Privacy Policy

Effective March 28, 2026

Thredz (“we,” “us,” or “our”) is operated by Agyeman Enterprises LLC. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Thredz application and related services at thredz.io (the “Service”). We believe your thoughts belong to you, and we handle your data accordingly.

1. Information We Collect

1.1 Voice Recordings & Transcripts

Thredz is a voice-first application. When you capture a thought, we temporarily process your voice recording to generate a text transcript. Voice audio is streamed for transcription and is not stored permanently on our servers after transcription is complete. The resulting text transcript is stored in your workspace.

1.2 Thought Classifications

After transcription, your text is analyzed by AI to classify the type of thought (e.g., idea, task, reminder, reflection). These classification labels and any associated metadata are stored alongside your transcript in your workspace.

1.3 Account Information

When you create an account, we collect:

• Email address
• Display name
• Workspace membership and role information
• Authentication credentials (managed via secure token-based auth)

1.4 Device & Usage Information

We automatically collect certain technical information, including:

• Device type, operating system, and browser version
• IP address (used for security and approximate geolocation)
• Feature usage patterns (which features you use, how often you capture thoughts)
• App performance data (load times, errors)

2. How We Process Your Data with AI

Thredz uses third-party AI services to power core features. You should understand how your data flows through these services:

• Deepgram receives your voice audio stream to produce text transcriptions. Audio is processed in real-time and is not retained by Deepgram after transcription per our data processing agreement.
• Anthropic (Claude) receives your transcript text to classify thought types and extract actionable items. Text is sent via API and is not used by Anthropic to train their models per our API terms.

We select AI providers that offer data processing agreements prohibiting the use of your content for model training. However, data does leave our servers and is processed by these third parties during active use of the Service.

3. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Supabase infrastructure, with servers located on Hetzner data centers in the EU. We implement the following security measures:

• All data is encrypted at rest using AES-256 encryption
• All data in transit is protected via TLS 1.3
• Row-level security policies ensure users can only access data within their own workspaces
• Authentication tokens are short-lived and securely rotated
• We conduct regular security reviews of our infrastructure

4. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Transcribe and classify your voice captures
• Manage your account, workspace, and subscription
• Send transactional emails (account verification, billing receipts, critical security notices)
• Diagnose technical issues and monitor service reliability
• Enforce our Terms of Service and protect against fraud or abuse

We do not sell your personal data. We do not use your thought content for advertising. We do not share your transcripts or classifications with third parties except as described in Section 2 above.

5. Your Rights

You have the following rights regarding your data:

• Access: You can view all your captured thoughts, transcripts, and classifications at any time within the app.
• Export: You can export your entire workspace data in a standard format (JSON) from your account settings.
• Deletion: You can delete individual captures at any time. You can also request complete account and data deletion by contacting us at contact@thredz.io. We will process deletion requests within 30 days.
• Correction: You can edit your transcripts and profile information directly within the app.
• Portability: Your exported data is provided in a machine-readable format that you can take to any other service.

6. Cookies & Local Storage

Thredz uses a minimal cookie and local storage approach:

• Authentication session cookie: A secure, HTTP-only cookie that keeps you logged in. This is essential for the Service to function and cannot be disabled.
• Local storage: We store offline capture data and app preferences in your browser’s local storage to enable the PWA experience.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in ad networks or cross-site tracking.

7. Children’s Privacy

Thredz supports family workspaces where children under 13 may use the Service. Important details about children’s use:

• Children under 13 cannot create their own accounts. A parent or legal guardian must be the workspace administrator.
• Child profiles are created by the workspace admin and do not have independent authentication credentials.
• The workspace admin controls all data associated with child profiles, including the ability to view, export, and delete it.
• We do not knowingly collect personal information from children under 13 without parental consent through the workspace admin mechanism.
• If you believe a child under 13 has provided us personal information without proper parental consent, contact us immediately at contact@thredz.io and we will delete the information.

8. Data Retention & Deletion

• Active accounts: Your data is retained for as long as your account is active and your subscription is in good standing.
• Cancelled subscriptions: If you cancel a paid plan, your data is retained for 90 days in case you decide to resubscribe. After 90 days, data on inactive free-tier accounts may be deleted.
• Account deletion: When you request account deletion, we permanently remove all your personal data, transcripts, and classifications within 30 days. Anonymized, aggregated usage statistics (which cannot identify you) may be retained.
• Backups: Data may persist in encrypted backups for up to 30 additional days after deletion, after which backups are cycled out.

9. International Data Transfers

Our primary database infrastructure is hosted in the EU (Hetzner, Germany). AI processing services (Deepgram, Anthropic) are based in the United States. By using the Service, you acknowledge that your voice data and transcripts may be transferred to and processed in the United States for transcription and classification purposes. We rely on standard contractual clauses and data processing agreements to protect data transferred internationally.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice within the app at least 14 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Agyeman Enterprises LLC
Email: contact@thredz.io
Web: thredz.io/landing/contact.html