HtmlDrag
HtmlDrag

Last updated: 2026-04-27 03:13

Privacy Policy

Htmldrag provides online HTML editing, upload and import tools, export and sharing features, AI-assisted generation, and document or attachment parsing features. We process personal information only to the extent reasonably necessary to operate the service, secure the platform, improve the product, and comply with legal obligations.

1. Information We Collect

Account and Authentication Information

  1. Email address, password hash, login time, IP address, device details, browser details, and user agent.
  2. Verification codes, verification links, password reset tokens, and related security logs.
  3. Account status, membership type, credit or points balance, role, and permission data.

Third-Party Sign-In Data

If you choose to sign in with a third-party account, we may receive the information needed to complete that sign-in, such as the provider user ID, email address, email verification status, display name, avatar, or similar basic profile data. Current sign-in options may include Google, GitHub, and Microsoft.

Usage and Activity Data

  1. Membership, quota, credit, points, order status, and key in-product actions.
  2. Page views, feature clicks, payment funnel events, unusual activity signals, rate-limit signals, and security audit records.
  3. Error logs, diagnostic logs, and analytics data used to improve the product.

Content Data

  1. The HTML content you upload, paste, import, edit, or export.
  2. Images, screenshots, thumbnails, attachments, and related metadata.
  3. Documents or attachments you upload or parse, together with related metadata.
  4. Document, attachment, or image inputs you submit for AI creation, together with extracted text, structured data, and other metadata reasonably needed for parsing or generation.
  5. Sharing settings, public links, report records, and information shown on public share pages.

For AI-related file uploads, we generally do not keep the original uploaded file as a long-term stored work file. Some files may be handled only briefly in memory or in a temporary processing environment for parsing, extraction, or generation, and are removed after processing. Subsequent generation mainly uses extracted text, structured data, or other necessary controlled data.

Payment and Transaction Data

When you purchase a membership, credits, or other paid features, payments may be handled by Paddle, Creem, or another payment provider we have enabled at the time. We generally do not store full payment card details. Instead, we receive the order data needed to activate service, process refunds, reconcile payments, and prevent fraud, such as order IDs, payment status, amount, currency, tax information, and transaction timestamps.

Browser Storage and Technical Data

To keep you signed in, improve usability, run analytics, and support fraud prevention, we may use cookies, localStorage, sessionStorage, and similar browser-side storage. These may store visitor identifiers, session context, login state, onboarding state, or other temporary data tied to product flows.

Analytics and Abuse Prevention

We may use internal analytics and third-party analytics or statistics tools that we actually enable to understand page usage, feature adoption, conversion funnels, and service performance. We may also use Google reCAPTCHA or similar security tools to detect bots, prevent abuse, and protect authentication flows.

2. How We Use Information

  1. To provide registration, login, account management, memberships, payments, refunds, exports, sharing features, AI generation, and attachment parsing.
  2. To store your content, history, and operational account state.
  3. To send verification codes, account verification emails, password reset emails, order notices, and other transactional communications.
  4. To perform fraud prevention, security checks, abuse detection, incident response, troubleshooting, and audit logging.
  5. To analyze product usage, improve the user experience, and optimize feature design and conversion flows.
  6. To handle reports, infringement complaints, policy violations, disputes, and legal compliance matters.

3. AI Features and Third-Party Model Providers

Htmldrag may offer AI-assisted generation, text transformation, document parsing, image understanding, structured extraction, or similar features. To provide these features, we may send portions of your submitted content to third-party model providers or AI infrastructure services, including text, image inputs, document excerpts, prompts, structured parameters, and generated outputs.

We aim to limit this data sharing to what is reasonably necessary for the feature you use and to reduce unnecessary exposure wherever practical. You should avoid uploading highly sensitive personal, financial, medical, or similarly sensitive content unless it is genuinely necessary and appropriate for the task.

4. When We Share Information

We do not sell your personal information. We may share it only in limited situations such as the following:

  1. With payment providers when needed for checkout, payment reconciliation, invoicing, or refunds.
  2. With email delivery providers, such as SMTP providers, Resend, Mailjet, or other services we use to send transactional email.
  3. With storage, file delivery, or CDN providers, including local storage infrastructure and cloud object storage (the specific provider in use at the time applies).
  4. With AI, parsing, analytics, logging, security, or anti-abuse providers when necessary for those functions.
  5. When required by law, court order, regulatory request, or when reasonably necessary to protect our rights, our users, or the public.

5. Public Sharing Features

If you enable sharing or create a public link, your content may become accessible to other people who have that link. Depending on the feature settings, public pages may display a title, public-facing content, the author nickname, avatar, view counts, like counts, or other share-related information. Please use sharing carefully and only for content you are allowed to publish.

6. How Long We Keep Data

  1. Account and order records: retained for a reasonable period for service delivery, payment reconciliation, tax compliance, dispute handling, and legal obligations.
  2. Content and file data: retained while your account remains active; if you delete content or close your account, we remove it from active systems, but cached or backup copies may remain for a limited period.
  3. Logs and security records: retained for a reasonable period to investigate abuse, troubleshoot problems, support audits, and respond to security incidents.
  4. Support communications: retained for customer support, dispute tracking, and compliance needs.

7. Account Deletion and Data Removal

You may request account deletion through in-product features. To prevent unauthorized or mistaken deletion, we require identity verification, such as a verification code check. After verification is completed, the account enters a deletion grace period. The current default grace period is 30 days, unless a different period is shown on the page or configured in the system at that time.

During the grace period, account access may be restricted, public sharing may be disabled, and related in-progress tasks may be cancelled. After the grace period ends, we delete or anonymize profile data, works, and related business data in active systems according to our internal rules. Some backup, cached, or residual copies may remain for a limited period where needed for backup recovery, security, financial compliance, or legal obligations, and are removed in the normal cleanup cycle.

8. International Processing

To provide hosting, storage, analytics, AI, email, security verification, and other necessary services, your data may be processed by us or by service providers we actually enable in their operating locations. We take reasonable contractual, technical, and organizational measures to protect your information.

9. Your Rights

Depending on the data protection rules that apply to you, you may have rights to access, correct, delete, export, or object to certain processing of your personal information, or to withdraw consent in some cases. You may contact us using the details below, and we will handle your request within a reasonable timeframe.

If you are located in the European Economic Area (EEA), the United Kingdom, or another region with similar data protection rules, you may also have the right to data portability, restriction of processing, and to lodge a complaint with your local data protection authority.

10. Security

We use reasonable technical and organizational safeguards, including access controls, encryption in transit, logging, anti-abuse measures, and permission isolation. No internet-based system can guarantee absolute security, so you should also protect your account credentials and verification codes.

11. Changes to This Policy

If this Policy changes, we will update the date shown on this page and publish the latest version here.

12. Contact

Email: [email protected]

© 2026 HtmlDrag. All rights reserved.