Back to Home

Security at Draftwisely

Your data security is our top priority. We understand that your invoices, proposals, and client data are the backbone of your business. Here's how we protect it.

Data Encryption

In Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (the latest industry standard). This means no one can intercept your data while it's being sent.

At Rest

Your data is encrypted when stored on our servers using AES-256 encryption—the same standard used by banks and governments.

Infrastructure Security

Secure Hosting

We host Draftwisely on industry-leading cloud infrastructure with:

  • 99.9% uptime SLA
  • Automatic failover and redundancy
  • DDoS protection
  • 24/7 security monitoring

Regular Backups

We automatically back up your data:

  • Every 6 hours for active accounts
  • Stored in multiple geographic locations
  • Encrypted backups to prevent unauthorized access

Access Controls

Who Can Access Your Data?

  • You– Full access to your account and data
  • Our engineers– Limited access only when necessary (e.g., troubleshooting with your permission)
  • Nobody else– We never sell or share your data with third parties

Internal Security Practices

  • Least-privilege access – Team members only access what they need
  • Two-factor authentication (2FA) – Required for all team accounts
  • Background checks – All team members undergo security screening
  • Security training – Regular training on data protection and privacy

Payment Security

PCI Compliance

We use Stripe to process all payments. Stripe is a PCI Level 1 Service Provider—the highest level of payment security certification.

We never store your credit card numbers. All payment data is handled directly by Stripe's secure infrastructure.

Authentication & Passwords

Password Security

  • • All passwords are hashed using bcrypt with strong salting
  • • We never store plain-text passwords
  • • We encourage strong passwords and offer password strength indicators

Two-Factor Authentication

We support 2FA for all accounts. We strongly recommend enabling it for extra protection.

Vulnerability Management

Regular Security Audits

  • • Quarterly security reviews of our codebase
  • • Penetration testing by third-party security experts
  • • Automated vulnerability scanning on all production systems

Responsible Disclosure

If you discover a security vulnerability, please report it to draftwisely@gmail.com. We take all reports seriously and will respond within 24 hours.

We're committed to:

  • • Acknowledging your report within 24 hours
  • • Investigating and addressing valid vulnerabilities promptly
  • • Keeping you informed throughout the process

Privacy & GDPR Compliance

We're fully committed to GDPR compliance and data protection best practices:

Data minimization

We only collect what we need

User rights

You can access, export, or delete your data anytime

Transparent policies

See our Privacy Policy for full details

Data processing agreements

Available for enterprise customers

Incident Response

In the unlikely event of a security incident:

1

Immediate containment

We isolate affected systems

2

Investigation

We determine the scope and impact

3

Notification

We notify affected users within 72 hours (as required by GDPR)

4

Remediation

We fix the vulnerability and prevent recurrence

5

Transparency

We publish a post-mortem for major incidents

Your Responsibility

While we protect your data on our end, you can help keep your account secure:

  • Use a strong, unique password
  • Enable two-factor authentication
  • Don't share your login credentials
  • Log out from shared computers
  • Report suspicious activity immediately

Questions About Security?

We're happy to answer any security questions or concerns.

Email us: draftwisely@gmail.com
Response time: Within 24 hours

Start Free 14-Day Trial