Security at DraftYes

Your work and your clients' data deserve protection. Here is exactly how DraftYes keeps everything secure.

🔒

Encryption in Transit

All data exchanged between your browser, your clients' browsers, and our servers is encrypted using TLS (Transport Layer Security). We enforce HTTPS across every page and API endpoint — no plaintext data is ever transmitted.

🗄️

Encryption at Rest

Uploaded content and sensitive account data are encrypted at rest using industry-standard AES-256 encryption. This means your drafts, client records, and approval history are protected even at the storage layer.

🔗

Secure Approval Links

Every approval link is unique and generated with a cryptographically secure random identifier. Links do not expose account identifiers or predictable patterns. Clients can only view the specific draft linked — nothing else.

🧱

Access Controls

Your account data is isolated from other accounts. Authentication uses secure magic-link sessions. We do not store plaintext passwords. Session tokens are rotated regularly and expire automatically.

🛡️

Input Validation & Injection Protection

All user input is validated and sanitized on both the client and server side before being processed or stored. We protect against SQL injection, XSS, and other common web vulnerabilities following OWASP guidelines.

📋

Audit Logging

Key actions — account creation, client creation, draft submissions, approval decisions — are logged internally. This helps us detect unusual activity and investigate any reported incidents.

🏢

Infrastructure

DraftYes is hosted on enterprise-grade cloud infrastructure with automatic backups, redundancy, and uptime monitoring. We run on platforms that maintain SOC 2 compliance at the infrastructure level.

🚫

No Data Selling

We never sell your data or your clients' data to third parties. Client email addresses and names you enter are used solely to power your approval workflow — nothing else.

📬

Responsible Disclosure

If you discover a security vulnerability in DraftYes, please report it responsibly by emailing support@draftyes.com. We review all reports promptly and will acknowledge valid findings.

Questions or Security Reports

If you have a security concern, discovered a vulnerability, or simply have a question about how we handle your data, please reach out:

support@draftyes.com
Read Privacy PolicyContact Us

Send your first draft securely

Start free — no credit card required. Your first approval in minutes.

Get Started Free