Privacy Policy

We collect information that you provide directly, that we obtain when you use ThreadMind, and that we receive from third-party services you connect. Categories include:

• Account and profile information: email address, name, password (hashed), and any other details you provide when creating or updating an account.
• Device and technical information: browser type and version, operating system, device identifiers, IP address, and similar technical data necessary to operate the product and prevent abuse.
• Usage and analytics data: feature usage, session duration, errors, and aggregated metrics to improve the product and understand how it is used.
• Page content and selections: text and other content from web pages that you explicitly select or that the product processes when you enable features (e.g., analysis, summarization), only to the extent necessary to provide those features.
• Email and message content: when you connect an email or messaging service (e.g., via OAuth), we may process message headers, body content, and attachments only as needed to provide the features you use (e.g., summaries, drafts).
• Memory and connection data: connections, notes, and other memory-like data you create or that the product generates to power recall and insights.
• Watcher and alert data: URLs, conditions, schedules, and notification preferences you set for watcher/alert features.
• Logs and support data: diagnostic logs, support communications, and other information you provide when contacting us.
• Cookies and similar technologies: we use cookies, local storage, and similar technologies for authentication, preferences, and security as described in this policy.

We do not collect more information than is reasonably necessary for the purposes described in this policy.

We use the information we collect to:

• Provide, operate, maintain, and improve ThreadMind and related services.
• Process page content, email, and other data you authorize to deliver analysis, summaries, memory, watchers, and other product features.
• Authenticate you and manage your account, including password reset and account recovery.
• Send you transactional messages (e.g., confirmations, security alerts) and, where you have opted in, marketing or product updates (you may opt out at any time).
• Detect, prevent, and address fraud, abuse, security issues, and technical problems.
• Comply with applicable law, regulations, legal process, or enforceable governmental requests.
• Enforce our Terms of Service and other agreements.
• Conduct research and analytics in aggregated or de-identified form to improve our product and services.

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes. We may share data as described in the "Who Can See Your Data" section below.

When you use ThreadMind in your browser (including via browser extension or integrated features), we may process content from web pages in the following circumstances:

• When you explicitly select text or other content and request analysis, summarization, or another feature that requires that content.
• When you enable features that require access to page content to function (e.g., automatic summarization, connection detection). In those cases, we process only what is necessary for the feature and in accordance with your settings and permissions.

We do not continuously or indiscriminately read all page content. Processing is limited to the scope of the features you enable and the actions you take. We handle all such data in accordance with this policy and do not use it for advertising or for purposes unrelated to providing the product.

If you connect an email or messaging account (e.g., via OAuth or similar authorization), we access and process messages only to provide the features you use, such as:

• Summarizing emails or threads.
• Drafting or suggesting replies.
• Detecting connections between messages and other content (e.g., pages you view).
• Storing or indexing information you explicitly ask us to remember.

We process only the messages and metadata necessary for these features. We do not use your email or messages for advertising. You can disconnect your email or messaging account at any time through the product or your account settings; disconnection will stop new processing, and we will handle previously processed data in accordance with our retention and deletion practices.

ThreadMind may store "memory" and connection data—such as links between content, notes you create, and insights the product generates—to power features like recall, recommendations, and cross-context analysis. This data is stored in association with your account and is used only to provide and improve the product for you.

You can view, manage, and delete memory and connection data through the product where we make such controls available. Deletion may take a short time to propagate. We may also retain backup or anonymized data as permitted by law and our retention policy.

When you use watcher or alert features, we store the data necessary to run them, including:

• URLs or other targets you choose to watch.
• Conditions, thresholds, and schedules you set.
• Notification preferences (e.g., email, in-product).

We use this data solely to operate the watcher feature (e.g., checking conditions, sending alerts). We do not use watcher data for unrelated purposes such as advertising or building profiles for third parties. You can delete watchers at any time; we will delete the associated data in accordance with our retention and deletion practices.

We use third-party services to operate ThreadMind. In particular, we use Anthropic's API and related services to power certain AI features (e.g., summarization, analysis, suggested replies). When you use those features:

• Content necessary for the feature (e.g., selected text, message content) may be sent to Anthropic for processing. Such processing is governed by Anthropic's privacy policy and our agreements with Anthropic, including data processing terms where applicable.
• We do not allow Anthropic to use your data to train their general models or for their own purposes beyond providing the API service to us.
• We may use other subprocessors for infrastructure, analytics, support, or other operational needs. We require them to protect your data and use it only as we instruct. A list of key subprocessors can be provided on request.

By using ThreadMind, you acknowledge that your data may be processed by these third-party services as described. If you do not wish for your content to be processed by third-party AI providers, you should not use the features that rely on them.

We retain your data only for as long as necessary to provide the product, fulfill the purposes described in this policy, and comply with legal, regulatory, or contractual obligations.

• Account data: retained while your account is active and for a reasonable period after closure to allow recovery and to comply with law.
• Page and email content: we do not retain raw page content or full email bodies longer than needed to complete the specific feature (e.g., a single request). Derived data (e.g., summaries, memory) may be retained as described for memory and account data.
• Memory and watcher data: retained until you delete it or close your account, plus any backup or legal hold period.
• Logs and diagnostics: typically retained for a limited period (e.g., 90 days to one year) for security and operations, unless a longer period is required by law.

You may request deletion of your personal data by contacting us or using in-product controls where available. We will honor such requests in accordance with applicable law (including GDPR and CCPA). We may retain certain data where required by law, for legitimate business purposes (e.g., dispute resolution), or in anonymized or aggregated form. Deletion may take up to 30 days to fully process, and backup copies may persist for a limited additional period.

We implement technical and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit (e.g., TLS) and at rest where appropriate.
• Access controls and authentication to limit access to personal data to those who need it.
• Regular review of our practices and systems and updates to address emerging risks.
• Contractual and technical safeguards with third-party processors.

No method of transmission or storage is completely secure. We cannot guarantee absolute security but are committed to handling your data responsibly. If we become aware of a breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant regulators as required by applicable law.

Access to your data is limited as follows:

• ThreadMind: our personnel may access your data only as necessary to operate the product, provide support, and comply with law. Access is subject to internal policies and confidentiality obligations.
• Service providers: we use vendors (e.g., hosting, AI APIs, analytics) who process data on our behalf. They are contractually required to protect your data and use it only as we instruct.
• Legal and safety: we may disclose data if required by law, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect or prevent fraud or abuse.
• Business transfers: if we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

We do not knowingly request or require you to provide specially protected categories of data (e.g., health, financial, or other sensitive data as defined by law). If you choose to process such content through ThreadMind (e.g., in emails or selected text), we treat it in accordance with this policy and our technical and organizational measures. You are solely responsible for ensuring that your use of ThreadMind with such content complies with all applicable laws and any agreements you have (e.g., with employers, clients, or data subjects). We do not use sensitive content for marketing or for purposes unrelated to providing the product.

If you are subject to sector-specific regulations (e.g., HIPAA, financial services rules), you should not use ThreadMind with regulated data unless you have determined that our product and agreements meet your compliance requirements. We do not represent that ThreadMind is HIPAA-compliant or suitable for all regulated uses.

ThreadMind is not intended for use by children under 13 (or the applicable age of consent in your jurisdiction, if higher). We do not knowingly collect personal information from children under that age. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us and we will take steps to delete that information. If we learn that we have collected personal information from a child in violation of applicable law, we will delete it promptly.

Depending on your location, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data, subject to certain exceptions.
• Restriction: request that we limit processing in certain circumstances.
• Portability: request a copy of your data in a structured, machine-readable format where applicable.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time.
• Complaint: lodge a complaint with a supervisory authority in your jurisdiction.

If you are a California resident, you may also have the right to know what personal information we collect and how we use it, to delete your personal information, to opt out of the "sale" or "sharing" of your information (we do not sell or share for cross-context behavioral advertising as defined under CCPA), and to non-discrimination for exercising your rights. We do not sell the personal information of any user.

To exercise any of these rights, contact us using the details in the "Contact" section. We will respond within the time required by applicable law (e.g., 30 days under CCPA; one month under GDPR, extendable where permitted). We may need to verify your identity before processing your request.

We may update this privacy policy from time to time to reflect changes in our practices, the product, or the law. We will post the updated policy on this page and change the "Last updated" date. For material changes that affect how we use your personal information, we will provide additional notice (e.g., by email or in-product notification) where required by law or where we deem it appropriate.

Your continued use of ThreadMind after the effective date of the updated policy constitutes acceptance of the updated policy. If you do not agree, you must stop using the product and may close your account. We encourage you to review this policy periodically.

For privacy-related questions, to exercise your rights, or to report a concern, contact us at:

ThreadMind
Email: privacy@threadmind.co (or the contact email listed on our website)
Address: [Insert your business address]

If you are in the European Economic Area or UK and have a concern we have not addressed, you may lodge a complaint with your local data protection supervisory authority.