ThreadPilot
LoginStart Free

Privacy Policy

Last updated: December 2025

1. Introduction

ThreadPilot ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Profile information from OAuth providers (Google)

Connected Services Data

When you connect third-party services, we may access:

  • Email messages and metadata (Gmail)
  • Calendar events (Google Calendar)
  • Payment information processed through Stripe
  • Contact information you import or create

Usage Information

We automatically collect information about how you interact with our Service, including device information, IP address, browser type, and usage patterns.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send administrative notifications and updates
  • Respond to your comments and questions
  • Provide AI-assisted features such as content suggestions
  • Monitor and analyze usage trends
  • Detect, prevent, and address technical issues

4. Data Security

We implement enterprise-grade security measures to protect your data:

  • Encryption in transit (TLS/SSL) and at rest
  • Official OAuth integrations with Google and other providers
  • PCI-compliant payment processing through Stripe
  • Regular security audits and monitoring
  • Row-level security in our database

What We Do NOT Store

To minimize PII exposure and protect your privacy, we do not permanently store:

  • Email message content - Your email bodies remain with Gmail and are fetched securely on-demand when you view them
  • SMS message content - Message content is fetched from your provider when needed
  • Full financial transaction details - Sensitive transaction data remains with Stripe and is retrieved on-demand

We store only metadata references (such as message IDs, dates, and sender information) necessary to provide the Service.

Application-Level Encryption

Data that must be stored is protected with application-level encryption:

  • Contact information - Names, emails, phone numbers, and notes are encrypted using AES-256-GCM before storage
  • OAuth tokens - All access tokens and refresh tokens for connected services are encrypted
  • Transaction descriptions - Financial transaction descriptions are encrypted at rest

Each user has a unique encryption key, ensuring that even in the unlikely event of a data breach, your sensitive information remains protected and unreadable without the corresponding decryption keys stored separately in secure key management infrastructure.

5. Data Sharing

We do not sell your personal information. We may share your data with:

  • Service providers who assist in operating our Service (hosting, analytics, payment processing)
  • Third-party integrations you authorize (Google, Stripe)
  • Legal authorities when required by law or to protect our rights

6. Third-Party Services

Our Service integrates with third-party services. Your interactions with these services are governed by their respective privacy policies. We encourage you to review the privacy policies of Google, Stripe, and any other services you connect.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You may request deletion of your data at any time by contacting us. Some information may be retained as required by law or for legitimate business purposes.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access and receive a copy of your personal data
  • Rectify inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

9. Cookies and Tracking

We use cookies and similar technologies to maintain sessions, remember preferences, and understand how you use our Service. You can control cookie settings through your browser.

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@threadpilot.app