Draftworks

Privacy

Operational summary — what is retained, what is not, and who processes it.

This page is the operational summary for engineers. The full, legally binding policy is at /legal/privacy.

What is never retained

  • Prompt content. Request bodies are hashed and discarded after the upstream call completes.
  • Completion content. Response bodies are hashed, signed into the receipt, and discarded.
  • Training. Nothing you send is used to train models — not by Draftworks, and, under the Azure OpenAI data-processing terms, not by Microsoft or OpenAI.

What is retained

DataPurposeRetention
SHA-256 hashes of request and response bodiesSigned receiptsIndefinite
Token counts (input, cached input, output)Billing, receipts, usage dashboardsIndefinite
Request metadata (timestamp, endpoint, model id, key id, latency, status)Billing, debugging, abuse preventionIndefinite
Account data (email, hashed API keys, credit ledger)Operating your accountLife of account

A hash commits to content without revealing it: given only prompt_sha256, the prompt cannot be reconstructed. Given the prompt, anyone can confirm the hash matches. That asymmetry is what makes receipts possible without content retention.

store defaults to false

On the Responses API, OpenAI and Azure default store to true, persisting request and response content server-side for 30 days. Draftworks defaults it to false. Server-side conversation state (previous_response_id) therefore requires an explicit "store": true per request — an opt-in, never a surprise.

Subprocessors

SubprocessorRoleSees prompt content
Microsoft AzureModel inferenceYes, transiently, to run the model — under Azure OpenAI data-processing terms; not retained, not used for training
VercelAPI gateway and hostingTransit only (TLS-terminated request handling)
ConvexDatabase — metadata, hashes, credit ledgerNo
StripePaymentsNo

The authoritative subprocessor list, notification procedure for changes, and data-processing terms are in the full policy: /legal/privacy.

On this page