Draftpile is designed for private material collection. This page explains the controls we use to protect owner workspaces, contributor links, and uploaded materials.
Owner workspaces are protected by account authentication. Contributor pages are account-less by design, but each contributor receives a private link and must pass the invited-email gate before submitting materials.
Room slugs and workspace slugs are not authorization. Server-side checks decide access.
Draftpile keeps workspace data isolated so one workspace cannot read or change another workspace’s rooms, contributors, files, or exports.
Production data access is enforced on the server and backed by database row-level security.
Uploaded files are stored in private storage and served through short-lived signed links. We validate file type and size before accepting materials.
Original filenames are kept as metadata; storage paths are generated by the system.
Draftpile supports owner sign-in with email and Google. Auth redirects are restricted to Draftpile-owned routes and domains.
External contributors do not need accounts, which keeps the collection flow simple while limiting what each link can access.
We monitor errors, abuse patterns, and important security events so we can investigate issues quickly.
If you believe you’ve found a vulnerability, contact us through the contact page with enough detail for us to reproduce it.
Draftpile applies rate limits and plan limits to sensitive actions such as uploads, exports, emails, and AI-assisted features.
These limits help protect customer data and keep the service reliable.