1. Introduction
Welcome to Threadly ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.
If you have any questions or concerns about this policy or our practices with regard to your personal information, please contact us at threadlyemail@gmail.com.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you sign up, we collect your name, email address, and password.
- Email Credentials: Your Gmail app password or Microsoft OAuth tokens are encrypted using industry-standard encryption and stored securely in our database.
- Calendar Credentials: If you connect Google Calendar or Outlook Calendar, your OAuth tokens are encrypted and stored securely.
- Payment Information: Payment data is processed by Stripe. We never store your full credit card details.
- Draft Emails: Emails you compose or draft within Threadly are stored encrypted until sent or deleted.
- Feedback: Any feedback or support requests you submit through our platform.
2.2 Information We Collect Automatically
- Email Content: We access your Gmail or Microsoft/Outlook inbox to fetch email threads, generate summaries, and send emails on your behalf.
- Automatic Sync: We automatically sync your emails every 5 minutes in the background to keep your threads up-to-date.
- Extracted Data: We automatically extract tasks, decisions, and deadlines from your emails to help you stay organized.
- Attention Scoring: We calculate priority scores based on deadlines, sender patterns, and email content to surface important items.
- Usage Data: We collect information about how you interact with Threadly (e.g., which features you use, frequency of logins).
- Device Information: Browser type, IP address, operating system, and device identifiers.
- Cookies: We use session cookies to keep you logged in and to improve your experience.
3. How We Use Your Information
We use the information we collect to:
- Provide Our Service: Sync your emails, generate AI summaries, extract tasks and decisions, detect deadlines, and organize threads.
- Send Emails: Send emails on your behalf when you compose, reply, forward, or schedule messages through Threadly.
- Calendar Sync: Create calendar events for detected deadlines (if you connect a calendar).
- Priority Surfacing: Calculate attention scores to help you focus on what matters most.
- Notification Emails: Send you weekly digest summaries and daily urgent reminders about important threads (you can disable these in settings).
- Team Features: For business users, generate team digest reports showing shared thread activity (only shared threads, no private data).
- Improve Our Service: Analyze usage patterns to enhance features and user experience.
- Customer Support: Respond to your requests, questions, and feedback.
- Security: Detect and prevent fraud, abuse, or security incidents.
- Legal Compliance: Comply with applicable laws, regulations, and legal processes.
- Communications: Send you service updates, security alerts, and support messages (we will not send marketing emails without your consent).
4. How We Share Your Information
We do NOT sell your personal information. We may share information in the following limited circumstances:
- Service Providers: We use trusted third-party providers for hosting (Railway), AI processing (Google Gemini), and payments (Stripe). These providers are bound by confidentiality agreements.
- Legal Requirements: We may disclose information if required by law, court order, or legal process.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred (you will be notified beforehand).
- With Your Consent: We may share information with third parties if you explicitly consent.
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
- Encryption at Rest: Sensitive data (like Gmail app passwords and Microsoft OAuth tokens) is encrypted in our database using AES-256 encryption.
- Access Controls: Only authorized personnel have access to user data, and access is logged and monitored.
- Regular Security Audits: We perform regular security reviews and vulnerability assessments.
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services. If you close your account, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.
7. Your Rights (GDPR Compliance)
If you are located in the European Economic Area (EEA), you have the following rights:
- Access: Request a copy of your personal data.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data ("right to be forgotten").
- Data Portability: Request transfer of your data to another service.
- Objection: Object to processing of your data for certain purposes.
- Restriction: Request restriction of processing in certain circumstances.
- Withdraw Consent: Withdraw consent at any time (where processing is based on consent).
To exercise these rights, contact us at threadlyemail@gmail.com. We will respond within 30 days.
8. Third-Party Services & AI Processing
We use the following third-party services:
- Google Gmail API: To access your Gmail emails (read and send access). Your data is subject to Google's Privacy Policy.
- Microsoft Graph API: To access your Microsoft/Outlook emails (read and send access). Your data is subject to Microsoft's Privacy Policy.
- Stripe: For payment processing. Stripe's Privacy Policy applies.
- Railway: For hosting. Railway's Privacy Policy applies.
8.1 AI Processing Disclosure
Important: To provide AI-powered features such as email summarization, task extraction, and deadline detection, portions of your email content are processed by Google Gemini AI.
What data is sent to Gemini:
- Email subjects (full text)
- Email sender information
- Email body content (up to 6,000 tokens, approximately 4,500 words)
- Attached document text (PDFs and Word documents, if processed)
Google's data handling: According to Google's Gemini API terms, data sent for processing may be retained by Google for abuse detection purposes. Google's Generative AI Terms and Privacy Policy apply to this processing.
Your control: Email content stored in our database is encrypted at rest. However, to use AI features, content must be decrypted and sent to Gemini for processing. If you prefer not to have your email content processed by AI, please contact us to discuss alternatives.
8.2 Calendar Integration
If you connect Google Calendar or Microsoft Outlook Calendar to Threadly:
What we access:
- Permission to create, update, and delete calendar events
- We only manage events that Threadly creates
What data is synced to your calendar:
- Generic deadline labels (e.g., "Email Deadline")
- Due dates and times
- NO email content, subjects, or personal information is shared with your calendar
Data handling:
- Your calendar OAuth tokens are encrypted at rest using AES-256
- You can disconnect your calendar at any time from Account Settings
- Events we created will remain in your calendar after disconnection
Third-party policies: Google Calendar is subject to Google's Privacy Policy. Outlook Calendar is subject to Microsoft's Privacy Policy.
8.3 Decision and Task Extraction
Threadly automatically extracts decisions and tasks mentioned in your emails:
- Decisions: Commitments, agreements, and choices made in email conversations
- Tasks: Action items and to-dos assigned to you or others
- Deadlines: Due dates mentioned in email content
This extraction is performed by our AI system (Google Gemini) as described in Section 8.1. Extracted items are stored in our database and encrypted at rest.
Decision versioning: When decisions change or are superseded, we track the history to help you understand how conversations evolved. This is done using text comparison algorithms - no additional AI calls are made for change detection.
8.4 Automated Email Notifications
Threadly sends automated notification emails to help you stay on top of important communications:
- Weekly Digests: Sent every Monday at 8:00 AM with a summary of your thread activity, urgent items, and pending tasks from the previous week.
- Daily Reminders: Sent every day at 8:00 AM highlighting urgent threads that need your attention.
- Team Digests (Business plans): Sent to team leads every Monday at 9:00 AM with shared thread activity across your team.
What data is included: These emails contain summaries of your own email threads, extracted tasks, and deadlines. Team digests only include threads that are explicitly shared with the team—no private thread data is included.
Your control: You can disable these notifications at any time from your Account Settings. No AI calls are made when generating these notifications—they use only stored data.
8.5 Automatic Background Sync
To keep your email threads up-to-date, Threadly automatically syncs your connected email account in the background:
- Frequency: Every 5 minutes while your account is active
- Scope: Fetches new emails where you are the sender, recipient, or CC'd
- Data accessed: Email subjects, bodies, senders, recipients, and timestamps
Your control: You can disconnect your email provider at any time from Account Settings, which stops all automatic syncing.
8.6 Demo and Public Pages
Threadly provides a public demo page at /demo/ that allows visitors to explore the product interface without creating an account or connecting an email provider.
What the demo page does NOT do:
- Does not access, read, or process any real email data
- Does not require authentication or account creation to view
- Does not make any AI processing calls
- Does not store any personal information
What the demo page uses:
- Entirely fictional, hardcoded sample data (names, email subjects, and content are not real)
- Standard analytics cookies (if you consent via our cookie banner)
- Session cookies for basic site functionality
We also provide informational SEO pages (e.g., feature descriptions, use-case guides) that do not collect personal data beyond standard analytics.
9. Cookies Policy
We use essential cookies to maintain your session and provide core functionality. We also use Google Analytics on our public pages (landing page, demo, and informational pages) to understand visitor traffic — these analytics cookies are only loaded after you provide consent via our GDPR-compliant cookie banner. We do not use advertising or retargeting cookies. You can disable cookies in your browser settings, but this may affect your ability to use Threadly.
10. Children's Privacy
Threadly is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice in the app. Your continued use of Threadly after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us: