Privacy Policy

1. Introduction

Welcome to Threado ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and use our services, and tell you about your privacy rights and how the law protects you.

2. Information We Collect

2.1 Information You Provide

We collect the following information that you provide directly to us:

• Account Information: Name, email address, and password when you create an account
• Profile Information: Any additional information you choose to add to your profile
• Payment Information: Payment card details and billing information (processed securely through Stripe)
• Communications: Information you provide when you contact us or communicate with our support team

2.2 Information Collected Automatically

When you use our services, we automatically collect:

• Usage Data: Information about how you use our website and services
• Device Information: Device type, operating system, browser type, and IP address
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity and hold certain information

2.3 Information from Third-Party Services

When you connect third-party services (like Threads):

• Threads Account Data: Username, profile information, and access tokens
• OAuth Data: Authentication tokens and permissions granted through OAuth
• Third-Party APIs: Data retrieved through authorized API calls

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and manage your subscriptions
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Communicate with you about products, services, offers, and events
• Monitor and analyze trends, usage, and activities in connection with our services
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Personalize and improve your experience
• Comply with legal obligations

4. How We Share Your Information

We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (e.g., Stripe for payments, database hosting)
• Legal Requirements: When required by law, subpoena, or other legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly consent to sharing your information
• Aggregated Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit and at rest
• Secure authentication using NextAuth.js
• Regular security assessments and updates
• Access controls and authentication requirements
• Secure payment processing through PCI-compliant providers (Stripe)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. When we no longer need your personal information, we will securely delete or anonymize it.

Specific retention periods:

• Account Data: Retained while your account is active and for a reasonable period after account deletion
• Transaction Records: Retained for accounting and legal compliance purposes (typically 7 years)
• Usage Logs: Retained for up to 90 days for security and analytics purposes

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request access to your personal data
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Object to Processing: Object to our processing of your personal data
• Restrict Processing: Request restriction of processing of your personal data
• Withdraw Consent: Withdraw your consent at any time where we rely on consent

To exercise any of these rights, please contact us at the email address provided below. You can also manage many aspects of your data through your account settings.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Remember your preferences and settings
• Keep you signed in
• Understand how you use our services
• Improve our services and user experience

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of our services.

9. Third-Party Services

Our service integrates with third-party services, including:

• Stripe: For payment processing (subject to Stripe's Privacy Policy)
• Meta/Threads: When you connect your Threads account (subject to Meta's Privacy Policy)
• Database Hosting: For secure data storage

These third-party services have their own privacy policies. We encourage you to review them to understand how they collect, use, and share your information.

10. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

11. Children's Privacy

Our services are not intended for children under the age of 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last Updated" date. We will also notify you via email or a prominent notice on our service for significant changes.

You are advised to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted on this page.

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us at:

14. GDPR Compliance (For EU Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.

Legal Basis for Processing:

• Consent: Where you have given explicit consent
• Contract: Where processing is necessary for a contract with you
• Legal Obligation: Where we need to comply with legal obligations
• Legitimate Interests: Where it is in our legitimate interests and not overridden by your rights

15. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and share
• The right to delete personal information we have collected from you
• The right to opt-out of the sale of your personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at privacy@threado.app.