Draft — not legal advice. This document is a placeholder while we finalize our production legal documents with counsel. Use of Drite during early access is governed by the most recent version of this draft.

Legal

Privacy Policy

Last updated: April 7, 2026

Drite ("we", "us", "our") provides an operating system for businesses, including services for organization management, hiring, banking, payments, invoicing, and an AI agent layer. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it.

1. Information we collect

We collect information in three ways:

Information you provide

  • Account information: name, email, phone, password, business name and industry.
  • Identity verification: government-issued ID, business registration documents, and beneficial owner information for compliance with KYB / KYC obligations.
  • Payment information: bank account details, card numbers (tokenized via our payment processors), tax IDs.
  • Customer data: contacts, employee records, invoices, orders, and other content you store in Drite.

Information collected automatically

  • Device and connection: IP address, browser type, operating system, device identifiers.
  • Usage data: pages visited, features used, timestamps, referrer URLs, performance metrics.
  • Cookies and similar technologies. See our Cookie Policy for details.

Information from third parties

  • Identity and fraud prevention services for verifying your identity.
  • Banking partners and payment processors (e.g., Bridge, Stripe) for processing transactions.
  • Public business records and credit bureaus for underwriting financial services.

2. How we use information

  • To provide, operate, and improve Drite and the AI agents that run on it.
  • To process payments, transfers, and payroll on your behalf.
  • To verify identity and comply with anti-money-laundering, counter-terrorism financing, and sanctions screening requirements.
  • To detect and prevent fraud, abuse, and security incidents.
  • To communicate with you about your account, security alerts, and product updates.
  • To train and operate AI agents on data within your organization, scoped to your tenant.
  • To comply with legal obligations and respond to lawful requests.

3. AI agent processing

Drite operates AI agents on your business data to perform automated tasks (bookkeeping, invoicing, scheduling, hiring, etc.). These agents process data only within your organization. We do not use your customer data to train foundation models for other customers. We use frontier AI providers under enterprise agreements with no-training and zero-retention provisions where available.

4. How we share information

We share information only as necessary to provide the service:

  • Service providers: cloud hosting, banking partners, payment processors, identity verification, email and SMS delivery, analytics, and customer support tools.
  • Within your organization: with other members of your Drite organization based on the roles and permissions you configure.
  • Legal compliance: in response to subpoenas, court orders, or legal process, and to enforce our terms.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you.

We do not sell your personal information.

5. Data retention

We retain your information for as long as your account is active and as needed to provide the service. When you close your account, we retain certain information as required by law (typically 5–7 years for financial records) and to defend against legal claims. After the retention period expires, we delete or anonymize your data.

6. Your rights

Depending on your jurisdiction (GDPR, CCPA, CPRA, LGPD, and others), you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your information ("right to be forgotten"), subject to our legal retention obligations.
  • Object to or restrict certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at privacy@drite.io.

7. International data transfers

Drite operates globally. Your information may be transferred to and processed in countries other than your own, including the United States. Where required, we use Standard Contractual Clauses and other lawful mechanisms to protect international transfers.

8. Security

We protect your information using encryption in transit and at rest, scoped access controls, audit logs, and continuous monitoring. Read more on our Security page.

9. Children

Drite is not directed to children under 16. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in the Drite product. Continued use of Drite after changes take effect constitutes acceptance.

11. Contact

Questions or requests: privacy@drite.io.