Skip to main content

Privacy Policy

Last updated: October 9th 2023 Ltd (“Drag”, “us”, “we”, or “our”) is a Company incorporated in England and Wales with the registered number 10835737. We operate the website and its associated domain (together, the “Site”), as well as the information, software or services available through the Site (collectively, “Services”).

This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use the Services. We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Services. By using the Services, you agree to the collection and use of information in accordance with this Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

We are committed to protecting our customers’ data and have developed processes, technologies and policies that enhance our data security. Read more about our GDPR compliance status here.

Information Collection

We collect the information that you share with us. This information includes:

1. Personally identifiable information, or “Personal Data”.

This is the type of information that can be used to contact or identify you. We only collect data that you share with us and we do this to improve services we offer you. Providing your Personal Data to us is your choice. If you choose not to provide us with certain Personal Data, you may not be able to take advantage of certain features of our Site and Services. We only collect Personal Data that is based on either Gmail’s API (OAuth) authentication by users or information users input manually into Drag.

We collect the following information:

  • Email address;
  • Gmail lifetime token (that allows Drag to load, by using Inbox SDK and not storing, Gmail’s API data, that can be found here);
  • Metadata (email headlines);
  • Gmail labels and individual email statuses like read/unread or star/unstar.

We also collect the following information that users submit while using our services:

  • Tasks;
  • Due dates;
  • Checklists;
  • Columns and board names.

2. Gmail API scopes.

We use only Gmail restricted scopes required to use Drag. These scopes are limited to:

  • (used to modify the status of emails such as archive)
  • (used to understand basic settings such as language and filters)
  • (used to reply to emails as a team)
  • (view email address)
  • (view personal information, including any information you have made publicly available)
  • (to manage mailbox labels)

These scopes are limited to the use of data in providing and improving user-facing features that are prominent in Drag only. We do not transfer data for serving ads, including retargeting, personalized or interest-based advertising.

For full information please see User Data Policy.

3. General Information.

We use third party services such as Google Analytics that collect, monitor and analyze some types of information in order to increase our Service’s functionality, including your computer’s Internet Protocol (“IP”) address, browser type, browser version or specific pages accessed during your visits to our website. These third party service providers have their own privacy policies addressing how they use such information. We may also parse email addresses to third party email verification tools in order to verify your recipient email addresses.

4. Referrals information.

If you chose to tell a friend about the Site or Services, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him/her to visit the Site or use the Services. Drag stores this information for the purpose of sending this one-time email and tracking the success of our referral program. Your friend may submit a request at [email protected] to request that we remove this information from our database.

We do not store your credit card information. If you purchase the Service, your credit card information is processed and stored by Stripe (

Cookies & Other Online Identification Tools

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
We use Cookies to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

The Site includes Social Media Features, such as the Facebook share button. These Features may collect your IP address, which page you are visiting on the Site, and may set a cookie to enable the Feature to function properly. Social Media Features are hosted by a third party. Your interactions with these Features are governed by the privacy policy of the company providing it.

Information Use

We must have permissions and collect some data so that we can display users’ emails on Drag boards and customize them according to our users’ preferences. For example, we must have permissions to delete emails, in order to be able to do so when users click on the delete button while using Drag boards.
Except as specified in this Privacy Policy, Drag does not rent, sell, trade or disclose your Personal Data to third parties without your informed prior consent. Drag may, however, continue to use your Personal Data to contact you to service your account or as otherwise authorized by law. Please note that. If you use more than one name or email address when communicating with us or using the Site, you may continue to receive communications from Drag to any name and/or email address not specified in your opt-out request.

Information Sharing

We will not disclose your Personal Data except for:

  1. Fulfillment of Services. We may retain other companies and individuals to perform functions consistent with our Privacy Policy on our behalf. Examples include data analysis firms, payment services firms and email service providers. Such this parties may be provided with access to Personal Data needed to perform their functions, but may not use such information for any other purpose.
  2. Compliance with Law and Fraud Protection. We may disclose any information, in our sole discretion and without your prior permission, to comply with any applicable law such as to comply with a subpoena, regulation, binding orders or a data protection agency, legal process or governmental request.

Information Protection

Drag is a chrome extension, featured by Google (globally), on the first page of Chrome Store, more than one time. Our Chrome extension is manually reviewed by Google internal audit team to verify that no security policies have been violated and, upon approval, maintained within the Chrome store.

We use JWT tokens, that define a compact and self-contained way for securely transmitting information between parties as a JSON object. We also use node express framework, that has built-in security policies.

We only communicate with Google servers through the Gmail’s API (OAuth). All data we store is stored on Mysql Database, hosted on AWS RDS, located in the United States, with encryption & required security groups so that only Drag can access it.

Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. All Drag data processor providers have been checked to be GDPR-compliant as per the list below:

List of Drag’s data processor providers:

Data Processor Country Purpose GDPR-compliant
Amazon Web Services USA Cloud Infrastructure Yes
Google USA Cloud Infrastructure, Logging, Analytics Yes
Crisp IM France Helpdesk & Support Yes
Stripe USA Payment Gateway Yes
Sendgrid USA Email Delivery Service Yes
ActiveCampaign USA Email Delivery Service Yes

Compliance with Laws

We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

Business Transaction

If Drag is involved in a merger, acquisition or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.


The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can contact us by submitting a request to [email protected]. We also run a disclosure program to further support the security of data.

International Transfer

Our servers are located and our central database is operated in the United States. If you are outside the United States when you visit the Site or use the Services, please be aware that your information, including Personal Information, may be transferred to — and maintained on — the United States. By using visiting the Site and using the Services, you consent to your information being transferred to our facilities in the United States and to the facilities of those third parties with whom we share it as described in this Privacy Policy. Please be aware that the data protection laws in the United States may differ than those from your jurisdiction.

California Privacy Rights

Drag complies with the California Consumer Privacy Act (referred to in this Privacy Policy as “CCPA”) as amended by the California Privacy Rights Act (“CPRA”) as set forth by the State of California. If the CCPA applies to your personal information this Privacy Policy provides you with information regarding how to receive information about our privacy practices, as well as request access to, and deletion of your personal information.

Drag does not sell (as the term is defined in the CCPA) the personal information we collect.

California consumers may make a request pursuant to their rights under the CCPA by contacting [email protected]. Upon receiving a request, we will verify your request using the information associated with the Drag Services, including your email address. Government identification may be required.

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Access Requests

In accordance with GDPR, as our customer, you can exercise your data subject rights to correct, modify or delete the Personal Data about you that Drag holds. If you would like to access, rectify or delete your Personal Data, please send a request to [email protected] with the following information:

  • Your full name;
  • Your email address;
  • What you would like to request (a copy of your Personal Data, to amend your Personal Data or to permanently delete your Personal Data).

In case of submissions to delete Personal Data, we will retain your information for as long as your account is active or as needed to provide you services.

Changes to this Privacy Policy

We may occasionally update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and revise the “Last update” date at the top of this web page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Site or Services after the posting of the modified Privacy Policy constitutes your agreement to abide and be bound by it. If you object to any modification, your sole recourse is to stop using the Site and Services.

You can also read everything about our terms.

Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].

Close Menu