Privacy Policy
Last updated: April 3, 2026
Yoohoo Inc. ("Company," "we," "us," or "our") operates the Drew platform at getdrew.ai ("Drew," "the Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use Drew.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your name, email address, and company name. Payment information (credit card details) is processed directly by Stripe — we do not store card numbers on our servers.
1.2 Uploaded Documents
You may upload Confidential Information Memorandums (CIMs), NDAs, financial documents, and other files for AI analysis. These documents contain confidential business information that we treat with the highest level of care.
1.3 AI-Generated Data
Drew generates extracted financial figures, deal quality scores, investment memos, diligence checklists, and other analytical outputs from your uploaded documents.
1.4 Usage Data
We collect information about how you use Drew, including pages visited, features used, analysis counts, and search queries. This data is used for product improvement and is not shared externally.
1.5 Analytics
We use PostHog for product analytics. Analytics tracking is gated behind cookie consent, and you can opt out at any time.
2. How We Use Your Information
- To provide and maintain the Drew service
- To process your documents through AI analysis
- To track your usage against subscription limits
- To send transactional emails (analysis complete, billing notifications)
- To improve our AI models and extraction accuracy using aggregated, anonymized data only — never individual documents
- To detect and prevent fraud, abuse, or security incidents
- To comply with legal obligations
3. Document Confidentiality
We understand that Confidential Information Memorandums and other deal documents contain highly sensitive business information. We commit to the following:
No sharing.
We will never sell, rent, or share your document content with any third party for marketing, research, or any purpose other than providing the Drew service.
AI processing only.
Document content is sent to Anthropic's Claude API solely for the purpose of AI analysis. Anthropic processes data in accordance with their data handling policies, which include not using customer data for model training.
No cross-user access.
Your documents and analysis are visible only to members of your team. No other Drew user can access your data.
Deletion on request.
You can delete any deal, document, or your entire account at any time. Deletion is permanent and includes removal of stored files and extracted data.
Encrypted storage.
All documents are stored using encrypted storage (Vercel Blob) with access controls. Data in transit is encrypted via TLS.
4. Third-Party Services
We use the following third-party services to operate Drew:
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude API) | AI processing of documents | Document text content (for processing only) |
| Vercel | Hosting and file storage | Application data, uploaded files |
| Turso | Database storage | All structured deal data |
| Stripe | Payment processing | Name, email, payment method |
| PostHog | Product analytics | Usage events (anonymized, opt-out available) |
| Sentry | Error tracking | Error logs (no document content) |
| Google Places | Business enrichment | Company names (for lookup only) |
| Apollo | Team research | Company/person names (for lookup only) |
| Resend | Transactional email | Email addresses |
5. Data Retention
- Active accounts: Data is retained as long as your account is active
- Deleted deals: Permanently removed within 24 hours (files and database records)
- Deleted accounts: All data permanently removed within 30 days
- Analytics data: Retained for 12 months in anonymized form
- Billing records: Retained as required by law (typically 7 years)
6. Data Security
We implement industry-standard security measures to protect your data, including encrypted data transmission (TLS), encrypted storage, session-based authentication, rate limiting, input sanitization, and access controls. While we take reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure.
7. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of your data at any time
- Deletion: Delete your account and all associated data
- Portability: Export your deal data (CSV/PDF)
- Opt-out: Disable analytics tracking via cookie preferences
- Correction: Update your account information at any time
To exercise any of these rights, contact us at support@getdrew.ai.
8. Cookie Policy
- Essential cookies: Session management (required for the Service to function)
- Analytics cookies: PostHog (optional, gated behind consent)
- We do not use advertising cookies
- We do not use third-party tracking cookies
9. Children's Privacy
Drew is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. Your continued use of Drew after changes take effect constitutes acceptance of the updated policy.
11. Contact
For privacy questions or data protection inquiries, contact us at support@getdrew.ai.
Yoohoo Inc.
A Delaware C-Corporation