Privacy Policy

How DrawSight handles inspection data today.

This policy is written around the current DrawSight app as it exists now: a local-first mobile inspection reporting product provided by DrawSight LLC, with managed AI requests in release builds, a managed address-lookup proxy, encrypted local records, optional hosted diagnostics, and inspector-controlled exports.

Effective date: April 29, 2026 Applies to current mobile builds

1. Overview

This Privacy Policy describes how DrawSight LLC, doing business as DrawSight, handles information in the current DrawSight app. DrawSight is currently a local-first inspection reporting app. In normal use, inspection records, findings, review history, photos, PDFs, and recovery data are stored on the inspector's device rather than in a DrawSight-hosted sync account.

Current builds do not provide a first-party always-on customer account platform, cloud sync, or client portal. Some optional features do send limited information to third parties when the user chooses to use them, which is described below.

2. Information handled by the app

Information you enter or create

  • property addresses, inspection identifiers, client names, and report content
  • inspection photos, annotations, findings, comments, and review edits
  • voice-note transcripts and dictated note content when the user chooses microphone / speech features
  • interrupted Photo-First recovery state used to resume large AI photo batches
  • inspector profile details such as company name, license number, and signature image
  • report snapshots, finding audit history, PDF reports, and backup files created by the user

Locally stored technical data

  • workflow preferences and app settings stored on the device
  • locally cached subscription, product-ownership, trial, or entitlement state when that build is configured to use it
  • a device-specific installation identity used to look up managed beta-access or entitlement records in supported builds
  • local crash logs and local telemetry events kept on-device
  • backup-encryption key material stored through secure device storage
  • when managed AI or managed geocoder routes are used, the DrawSight-managed Worker or hosting layer may temporarily process and store request metadata such as IP address, route, installation identity, and entitlement / rate-limit counters to prevent abuse and enforce access limits

3. How DrawSight stores data

  • inspection records are primarily stored on the user's device in encrypted local storage
  • the working copy of each inspection photo is re-encoded so the copy used in the AI pipeline and in exported reports does not retain EXIF or GPS metadata
  • DrawSight also preserves a byte-identical original of each inspection photo on the device so the inspector retains an unaltered evidentiary record; that original file retains whatever EXIF and GPS metadata the camera or source image included, and it stays on-device unless the inspector exports or shares it
  • current builds do not automatically upload inspection records to a DrawSight sync service
  • encrypted backup export is available when the user chooses to create one

Because the app is local-first, the device owner typically controls most retention, deletion, export, and restore decisions directly.

4. Third-party services

Managed AI processing

When the user enables and uses AI features in managed builds, relevant inspection photos, prompts, notes, inspection type, selected operating-state context, and related request content are sent through DrawSight-managed Worker infrastructure to approved subprocessors, which may include Anthropic, for processing.

Before some AI requests are sent, DrawSight may also run local on-device photo-quality screening to reject unreadable, too-dark, too-small, document-like, or selfie-like images before they are uploaded for AI processing. That local screening is intended to reduce bad AI calls and does not itself require sending the photo to a third-party provider.

Anthropic privacy information is available at anthropic.com/privacy.

Managed access identity and rate limiting

Supported managed builds use a device-specific installation identity plus DrawSight-managed credentials to look up beta-access or entitlement records and, where configured, issue short-lived AI access tokens. The Worker or hosting layer may also store per-route request counters, entitlement-usage counters, and temporary request metadata such as IP address and route timing so it can rate-limit abuse, diagnose failures, and enforce access policies.

Address lookup

When address autocomplete is used, typed property-address queries are sent to the DrawSight-managed geocoder proxy and then to the configured provider for that deployment. In the current managed path, that provider is Mapbox.

Voice note transcription

When microphone / speech features are used, the app relies on operating-system speech-recognition services made available on the device platform to turn dictated notes into transcript text. On Apple platforms this may involve Apple speech / dictation services, and on Android this may involve Google or the device vendor's speech-recognition stack. The resulting transcript becomes part of the note content the user can edit, save, export, or later send through AI-assisted drafting flows.

Optional hosted diagnostics and analytics

Some builds may be configured to send redacted crash events to a hosted crash reporting service such as Sentry, and redacted product telemetry events to a configured analytics endpoint. These integrations are optional and deployment-specific. Hosted payloads are intended to exclude full inspection photos, full report bodies, raw file-system paths, direct contact data, and persistent record identifiers.

System share destinations

When the user exports a report, backup, or log file, the content is sent only to the destination selected by the user through the device's share sheet or file picker.

5. How information is used

DrawSight uses handled information to:

  • create and edit inspection reports
  • generate optional AI-assisted draft text and photo classifications
  • support report audit history, export, backup, and restore flows
  • support local recovery, diagnostics, product-quality work, and optional hosted diagnostics if configured

6. Backups, exports, logs, and restore behavior

  • backup files can contain sensitive inspection data, including photos, names, addresses, and notes
  • PDF reports and logs are exported only when the user chooses to export them
  • once a file is shared or saved outside the app, its retention and security depend on the user and chosen destination
  • some states currently allow only watermarked draft export in the app, not final export

7. Retention and deletion

  • inspection data remains on-device until edited, deleted, or removed with the app
  • backups and exports remain wherever the user saves or shares them
  • local logs remain local unless the user shares them or hosted diagnostics are configured for that build
  • current builds do not provide a DrawSight-hosted always-on sync account or client portal
  • deployment-specific managed access records and optional hosted diagnostic records may still exist outside the device

In managed builds, the DrawSight Worker stores limited server-side records tied to managed-access, billing, and abuse-prevention. Those records expire on fixed schedules:

  • product-telemetry / usage-event records: retained for 60 days
  • store-purchase verification events used to link a purchase to an entitlement: retained for 45 days
  • admin-audit events tied to administrative or support access (may include IP address, user-agent, and subscriber identity): retained for 90 days

Entitlement records themselves persist for the lifetime of the active managed-access subscription plus a short reconciliation window after it ends. Rate-limit counters are short-lived and roll over on their own windows; they are not a long-term retention surface.

8. Your choices and privacy requests

You generally control DrawSight data by:

  • editing or deleting inspections inside the app
  • deleting exported reports or backup files you created
  • removing the app or clearing app data from your device
  • choosing whether to use AI-assisted features at all

If you are a homeowner, resident, or client seeking access to inspection information, you should generally contact the inspection business that collected the data.

If you believe DrawSight itself controls personal information about you and you want to request access, correction, deletion, or a copy of that information, email support@drawsight.app. Because DrawSight is local-first, inspection businesses and device owners usually control most record content directly.

9. Security

DrawSight uses measures intended to reduce risk, including:

  • encrypted local storage for inspection records
  • secure device storage for local secrets and backup key material
  • encrypted backup export support
  • HTTPS requests for managed AI, geocoder, and optional hosted services
  • redaction of sensitive values in crash and telemetry payloads

No device, network, or software environment can guarantee absolute security. Users remain responsible for securing their devices, external storage locations, exported files, and any third-party accounts they control.

10. Children's privacy

DrawSight is intended for adult inspectors and inspection businesses. It is not directed to children.

11. GDPR / CCPA

DrawSight is designed for local-first storage on the inspector's device. If you are a client, tenant, prospective buyer, or resident seeking access, correction, deletion, or disclosure of inspection data, contact the inspection business that collected that information — they are the data controller for the inspection they performed. DrawSight LLC is a processor on their behalf to the extent any data leaves the device.

Data retention depends on the device owner's exports, backups, deletions, managed-access records, and any deployment-specific hosted diagnostics that were enabled for that build. When AI features are used, approved providers process the submitted request solely to generate the requested result and do not retain submissions to train their own models.

California residents: DrawSight LLC does not sell personal information. You may request access to or deletion of personal information DrawSight LLC holds about you by emailing support@drawsight.app.

12. Policy changes

This Privacy Policy may be updated as DrawSight's features, providers, and release setup change. The latest version is reflected by the effective date at the top of this page.

13. Contact

If you have privacy questions about DrawSight, contact DrawSight LLC at support@drawsight.app.

Do not send private inspection photos, client names, property addresses, or full report text unless DrawSight support asks you to use a specific secure path.