Super Nova Research Inc.
Operating as Draft&Goal
Version 2.1 · Last Updated: May 4, 2026
This Privacy Notice explains how Super Nova Research Inc., operating under the brand Draft&Goal (“Draft&Goal,” “we,” “us,” or “our”), accesses, collects, stores, uses, discloses, transfers, and otherwise processes personal information.
Draft&Goal is a business-to-business software-as-a-service platform that enables organizations to design, deploy, and orchestrate AI agents and AI-powered workflows for content, marketing, SEO, search intelligence, data analysis, and business automation.
This Notice applies to:
Our website at https://dng.ai and any related websites that link to this Notice;
Our software-as-a-service platform, applications, integrations, APIs, and related products (the “Platform”); and
Our sales, marketing, events, support, and other related business activities.
Together, these are referred to as the “Services.”
If you do not agree with this Notice, please do not use the Services. For privacy questions or requests, contact us at [email protected].
A French-language version of this Notice is available at https://dng.ai/confidentialite. For Quebec residents, the French and English versions are equally authoritative. Outside Quebec, the English version prevails in case of inconsistency, unless applicable law requires otherwise.
Our role under privacy law depends on the context.
When we act as a controller. We determine the purposes and means of processing personal information for activities such as operating our website, managing accounts, administering billing, communicating with prospects and customers, running marketing and events, providing support, securing the Services, and managing our business. This Notice governs that processing.
When we act as a processor or service provider. When enterprise customers use the Platform to process personal information of their own users, employees, contacts, customers, or other third parties (“Customer Data”), we generally process that information on behalf of the customer and under the customer’s documented instructions. That processing is governed by the applicable customer agreement and any data processing agreement (“DPA”). If you are an end user of a customer deployment and have questions about your personal information, please contact the customer directly. We will assist the customer in responding where required by law and our agreements.
| Topic | Summary |
| What we collect | Account, contact, billing, device, log, cookie, usage, support, marketing, and integration data, as well as Customer Data processed through the Platform. |
| Customer Data | We process Customer Data on behalf of enterprise customers according to customer instructions, the customer agreement, and any applicable DPA. |
| Sensitive information | We do not intentionally request sensitive personal information for our own controller purposes. Customer Data may contain sensitive information if customers choose to submit or connect it. |
| AI processing | The Platform may process inputs, prompts, files, connected data, workflow data, and outputs through third-party AI service providers. |
| AI training | We do not use Customer Data to train public or general-purpose AI models, and we require our AI service providers not to use Customer inputs or outputs to train their public or general-purpose foundation models unless expressly authorized by the customer. |
| Google data | If authorized, we may access Google Drive, Gmail, Google Calendar, Google Contacts, Google Search Console, BigQuery, and related Google data to provide requested features. |
| SEO and marketing | We may use or connect with SEO, search intelligence, marketing data, and enrichment providers such as SEMrush, DataForSEO, and similar services to provide requested features. |
| Advertising and analytics | We may use tools such as Google Analytics advertising features, Google Ads remarketing, Meta Pixel, LinkedIn Insight Tag, Mixpanel, and similar technologies where permitted by law. |
| Data sales | We do not sell personal information for monetary consideration. Some advertising or analytics disclosures may be considered “sharing” or “targeted advertising” under certain U.S. state privacy laws. |
| International transfers | We may process information in Canada, the United States, the EEA, the United Kingdom, and other jurisdictions, using safeguards where required. |
| Privacy rights | Depending on your location, you may have rights to access, correct, delete, port, restrict, object, withdraw consent, opt out of certain advertising uses, or lodge a complaint with a regulator. |
| Contact | [email protected] |
We collect personal information directly from you, automatically when you use the Services, from customers and workspace administrators, from third-party integrations you or your organization connect, and from limited third-party sources.
We may collect information you provide when you register, use the Platform, request information, book a demo, communicate with us, attend events, or otherwise interact with us, including:
Identifiers such as name, username, email address, phone number, and postal or billing address;
Account data such as login credentials, authentication data, user role, and contact preferences;
Professional data such as company name, job title, employer, and business contact information;
Billing data such as company name, billing address, tax information, purchase history, and invoice details;
Communications data such as support tickets, feedback, emails, call notes, survey responses, and messages;
Event data such as webinar or event registration information;
Customer Data, prompts, instructions, workflow configurations, uploaded files, documents, images, datasets, source materials, generated outputs, and other content submitted to or generated by the Platform.
When you visit our website or use the Services, we may automatically collect: IP address; device identifiers; browser type and version; operating system; language settings; approximate location derived from IP address; referring and exit pages; pages viewed; features used; timestamps; workflow activity; error reports; diagnostic logs; and cookie and similar technology data.
We use this information to operate, secure, troubleshoot, analyze, and improve the Services.
We may receive limited information from third parties, including:
Identity providers and single sign-on partners, such as Google and Microsoft;
Customers and workspace administrators;
Business partners and referral sources;
Public sources, such as company websites and professional networks;
B2B data enrichment and lead generation providers;
Analytics and advertising partners;
SEO, search intelligence, marketing data, and enrichment providers such as SEMrush, DataForSEO, and similar services;
Third-party integrations, applications, APIs, databases, or business systems connected to the Services by you or your organization.
“Customer Data” means data, content, prompts, files, instructions, outputs, workflow configurations, datasets, and related materials submitted to, connected to, generated by, or processed through the Platform by or on behalf of a customer.
Customer Data may include personal information, confidential business information, regulated information, or sensitive personal information depending on what customers and users choose to submit or connect. Customers are responsible for ensuring that they have the required rights, permissions, notices, consents, and lawful basis to submit or connect Customer Data to the Platform.
We do not intentionally request or require sensitive personal information for our own controller purposes. Sensitive personal information may include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used to uniquely identify a person, health data, information about sex life or sexual orientation, precise geolocation, government identifiers, financial account credentials, contents of private communications, and other categories defined by applicable law.
Because the Platform allows customers to process flexible workflows and connected data, Customer Data may contain sensitive information if customers choose to submit or connect it. Customers must not use the Platform to process sensitive or regulated information unless they are authorized to do so, have implemented appropriate safeguards, and such use is permitted by the applicable customer agreement and DPA.
Draft&Goal primarily provides services through business contracts and invoicing. We may also use Stripe or other payment processors for certain transactions. Where Stripe is used, payment card details and security codes are collected and stored by Stripe, not by Draft&Goal. We receive limited payment and transaction information from Stripe to manage billing, subscriptions, invoices, and accounting.
We process personal information for the following purposes.
We use personal information to create and manage accounts, authenticate users, configure workspaces, provide access to the Platform, operate AI agents and workflows, connect integrations, process inputs and outputs, provide support, process billing, and deliver customer-requested features.
We use prompts, instructions, uploaded files, connected data, workflow configurations, Customer Data, generated outputs, and related metadata to provide AI-powered features such as AI workflow automation, document and content generation, retrieval-augmented generation, classification, routing, extraction, summarization, enrichment, image generation, and AI-powered insights.
We may process domains, URLs, keywords, search queries, search performance data, ranking data, page metadata, campaign data, competitor data, customer instructions, and related workflow data to provide features such as keyword research, SERP analysis, search performance analysis, ranking insights, competitive intelligence, content optimization, and marketing workflow automation.
We use personal information to respond to inquiries, provide support, send service-related notices, send security alerts, notify you of changes to the Services or policies, and send marketing communications where permitted by law.
We use personal information to monitor performance, troubleshoot issues, debug errors, develop and improve features, conduct analytics, prevent fraud and abuse, detect security incidents, enforce usage limits and policies, and protect the rights, safety, and property of Draft&Goal, customers, users, and others.
We may use business contact information, website usage information, cookies, pixels, and similar technologies to understand website usage, measure campaign performance, improve our marketing, and deliver or measure advertising. This may include Google Analytics advertising features, Google Ads remarketing, Meta Pixel, LinkedIn Insight Tag, Mixpanel, HubSpot, Microsoft Clarity, and similar technologies, where permitted by law and subject to applicable consent and opt-out requirements.
We may use personal information to comply with law, respond to lawful requests, maintain records, conduct audits, resolve disputes, enforce agreements, exercise or defend legal claims, and support corporate transactions such as mergers, acquisitions, financings, reorganizations, or sales of assets.
Where applicable law requires a legal basis, including under the GDPR, UK GDPR, and Swiss Federal Act on Data Protection, we rely on one or more of the following legal bases.
| Purpose | Legal Basis |
| Account creation and administration | Performance of a contract; legitimate interests |
| Providing the Services and requested features | Performance of a contract; legitimate interests |
| Processing Customer Data on behalf of customers | Customer instructions; performance of a contract; processor/service provider obligations |
| AI-powered features | Performance of a contract; legitimate interests; consent where required |
| SEO, search intelligence, and marketing workflow features | Performance of a contract; legitimate interests; consent where required |
| Billing and payments | Performance of a contract; legal obligations |
| Security, fraud prevention, and abuse monitoring | Legitimate interests; legal obligations |
| Support and communications | Performance of a contract; legitimate interests |
| Product improvement and analytics | Legitimate interests; consent where required |
| Marketing communications | Consent or legitimate interests, depending on context and applicable law |
| Cookies and targeted advertising | Consent where required; legitimate interests where permitted |
| Legal compliance and claims | Legal obligations; legitimate interests |
| Corporate transactions | Legitimate interests; legal obligations |
Legitimate Interests Balancing. Where we rely on legitimate interests as a legal basis, we have assessed that our interests are not overridden by the rights and freedoms of affected individuals. Our legitimate interests include operating and securing a commercial B2B software platform, preventing fraud and abuse, improving our products and services, and conducting direct marketing to business contacts. We balance these interests against the reasonable expectations of individuals, the nature of the data processed, the likely impact of processing, and available safeguards. Individuals may request further information about this balancing assessment or object to processing based on legitimate interests by contacting [email protected].
If we rely on consent, you may withdraw consent at any time. Withdrawal does not affect processing that occurred before withdrawal.
For Canada and Quebec, we process personal information based on express or implied consent, or in the limited circumstances where applicable law permits processing without consent, such as fraud prevention, legal obligations, business transactions, or where consent cannot be obtained in a timely manner and processing is clearly in the individual’s interest.
We may disclose personal information to the following categories of recipients.
We use service providers and subprocessors to host, secure, operate, support, analyze, market, and improve the Services. These may include providers of cloud hosting, infrastructure, AI models, AI infrastructure, authentication, analytics, advertising technology, payment processing, invoicing, accounting, customer support, email, CRM, communications, security monitoring, logging, observability, SEO data, search intelligence, marketing data, and data enrichment. Our subprocessor list is available at https://trustcenter.dng.ai or upon request.
We may disclose prompts, inputs, Customer Data, outputs, workflow data, and related information to AI service providers as necessary to provide AI-powered features. We do not permit AI service providers to use Customer inputs or outputs to train their public or general-purpose foundation models unless expressly authorized by the customer.
We may disclose or make available domains, URLs, keywords, search queries, page metadata, campaign data, ranking data, customer instructions, and related workflow data to SEO, search intelligence, marketing data, and enrichment providers such as SEMrush, DataForSEO, Google Search Console, BigQuery, and similar services where necessary to provide requested features.
If you or your organization connect third-party services to Draft&Goal, we may disclose information to those services as necessary to provide the integration, retrieve data, send data, or perform actions requested by you or your organization.
If your account is associated with a customer workspace, we may disclose information to that customer and its authorized administrators, including account information, user activity, workflow activity, integration settings, Customer Data, and other information associated with the customer’s workspace.
We may disclose or make available website, device, usage, cookie, and similar information to advertising and analytics partners, including Google, Meta, LinkedIn, Mixpanel, HubSpot, Microsoft Clarity and similar providers, to measure campaigns, provide analytics, and deliver or measure advertising, subject to applicable law and consent requirements.
We may disclose personal information to lawyers, auditors, accountants, insurers, consultants, banks, courts, regulators, law enforcement, government authorities, acquirers, investors, lenders, successors, or other parties where reasonably necessary for legal, professional, security, financial, corporate, or compliance purposes.
We may disclose personal information with your consent, at your direction, or as instructed by your organization.
We engage subprocessors to help provide the Services. Subprocessors may process personal information only as necessary to provide services to us and subject to contractual data protection commitments.
Where applicable, customers may receive notice of new subprocessors and may object in accordance with the applicable DPA or customer agreement. Our current subprocessor list is available at https://trustcenter.dng.ai or upon request, as applicable.
We are based in Canada and may process personal information in Canada, the United States, the European Economic Area, the United Kingdom, Switzerland, and other jurisdictions where we, our affiliates, service providers, or subprocessors operate.
Where personal information is transferred to a jurisdiction that does not provide an adequate level of protection under applicable law, we use appropriate safeguards where required. These may include data processing agreements, standard contractual clauses, the UK International Data Transfer Addendum, adequacy decisions, transfer impact assessments, supplementary security measures, contractual restrictions, and other lawful transfer mechanisms.
Where Quebec privacy law applies, before communicating personal information outside Quebec, we assess privacy-related factors as required by law, including the sensitivity of the information, the purposes of use, safeguards, contractual protections, and the legal framework applicable in the destination jurisdiction.
We use cookies, pixels, web beacons, local storage, SDKs, and similar technologies to operate, secure, analyze, improve, market, and advertise the Services.
| Category | Purpose |
| Strictly necessary | Required for login, security, session management, load balancing, fraud prevention, and core functionality. |
| Functional | Remember preferences and improve user experience. |
| Analytics | Understand website and product usage, diagnose issues, measure performance, and improve the Services. |
| Advertising and remarketing | Measure campaigns, build audiences, deliver relevant advertising, and understand advertising effectiveness. |
We may use tools such as Google Analytics, Google Analytics advertising features, Google Ads remarketing, Meta Pixel, LinkedIn Insight Tag, Mixpanel, HubSpot, Microsoft Clarity, CloudFlare, and similar technologies.
We obtain prior, freely given, specific, informed, and unambiguous consent before placing or accessing any non-essential cookies or similar tracking technologies on your device. This applies to all users, and in particular to users in the EEA, United Kingdom, and Switzerland, in accordance with the ePrivacy Directive and applicable national implementing legislation. Strictly necessary cookies do not require consent. You may withdraw consent at any time through our cookie preferences tool.
For more information, see our Cookie Notice at https://dng.ai/cookie-policy/. The Cookie Notice contains the authoritative, current list of cookies actually deployed on our website.
Some browsers offer Do Not Track signals. Because no uniform standard for Do Not Track has been adopted, we do not currently respond to Do Not Track signals. Where required by applicable law, we honor legally recognized opt-out preference signals, such as Global Privacy Control, as a valid opt-out of sale, sharing, or targeted advertising where applicable.
The Platform enables customers to design, deploy, and operate AI agents and AI-powered workflows. This may involve processing inputs, prompts, instructions, uploaded files, connected data, Customer Data, workflow configurations, and generated outputs through AI models and AI infrastructure.
AI features may include:
AI workflow automation;
AI document and content generation;
Retrieval-augmented generation;
Classification, routing, and extraction;
Summarization and enrichment;
Image generation or image-related AI features;
AI-powered search, SEO, marketing, and content insights;
AI-assisted analysis of connected business data.
Depending on customer configuration and the feature used, inputs and outputs may be processed by one or more AI service providers, such as:
Anthropic;
OpenAI;
Google Cloud AI, including Gemini and Vertex AI;
Microsoft Azure AI, including Azure OpenAI Service;
Amazon Web Services, including Bedrock;
Mistral AI;
Other AI infrastructure, model, or orchestration providers used to provide the Services.
We do not use Customer Data to train public or general-purpose AI models. We also require our AI service providers not to use Customer inputs and outputs submitted through the Platform to train their public or general-purpose foundation models unless expressly authorized by the customer.
Where available and appropriate, we use enterprise-tier API configurations, contractual data protection terms, zero-retention or limited-retention settings, and provider controls designed to prevent Customer Data from being used for foundation model training.
AI-generated outputs may be inaccurate, incomplete, biased, outdated, or misleading. Outputs should not be relied upon as a substitute for professional advice, including legal, financial, medical, tax, or other regulated advice. Customers and users are responsible for reviewing and validating outputs before relying on, publishing, or sharing them.
When we act as a controller, we do not use solely automated decision-making without meaningful human involvement that produces legal effects concerning you or similarly significantly affects you, unless separately disclosed and permitted by law.
When we act as a processor, customers are responsible for determining whether their use of the Platform involves automated decision-making subject to GDPR Article 22, Quebec Law 25, or similar laws, and for providing required notices, conducting required assessments, and implementing human review where required.
We operate an AI Management System aligned with ISO/IEC 42001:2023. AI policies, roles, impact and risk assessments, supplier controls, and AI incident response procedures are documented and maintained in our compliance and management platform. Concerns about an AI output, suspected bias, safety issue, or inappropriate use of AI features may be reported to [email protected] and will be handled in line with our AI incident response process.
Where our use of AI features involves processing that is likely to result in a high risk to the rights and freedoms of individuals — including large-scale processing of personal data, systematic use of new technologies, or processing that may significantly affect individuals — we conduct Data Protection Impact Assessments (DPIAs) in accordance with Article 35 of the GDPR. DPIAs are reviewed and updated when the nature or scope of processing materially changes. Customers deploying the Platform for high-risk processing are responsible for conducting their own DPIAs and may request relevant information from us by contacting [email protected].
If you or your organization authorize Draft&Goal to access Google APIs, we use Google user data only to provide, maintain, secure, and troubleshoot the Google-connected features requested or configured by you or your organization.
Our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
| Google Service | Data Accessed | Purpose |
| Google Drive | File metadata, selected files, folders, document content, permissions, and related information | Retrieve, analyze, transform, generate, or manage content and workflows involving Google Drive files. |
| Gmail | Message metadata, message content, recipients, senders, labels, attachments, and related email information, where authorized | Provide user-requested email features such as drafting, summarizing, classifying, routing, or automating workflows. |
| Google Calendar | Event titles, descriptions, times, attendees, locations, and related metadata | Support scheduling, reminders, workflow automation, and calendar-based features. |
| Google Contacts | Names, email addresses, organizations, phone numbers, and related contact metadata | Help users select contacts, recipients, collaborators, and automate contact-related workflows. |
| Google Search Console | Site properties, search queries, pages, countries, devices, impressions, clicks, click-through rates, average position, and related search performance data | Analyze search performance and support SEO, content optimization, reporting, and workflow automation features. |
| BigQuery | Datasets, tables, schemas, metadata, query results, and related authorized project data | Analyze customer-authorized data and support reporting, insights, and workflow automation. |
Google user data:
Will not be sold;
Will not be used to serve advertisements, including retargeting, personalized, or interest-based advertising;
Will not be used for marketing or promotional purposes;
Will not be used to determine creditworthiness or for lending purposes;
Will not be used to train public or general-purpose AI or machine learning models;
Will not be transferred or shared with third parties except as necessary to provide, maintain, secure, or improve user-facing features that are visible and prominent in the Services, or as required by law.
We do not allow human access to Google user data unless:
You or your organization have provided explicit authorization;
Access is necessary for security, fraud, abuse, or incident investigation;
Access is necessary to comply with applicable law;
Access is necessary to provide support requested by you or your organization;
The data has been aggregated or anonymized so that it cannot reasonably identify an individual.
We retain Google user data only as long as necessary to provide the requested features, comply with applicable law, maintain security, resolve disputes, or meet contractual obligations. You may revoke our access to Google user data through your Google Account permissions page at https://myaccount.google.com/permissions. You may also request deletion by contacting [email protected].
The Services may allow users to register or log in using Google or Microsoft authentication. When you use third-party authentication, we may receive information such as your name, email address, profile information, authentication tokens, and other information made available by the identity provider, subject to your settings and the permissions granted.
We use this information to authenticate users, secure accounts, provide the Services, and administer workspaces. We do not control how Google, Microsoft, or other identity providers process your information, and you should review their privacy notices and account settings.
We retain personal information only as long as reasonably necessary to provide the Services, fulfill the purposes described in this Notice, comply with legal, tax, accounting, security, and contractual obligations, resolve disputes, enforce agreements, and maintain business records.
| Data Category | Retention Period |
| Account and workspace data | Duration of the account, plus 90 days after deletion (extendable for legal hold) |
| Customer Data | Deleted within 30 days of customer instruction or contract termination, subject to backup lifecycle |
| Authentication tokens (Google, Microsoft, integrations) | Until revoked by the user or the integration is disconnected |
| Billing, invoicing, and tax records | 7 years from the date of the transaction |
| Support tickets and correspondence | 3 years from last interaction |
| Marketing contact information | Until consent is withdrawn or 24 months of inactivity, whichever is earlier |
| Website analytics and cookie data | Up to 14 months, or as set in the cookie banner |
| Security, audit, and access logs | 12 months (longer where required for incident investigation or legal obligation) |
When personal information is no longer needed, we delete, anonymize, or securely retain and isolate it until deletion is possible. Backup copies may persist for a limited period before deletion according to our backup lifecycle.
We maintain technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, and destruction. These measures may include:
Encryption in transit;
Encryption at rest where appropriate;
Role-based access controls;
Multi-factor authentication for internal access where appropriate;
Least-privilege access;
Logging and monitoring;
Vulnerability management;
Secure software development practices;
Vendor security review;
Employee confidentiality obligations;
Privacy and security training;
Incident response procedures;
Logical separation of customer environments where appropriate.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect personal information using reasonable and appropriate safeguards. You are responsible for maintaining the confidentiality of your credentials and promptly notifying us of suspected unauthorized access.
If we become aware of a security incident affecting personal information, we will investigate, take appropriate steps to mitigate the incident, document the incident as required, and notify affected customers, individuals, regulators, or other parties where required by applicable law or contractual obligations.
Where we process Customer Data as a processor, we will notify affected customers in accordance with the applicable DPA or customer agreement.
The Services are intended for business and professional users and are not directed to individuals under 18. We do not knowingly collect personal information from individuals under 18, and in particular we do not knowingly collect personal information from children under 13 within the meaning of the U.S. Children’s Online Privacy Protection Act (COPPA). By using the Services, you represent that you are at least 18 and are using the Services for business or professional purposes.
If we learn that we have collected personal information from an individual under 18, we will take reasonable steps to delete it. If you believe we have collected such information, contact [email protected].
Depending on your location and applicable law, you may have rights to:
Access personal information we hold about you;
Receive a copy of your personal information;
Correct inaccurate or incomplete information;
Request deletion of personal information;
Restrict or object to certain processing;
Withdraw consent where processing is based on consent;
Request portability of your personal information;
Opt out of marketing communications;
Opt out of certain targeted advertising, sale, sharing, or profiling activities where applicable;
Limit certain uses or disclosures of sensitive personal information where applicable;
Appeal a refusal to act on a request where applicable;
Lodge a complaint with a privacy regulator.
To exercise rights, contact [email protected]. We may need to verify your identity before responding. If your information is processed by Draft&Goal on behalf of a customer, we may direct your request to that customer or ask you to contact the customer directly.
If you are located in the EEA, United Kingdom, or Switzerland, you may have rights under applicable data protection law, including the right to access, rectify, erase, restrict, object, withdraw consent, and request data portability. You also have the right to lodge a complaint with your local data protection authority.
Our representative in the European Union under Article 27 of the GDPR is identified in Section 19.
If Quebec privacy law applies, you may have rights to:
Be informed of the purposes for which personal information is collected and used;
Access your personal information;
Request correction of inaccurate information;
Withdraw consent;
Request that certain personal information cease to be disseminated, or that hyperlinks be de-indexed or re-indexed, where applicable;
Receive computerized personal information in a structured, commonly used technological format, where applicable;
Be informed when a decision is based exclusively on automated processing, and request human review where applicable;
Lodge a complaint with the Commission d’accès à l’information du Québec.
Our Person in Charge of the Protection of Personal Information, Vincent Terrasi, can be contacted at [email protected].
Canadian residents may have rights to access and correct personal information, withdraw consent subject to legal or contractual limits, and challenge our compliance with applicable privacy laws. You may also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or an applicable provincial privacy regulator.
Depending on your U.S. state of residence, you may have rights to know or confirm whether we process your personal information, access personal information, correct inaccurate information, delete personal information, obtain a portable copy, opt out of targeted advertising, opt out of sale or sharing, opt out of certain profiling, limit certain uses or disclosures of sensitive personal information, and appeal a decision regarding your request.
We do not sell or share personal information for monetary or other valuable consideration, and we do not engage in “targeted advertising” or “cross-context behavioral advertising” as defined under U.S. state privacy laws. Where required, you may opt out through our cookie tools, Global Privacy Control where applicable, or by contacting [email protected].
We do not knowingly sell or share personal information of individuals under 18.
In the past 12 months, we have collected, disclosed for a business purpose, or shared the following categories of personal information:
| Category | Collected | Disclosed | Shared/Targeted Ads | Sold |
| Identifiers (name, business email, IP, account ID) | Yes | Yes | No | No |
| Commercial information (billing, transactions) | Yes | Yes | No | No |
| Internet/network activity (usage, cookies, logs) | Yes | Yes | No | No |
| Geolocation (approximate, derived from IP) | Yes | Yes | No | No |
| Professional / employment information | Yes | Yes | No | No |
| Audio / visual (uploaded media; support recordings) | Yes | Yes | No | No |
| Inferences (workflow analytics, usage profiles) | Yes | Yes | No | No |
| Sensitive personal information (account credentials; other SPI only if submitted as Customer Data) | Yes | Yes | No | No |
We do not offer financial incentives or differential pricing in exchange for personal information.
We send marketing communications only where permitted by applicable law, including Canada’s Anti-Spam Legislation, the GDPR and ePrivacy rules, and the CAN-SPAM Act.
Marketing emails include our identity and contact information and a functional unsubscribe mechanism. You may unsubscribe at any time using the link in our emails or by contacting [email protected]. Unsubscribing from marketing does not stop service-related, transactional, billing, security, legal, or administrative communications.
We may create aggregated, anonymized, or deidentified information from personal information or Customer Data. We may use this information for analytics, security, research, reporting, product improvement, and business purposes, provided it does not reasonably identify an individual or customer and subject to applicable law and contractual commitments.
We do not use Google user data or Customer Data to train public or general-purpose AI models.
We may update this Notice from time to time. The updated version will be indicated by an updated “Last updated” date. If we make material changes, we may notify you by posting a notice, sending a direct notification, requesting renewed consent where required, or taking other steps required by applicable law.
Prior versions may be made available upon request where required by law or appropriate.
For questions, concerns, or requests regarding this Notice or our privacy practices, contact us at:
Super Nova Research Inc.
Doing business as Draft&Goal
6795 rue Marconi, bureau 200
Montreal, Quebec H2S 3J9
Canada
Privacy Contact / Person in Charge of the Protection of Personal Information: Vincent Terrasi — [email protected]
EU Representative (Article 27 GDPR)
Pursuant to Article 27 of the EU General Data Protection Regulation, we have appointed the following representative in the European Union:
Super Nova Research Inc. — EU Representative
Station F, 5 Parvis Alan Turing
75013 Paris, France
Email: [email protected]
Useful links:
Subprocessor list: https://trustcenter.dng.ai
Data Processing Agreement: https://dng.ai/dpa
Cookie Notice: https://dng.ai/cookies
Terms of Service: https://dng.ai/terms
French version: https://dng.ai/confidentialite
To request access to, correction of, deletion of, or other action regarding your personal information, contact [email protected].
If your account is controlled by your organization, you may also need to contact your organization’s workspace administrator. We may refer requests relating to customer-controlled data to the relevant customer.
Our team is always available to answer your questions.
