Privacy Policy

Last updated: July 21, 2025.

Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing functionality of Drawpile and this website.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

Responsible

Drawpile gemeinnützige UG (haftungsbeschränkt)
Adolfstraße 1
65185 Wiesbaden
Germany

General Manager: Carsten Hartenfels
E-Mail: privacy@drawpile.org

Scope of this policy

This privacy policy only pertains to the drawpile.net websites: drawpile.net, docs.drawpile.net, pub.drawpile.net, web.drawpile.net. For community servers or other external servers, refer to their policies instead.

Types of processed data

  • Contact data (e.g. your E-Mail address, if you want to use an account on this website)
  • Content data (e.g. the things you enter into this website)
  • Usage data (e.g. response times, performance)
  • Communication data (e.g. device information, IP addresses, server logs)

Drawpile the software only transmits communication data necessary to function, such as application version, device information or IP addresses, or data you voluntarily enter into it, such as usernames or chat messages. It may check for updates and news from drawpile.net, which can be configured in the preferences. It will connect to external servers and sessions only if you tell it to do so.

External services

Some static files are provided through Cloudflare. Please refer to Cloudflare's Privacy Policy (external link) for more information.

Application downloads are provided through GitHub and the documentation pages under docs.drawpile.net are provided through GitHub Pages. Please refer to GitHub's Privacy Policy (external link) for more information.

The drawpile.net website provides a space for artist communities to list their servers. No data is given to them unless you provide it or visit their sites or servers. Refer to their policies when using them.

The pub.drawpile.net server allows artists to host drawing sessions and list sessions from their servers to be found publicly. No data is given to them unless you connect to them. Refer to their policies when using them.

External servers may use drawpile.net accounts for authentication. Only necessary data is shared with them: the username you enter, the associated avatar (if any) and an account number. Other account data - such as your e-mail address, your password or other usernames you may have associated with the account - are not shared.

We don't share any personal data with Cloudflare, Github, Microsoft, community servers, hosted sessions, listed sessions or anyone else. They only receive information that you give to them or that your web browser or the Drawpile application provides them during use.

Cookies

Cookies are small pieces of information stored in your web browser when you visit websites. This website uses only cookies necessary for its functionality, specifically:

  • A login and username cookie when you log into your account on this website.
  • A security cookie to prevent cross-site request forgery attacks.

There's no third-party, tracking or advertising cookies here.

Cloudflare and GitHub may use their own cookies, refer to their privacy policies linked above. They will request consent on their side for those cookies if necessary.

Purpose of processing

  • Provide functionality, such as letting you draw together with others online or letting you create an account.
  • Problem tracing, such as looking through server logs to find where errors occurred.
  • Security measures, such as abuse prevention.

Duration of storage

Data is stored to the extent necessary to fulfill its purpose or legal obligations. It is deleted thereafter.

Minors

This site and services are all directed at people 16 years or older. If you are under the age of 16, per the GDPR, do not use this site or its services without supervision of a legal guardian.

Rights of users and data subjects

Users and data subjects have the right:

  • to confirm whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR),
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 No. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 No. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 No. 1 lit. f) GDPR.