Privacy Policy

1. Introduction

Welcome to Threadly ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

If you have any questions or concerns about this policy or our practices with regard to your personal information, please contact us at threadlyemail@gmail.com.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you sign up, we collect your name, email address, and password.
• Email Credentials: Your Gmail app password or Microsoft OAuth tokens are encrypted using industry-standard encryption and stored securely in our database.
• Payment Information: Payment data is processed by Stripe. We never store your full credit card details.
• Feedback: Any feedback or support requests you submit through our platform.

2.2 Information We Collect Automatically

• Email Content: We access your Gmail or Microsoft/Outlook inbox to fetch email threads and generate summaries.
• Usage Data: We collect information about how you interact with Threadly (e.g., which features you use, frequency of logins).
• Device Information: Browser type, IP address, operating system, and device identifiers.
• Cookies: We use session cookies to keep you logged in and to improve your experience.

3. How We Use Your Information

We use the information we collect to:

• Provide Our Service: Sync your emails, generate AI summaries, extract tasks, and organize threads.
• Improve Our Service: Analyze usage patterns to enhance features and user experience.
• Customer Support: Respond to your requests, questions, and feedback.
• Security: Detect and prevent fraud, abuse, or security incidents.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.
• Communications: Send you service updates, security alerts, and support messages (we will not send marketing emails without your consent).

4. How We Share Your Information

We do NOT sell your personal information. We may share information in the following limited circumstances:

• Service Providers: We use trusted third-party providers for hosting (Railway), AI processing (Google Gemini), and payments (Stripe). These providers are bound by confidentiality agreements.
• Legal Requirements: We may disclose information if required by law, court order, or legal process.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred (you will be notified beforehand).
• With Your Consent: We may share information with third parties if you explicitly consent.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
• Encryption at Rest: Sensitive data (like Gmail app passwords and Microsoft OAuth tokens) is encrypted in our database using AES-256 encryption.
• Access Controls: Only authorized personnel have access to user data, and access is logged and monitored.
• Regular Security Audits: We perform regular security reviews and vulnerability assessments.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. If you close your account, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Your Rights (GDPR Compliance)

If you are located in the European Economic Area (EEA), you have the following rights:

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data ("right to be forgotten").
• Data Portability: Request transfer of your data to another service.
• Objection: Object to processing of your data for certain purposes.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent).

To exercise these rights, contact us at threadlyemail@gmail.com. We will respond within 30 days.

8. Third-Party Services

We use the following third-party services:

• Google Gmail API: To access your Gmail emails (read and send access). Your data is subject to Google's Privacy Policy.
• Microsoft Graph API: To access your Microsoft/Outlook emails (read and send access). Your data is subject to Microsoft's Privacy Policy.
• Google Gemini AI: To generate email summaries. Email content is sent to Gemini for processing but is not stored by Google.
• Stripe: For payment processing. Stripe's Privacy Policy applies.
• Railway: For hosting. Railway's Privacy Policy applies.

9. Cookies Policy

We use essential cookies to maintain your session and provide core functionality. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, but this may affect your ability to use Threadly.

10. Children's Privacy

Threadly is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice in the app. Your continued use of Threadly after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: threadlyemail@gmail.com
• Support: threadlyemail@gmail.com