Privacy Policy
Htmldrag ("we", "us", "our") provides an online visual HTML editor that lets users capture or import content (for example by URL snapshot, file upload, or code paste), optionally use AI-assisted starting layouts, edit visually, and export or share results. We respect your privacy and process personal data responsibly and in line with applicable laws.
1. Information We Collect
Account data: email address, optional phone number (if you choose to add it), password hash, login logs (time, IP, user agent), identifiers from third-party login providers if used, and verification tokens.
Profile and usage: your plan type (for example, free or paid), quotas and limits (such as storage or credits), basic preferences, in-app actions and events for security, abuse prevention, and product analytics (in aggregate or pseudonymous form where appropriate).
Content data: HTML you upload, paste, or capture; images and other assets; thumbnails and metadata such as sizes and counts; sharing settings; and moderation or abuse reports associated with your content.
Payment and billing data: handled by our third-party payment or Merchant-of-Record ("MoR") partners. We do not store full payment instrument numbers (such as full credit card numbers). We receive payment status, transaction identifiers, and limited billing details necessary to activate service, keep records, and comply with tax and accounting obligations.
Technical data: IP address, device, operating system, and browser information, as well as cookies or similar identifiers that are strictly necessary for authentication, security, and core functionality.
Communications: messages and contact details you send to us, for example via email to [email protected] or via in-app feedback.
2. How We Use Information
To provide, operate, and improve the Service, including the editor, storage, history, sharing, and export/download features.
To authenticate users, enforce quotas (for example, storage size, item counts), apply rate limits, and maintain the security and integrity of the Service.
To process orders, subscriptions, invoices, and refunds (where applicable) through our payment or MoR partners, and to provide customer support.
To send strictly transactional messages such as verification emails, password reset links, billing notifications, and important service updates.
To comply with legal obligations, respond to lawful requests from authorities, and protect our rights, users, and the public.
We do not sell your personal information to third parties for advertising or commercial marketing purposes.
3. Legal Bases (Where Applicable)
Where data protection laws such as the GDPR apply, we rely on the following legal bases:
Performance of a contract: to provide and maintain your account and the Service you request.
Legitimate interests: to maintain security, prevent abuse, understand usage, and improve the Service in a way that does not override your rights and interests.
Consent: for specific optional features or communications where required by law. You can withdraw consent at any time, which will not affect processing already carried out.
Compliance with legal obligations: for example, maintaining certain records for tax or accounting, or responding to lawful requests.
4. Retention
We keep account and billing records for as long as necessary to operate the Service, meet legal requirements, and resolve disputes.
We keep content data while your account is active or until you delete specific items. Once deleted, content is removed from active systems within a reasonable period; residual copies may remain in encrypted backups for up to 30 days and will be purged in the normal backup cycle.
We retain logs and security-related data for up to 90 days to detect, investigate, and mitigate abuse, fraud, or security incidents.
5. Cookies and Similar Technologies
We use only cookies that are strictly necessary for authentication and security. These cookies maintain your login session and protect your account.
We do not use third-party tracking cookies, advertising cookies, or behavioral analytics cookies. We do not collect data through cookies for targeted advertising or cross-site tracking.
To improve our services and user experience, we use the following third-party analytics tools:
- Google Analytics 4: Used to collect website visit data, including page views, user sources, and device types. This data helps us understand how users interact with our services.
- Microsoft Clarity: Used to analyze user behavior, including heatmaps and session recordings. This helps us identify and improve user experience issues. Recordings automatically mask sensitive information such as passwords.
You can disable these tracking tools through your browser settings or by installing ad-blocking extensions.
6. Sharing with Service Providers
We share data with carefully selected service providers who process it on our behalf and only as needed to deliver and secure the Service:
Payment and Merchant-of-Record partners: third-party providers that handle checkout, payment processing, tax/VAT handling, and payouts on our behalf.
Email delivery providers: to send verification emails, password reset links, receipts, and other transactional messages.
Cloud infrastructure, object storage, and CDN providers: to host the Service, store assets such as images and exports, and deliver content efficiently.
Rendering and worker infrastructure: for tasks such as HTML rendering, snapshots, image processing, and background jobs, with appropriate sandboxing and network controls.
Security, logging, and analytics tools: to monitor system health, detect abuse, and improve the reliability and safety of the Service.
These providers are bound by contracts and are not allowed to use your personal data for their own unrelated purposes.
7. International Transfers
We may process and store data in countries different from your own. Where we transfer personal data internationally, we use appropriate safeguards as required by law, such as contractual protections and technical measures, to help protect the data during transfer and storage.
8. Data Location
We use reputable cloud infrastructure providers to host and process data. The specific data locations may vary by region and provider, but we apply technical and organizational measures designed to protect your information in all locations where it is processed.
9. Your Rights
Depending on your jurisdiction and applicable law, you may have rights such as:
Accessing a copy of your personal data.
Requesting correction or update of inaccurate data.
Requesting deletion of your data, subject to legal retention obligations.
Objecting to or restricting certain types of processing.
Requesting data portability, where technically feasible.
You can exercise these rights by contacting us at [email protected]. We may need to verify your identity before responding.
10. Additional Notices
EU/UK residents (GDPR): You have rights including access, rectification, erasure, restriction of processing, data portability, and the right to object to certain processing. You also have the right to lodge a complaint with your local supervisory authority.
California residents (CCPA/CPRA): You may have rights to request access to and deletion of certain personal information, and to receive information about how we collect, use, and disclose personal information. We do not sell your personal information. We do not profile you for automated decisions that produce legal or similarly significant effects. We will not discriminate against you for exercising your rights.
11. Sharing and Public Links
If you enable sharing for your content, it may become publicly accessible via a link. Consider this before sharing. You remain responsible for the legality of any shared content. For more information about acceptable use, please see our Terms of Service.
12. Children
The Service is not directed to children under the age defined by local law (for example, 13 or 16). If we learn that we have collected personal data from a child without appropriate consent or legal basis, we will delete it as required by applicable law.
13. Security
We apply technical and organizational measures designed to protect your data, including authentication controls, encryption in transit, access controls, logging, and abuse prevention mechanisms. No system can be 100% secure, but we work to maintain a level of security appropriate to the risks.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When we do, we will update the "Last updated" date above. If changes are significant, we will provide additional notice through the Service or by email where appropriate.
15. Contact
If you have questions about this Privacy Policy or how we process your data, please contact:
Email: [email protected]
Website: https://htmldrag.com
For terms governing your use of the Service, please also see our Terms of Service and our Refund Policy.