3.1 Infrastructure

• Database: TiDB (MySQL-compatible) hosted by Manus
• Encryption: All data encrypted at rest and in transit (TLS 1.3)
• Backups: Automatic daily backups with 30-day retention
• Access Control: Role-based permissions (Admin, User, Public)

3.2 File Storage

• Logos and Documents: Stored in S3-compatible object storage
• Access: Public URLs for approved entities, private URLs for pending submissions
• Retention: Files retained as long as entity is active

3.3 Security Measures

• HTTPS/SSL encryption for all connections
• Secure session management with HTTP-only cookies
• Regular security audits and vulnerability scanning
• Admin access logging and monitoring
• Two-factor authentication for admin accounts

4. Data Sharing and Disclosure

4.1 Public Data

Approved entity data is publicly accessible through:

• DrewIs.org website pages
• Public REST API endpoints (no authentication required)
• JSON-LD structured data for AI model consumption
• Sitemap and RSS feeds

4.2 Private Data

We do NOT share your private data (email, verification documents, payment information) with third parties except:

• Service Providers: Manus (hosting), Stripe (payments), email service (notifications)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In the event of a merger or acquisition (you will be notified)

4.3 No Selling of Data

We do NOT sell your personal information to third parties. Ever.

5. Your Rights and Controls

5.1 Access and Export

You have the right to:

• Access all your data through your dashboard
• Export your entity data in JSON-LD format
• Request a complete data export (contact us)

5.2 Modification and Deletion

• Update: Edit your entity information anytime through your dashboard
• Delete: Request entity deletion (we'll remove within 30 days)
• Account Closure: Close your account and delete all associated data

5.3 Marketing Communications

• Opt out of marketing emails anytime (unsubscribe link in every email)
• Transactional emails (submissions, approvals) cannot be opted out

6. GDPR and CCPA Compliance

6.1 GDPR Rights (EU Users)

If you're in the European Union, you have additional rights:

• Right to Access: Request a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion ("right to be forgotten")
• Right to Portability: Receive your data in machine-readable format
• Right to Object: Object to processing of your data

6.2 CCPA Rights (California Users)

If you're in California, you have the right to:

• Know what personal information we collect
• Know whether we sell or disclose your information (we don't sell)
• Request deletion of your personal information
• Opt out of the sale of your information (not applicable - we don't sell)
• Non-discrimination for exercising your rights

7. Data Retention

• Active Entities: Data retained as long as entity is active and subscription is current
• Deleted Entities: Removed from public display immediately, permanently deleted after 30 days
• Account Data: Retained for 90 days after account closure, then permanently deleted
• Audit Logs: Retained for 1 year for security and compliance purposes

8. Cookies and Tracking

8.1 Essential Cookies

• Session Cookie: Required for authentication (HTTP-only, secure)
• Preference Cookies: Remember your settings

8.2 Analytics

We use privacy-focused analytics to understand how users interact with the platform. No personal data is shared with analytics providers.

9. Third-Party Services

• Manus: Hosting and authentication (OAuth)
• Stripe: Payment processing (PCI DSS compliant)
• Email Service: Transactional and marketing emails

Each service has its own privacy policy. We carefully vet all third-party services for security and privacy compliance.

10. Children's Privacy

DrewIs.org is not intended for users under 18 years of age. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. When we do:

• We'll update the "Last Updated" date at the top
• We'll notify you via email if changes are significant
• We'll maintain a changelog of policy updates

12. Contact Us

If you have questions about this privacy policy or want to exercise your rights: