Skip to content
Drap HRM
Sign in with SlackAdd to Slack

Privacy Policy

Last updated: January 19, 2026

1. Introduction

Drap.ai ("we," "our," or "us") operates Drap HRM, an attendance tracking and HR management platform integrated with Slack. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Drap HRM, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our service.

2. Information We Collect

2.1 Information from Slack

When you install Drap HRM in your Slack workspace, we collect:

  • Slack User ID and display name
  • Email address (with users:read.email permission)
  • Slack Workspace ID and name
  • Profile information visible in your Slack workspace

2.2 Attendance and HR Data

Through your use of our service, we collect:

  • Check-in and check-out timestamps
  • Break start and end times
  • Leave requests and balances
  • Work hours and overtime records
  • Notes or comments you add to attendance records

2.3 Mobile App Data (If Applicable)

If you use our mobile attendance features, we may collect:

  • Device information (device ID, operating system)
  • Location data for geofenced check-ins (only when you actively check in)
  • Face recognition data for identity verification (stored securely and encrypted)

2.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers. We only retain:

  • Stripe Customer ID
  • Subscription status and billing cycle
  • Invoice history

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our attendance tracking service
  • Process leave requests and manage leave balances
  • Generate attendance reports and analytics for your organization
  • Send notifications and reminders via Slack
  • Process payments and manage subscriptions
  • Provide customer support
  • Improve our service and develop new features
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

4.1 Your Organization

Organization administrators can view attendance records, leave requests, and reports for members of their organization.

4.2 Service Providers

  • Slack Technologies: For integration and messaging functionality
  • Stripe: For payment processing
  • Google Cloud Platform: For hosting and data storage
  • MongoDB Atlas: For database services

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests by public authorities.

5. Data Retention

We retain your data as follows:

  • Active subscriptions: Data is retained for the duration of your subscription
  • Attendance records: Retained for 7 years to comply with employment law requirements
  • Location data: Deleted after 90 days
  • Canceled subscriptions: Data is anonymized or deleted within 30 days of account deletion request

6. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights:

6.1 Right to Access

You can request a copy of all personal data we hold about you. Use the "Export My Data" feature in your account settings or contact us at privacy@drap.ai.

6.2 Right to Rectification

You can update your profile information through Slack or contact your organization administrator to correct inaccurate records.

6.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data. Contact us at privacy@drap.ai or use the "Delete My Account" feature. Note that some data may be retained for legal compliance.

6.4 Right to Data Portability

You can export your data in a machine-readable format (JSON or CSV) through our data export feature.

6.5 Right to Object

You can opt out of marketing communications at any time. Essential service notifications cannot be disabled while you have an active account.

7. Data Security

We implement industry-standard security measures to protect your data:

  • Data encrypted in transit using TLS 1.3
  • Data encrypted at rest using AES-256 encryption
  • Regular security audits and penetration testing
  • Role-based access controls
  • Secure authentication using JWT tokens
  • Rate limiting to prevent abuse
  • Audit logging of all data access

8. International Data Transfers

Our servers are located in the United States. If you are accessing our service from outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR requirements.

9. Children's Privacy

Our service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Slack App Permissions

Drap HRM requests the following Slack permissions:

  • chat:write - Send attendance confirmations and reminders
  • chat:write.public - Post team updates to public channels
  • commands - Respond to slash commands (/in, /out, etc.)
  • users:read - Identify users who use our commands
  • users:read.email - Associate attendance records with user accounts

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@drap.ai
  • Support: support@drap.ai

For GDPR-related inquiries, you may also contact your local data protection authority.