← Drento

Privacy Policy

Last updated: 22 May 2026

Drento ("we", "us", "our") operates the AI-powered app development studio at drento.app. This policy explains what data we collect, how we use it, and the choices you have. By using Drento you agree to this policy.

1. What we collect

  • Account information — when you sign in with Google, we receive your name, email address, and Google profile picture.
  • Project data — the app ideas, descriptions, blueprints, designs, logos, and other artifacts you create using Drento.
  • Usage telemetry — anonymized counts of AI generations, page views, and errors so we can improve the product.
  • Payment data — when you subscribe via NOWPayments, the payment processor receives your wallet address and transaction signature. We never see your private keys or bank details.

2. How we use it

  • To provide the service — authenticate you, store your projects, and run AI generations on your behalf.
  • To process payments and provision your subscription tier.
  • To send service-related emails (sign-in confirmations, subscription receipts, security alerts).
  • To improve Drento — detect bugs, monitor performance, and iterate on the product.

3. Third parties we share with

  • Google — for sign-in (OAuth 2.0) and Gemini-based AI generation. See Google's privacy policy.
  • OpenAI, Anthropic, fal.ai — when you select one of their models for AI generation, the prompts and inputs you provide are sent to the chosen provider.
  • Cloudflare R2 — file storage for your generated assets (logos, design images).
  • Neon — managed Postgres database for your projects.
  • Vercel + Fly.io — hosting providers for the website and backend.
  • Sentry, PostHog, Better Stack — observability and uptime monitoring (when enabled). Anonymized event data only — no project content.
  • NOWPayments — cryptocurrency payment processor for subscriptions.

We do not sell your data to any third party. We do not use your project content to train AI models.

4. Your rights

  • Access + export — you can download all your projects via the Drento UI at any time.
  • Delete — you can delete projects individually, or delete your entire account from the account settings.
  • Rectify— you can edit any data you've provided.
  • Opt out — you can revoke Google OAuth access from your Google Account permissions page at any time.

5. Retention

We keep your account and project data while your account is active. When you delete your account, all projects, assets, and personal data are deleted within 30 days. Anonymized usage telemetry may be retained for analytics.

6. Security

All connections to drento.app use HTTPS. Account passwords are never stored (authentication is via Google OAuth). API keys and tokens are encrypted at rest using AES-256. We rely on industry-standard practices including HSTS, CSP, and short-lived JWT access tokens with refresh-token rotation.

7. Children

Drento is not directed at children under 13. We do not knowingly collect data from anyone under 13.

8. Changes

We may update this policy. When we do, we'll update the "Last updated" date at the top. Material changes will be notified via email or in-app banner.

9. Contact

Privacy questions: privacy@drento.app