Drafty

Security

Your inbox. Your data. Locked down.

Built for the trust standard Australian brokers are held to.

Inbox guardian

We never send without you

Drafty drafts every reply, but nothing leaves your inbox without your approval. You stay the broker on record, always.

Sovereign data

Your client files stay in Sydney

Every email, statement and lender note is processed and stored in Australian data centres. No offshore hops, no cross-border processing, APP-aligned by default.

Private by design

Your sent folder isn't AI training data

Drafty learns your voice privately for you alone. We never use broker or client emails to train OpenAI, Anthropic, or any third-party model. What's yours stays yours.

Broker-grade

Security standards built for compliance.

Full audit trail

Every draft, approval and send is logged with timestamps. Know exactly who approved what and when, audit-ready by default.

Role-based access

Admins, brokers and support staff each see only what they need. Permission scopes keep client data need-to-know.

Instant deletion

Disconnect your inbox and your data is permanently wiped within 24 hours. No retention games, no hidden copies.

Scoped OAuth tokens

We use narrow, revocable tokens to read your mail. You control access from your Google or Microsoft account at any time.

24-hour breach response

If an incident ever occurs, our protocol guarantees notification and remediation within 24 hours, no fine print.

APP & NCCP aligned

Built around the Australian Privacy Principles and National Consumer Credit Protection obligations brokers already follow.

Frequently asked questions

Is Drafty secure?

Yes. Drafty is hosted in Australian data centres, encrypts everything in transit (TLS 1.3) and at rest (AES-256), and operates read-only by default, nothing is ever sent without your explicit approval.

Where is my client data stored?

All broker and client data, emails, statements, lender notes and drafts, lives in Sydney-based data centres. No offshore processing, no cross-border hops.

Does Drafty use my emails to train AI models?

Never. Drafty learns your tone privately for you alone. We do not use broker or client emails to train OpenAI, Anthropic, or any third-party model.

Will Drafty ever send an email on my behalf without approval?

No. Drafty drafts replies, follow-ups and document chases into your inbox, you remain the broker on record and one-click approve before anything leaves.

Is Drafty aligned with Australian broker compliance?

Yes. Drafty is built around the Australian Privacy Principles and respects FHBG, LMI thresholds and standard disclosure requirements expected of MFAA and FBAA members.

Who can access my inbox inside Drafty?

Only you. Drafty uses least-privilege access controls, scoped OAuth tokens you can revoke any time, and staff have no access to your inbox contents.

Can I delete my data?

Yes, at any time. Disconnect your inbox from settings and your data and learned voice profile are permanently deleted from our systems.

Is Drafty suitable for brokerages and aggregator groups?

Yes. Drafty supports multi-broker setups with per-user voice models, role-based access, and centralised billing for brokerages and aggregator groups.