All apps

Is Drata safe with your data?

C
Drata icon

Drata

Drata, Inc.

53/100

Partial disclosure · high confidence

Drata earns a C (53/100) because it discloses its data practices only in part.

Dealbreaker flag

  • D1.4: all rights, title and interest in and to the Services and all hardware, Software and other components of or used to provide the Services...will remain with Drata and belong exclusively to Drata

#85

of 211 apps ranked

53

score · Security & compliance avg 50

+3

vs category average

Grade scaleA · 70–100B · 60–69C · 48–59D · 35–47F · 0–34

Drata does not train on customer data but retains broad IP rights in outputs; deletion rights lack concrete timelines and mandatory safeguards are boilerplate.

What Drata's privacy policy and terms of service say about your data

AI training restriction

Drata does not use Customer Data to train or fine-tune artificial intelligence or machine learning models and does not permit third-party inference providers to do so (Section 2.4.3)

Output ownership adverse

All rights, title and interest in outputs and services remain with Drata exclusively; user receives no IP ownership (Section 10.1)

Deletion timeline missing

Deletion requests are subject to exceptions with no concrete timeline; data retained as long as necessary for purposes (Privacy Notice Section 6)

Security language generic

Safeguards described as appropriate administrative, physical, and technical measures but with no named controls (TLS/AES-256/RBAC) (Section 6.3)

What the policy is silent or vague on

  • Not stated: a way to opt out of training
  • Not stated: whether training use differs by plan
  • Not stated: your ownership of generated outputs
  • Not stated: a right to delete your data

Drata privacy rating

Training-data use1 of 4 disclosed
Keeps user inputs out of model training, or makes training opt-inDisclosed
Names a way to opt out of or into trainingSilent
Says whether training use differs by plan or tierSilent
Lets the user keep ownership of generated outputsAdverse
Data-subject rights3 of 5 disclosed
Grants a right to access your dataDisclosed
Grants a right to delete your dataSilent
Offers data portability in a usable formatSilent
Grants a right to correct your dataDisclosed
Grants a way to object to or opt out of processingDisclosed
Retention and deletion0 of 4 disclosed
States a retention period for your dataPartial
States a deletion timeline after closure or requestSilent
Sets a shorter retention for AI conversation logsSilent
Commits to collecting only the data it needsSilent
Third-party sharing3 of 5 disclosed
Lists the categories of third parties it shares withDisclosed
References a sub-processor list or data processing agreementDisclosed
Does not sell or share data for advertising, or offers opt-outPartial
Names a safeguard for international data transfersDisclosed
States a standard for government and law-enforcement accessPartial
Transparency3 of 4 disclosed
Discloses that you are interacting with AIDisclosed
Marks AI-generated or synthetic outputNot applicable
Enumerates the categories of data it collectsDisclosed
Maps processing purposes to legal basesPartial
Is versioned and dated, with change noticeDisclosed
Sensitive data and children1 of 3 disclosed
Discloses automated decisions and a human-review pathDisclosed
Limits the use of special-category dataPartial
Governs biometric data specificallyNot applicable
States protections for children's dataPartial
Security and accountability2 of 3 disclosed
Describes its security safeguardsPartial
Commits to breach notificationDisclosed
Names a certification or a privacy contactDisclosed
DisclosedPartialSilentAdverseNot applicable

Details

Category
Security & compliance
Modalities
text
Processes biometrics
No
Policy last updated
2026-06-02
Region scored
Global / US-default
Last assessed
2026-07-08

Documents examined

Other security & compliance apps

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.

Is Drata safe with your data? Grade C | AI App Trust & Transparency Index