Privacy Policy

1. Introduction

thredly Ltd ("thredly", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered conversation summarisation service at thredly.io (the "Service") and the thredly Chrome Extension.

We are registered in London, United Kingdom, and operate under UK law. This policy complies with the UK General Data Protection Regulation (UK GDPR), EU GDPR, and California Consumer Privacy Act (CCPA) where applicable.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you use the Service:

• Account information: Email address, hashed account credentials
• Usage data: Number of summaries generated, credits consumed, subscription tier
• Payment information: Processed securely by Stripe (we do not store card details)

2.2 Content You Provide

Input text: The conversation threads you paste or select for summarisation are processed in real-time and are never stored on our servers. Input text is transmitted directly to our AI provider (Google Gemini API) for processing and immediately discarded.

Generated summaries: Summary outputs are stored temporarily and automatically deleted 72 hours after creation, unless you delete them earlier.

2.3 Technical Information

We collect basic technical data to ensure the service functions correctly:

• IP address (security and fraud prevention)
• Browser type and version
• Device information
• Session data and timestamps

2.4 Information We Do NOT Collect

We do not use:

• Cookies
• Analytics trackers
• Behavioural tracking
• Third-party marketing pixels

We do not collect:

• Browsing history
• Search history
• General page activity

Only the minimum data required for service functionality is collected.

2.5 Browser Extension Data Handling

• The thredly browser extension only interacts with content when the user explicitly activates it.
• The extension does not collect, store, or transmit personal information automatically.
• The extension does not access browsing history, cookies, login information, analytics data, or background activity.
• The extension only processes text locally until you choose to generate a summary.
• When you click "Summarise," only the selected text is securely transmitted to our API for the sole purpose of generating a summary.
• No other webpage data is collected or transmitted at any time.

This behaviour meets Chrome Web Store data handling requirements.

3. How We Use Your Information

We use your information strictly to:

• Provide and maintain the summarisation service
• Process subscriptions and billing
• Send transactional emails (summary completed, billing notices)
• Improve reliability and prevent abuse
• Comply with legal obligations

We do not use your data for marketing or advertising.

4. Third-Party Service Providers

We share information only with the following providers, under strict data processing agreements:

• Supabase: Authentication, database, file storage
• Stripe: Secure payment processing (PCI DSS compliant)
• Resend: Transactional email delivery
• Google Gemini API: AI summarisation processing (data not retained for training)
• Vercel: Frontend hosting and CDN
• Lovable.dev: Build and deployment infrastructure

Each provider processes your data only as instructed and must protect it according to GDPR/CCPA standards.

5. Data Retention and Deletion

• Generated summaries: Deleted automatically after 72 hours
• Input text: Never stored
• Account data: Retained until you request deletion
• Billing records: Retained for 7 years for tax compliance

You may delete your account and all associated data at any time.

6. Data Security

We implement industry-standard protections, including:

• TLS 1.3 encryption for data in transit
• Encryption at rest for all stored data
• Strict access controls
• Regular security audits
• SOC 2–compliant infrastructure providers

While we strive to protect your data, no internet transmission is 100% secure.

7. Your Rights (GDPR & CCPA)

7.1 Rights for EU/UK Users (GDPR)

You have the right to:

• Access your data
• Correct inaccurate information
• Request deletion ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

7.2 Rights for California Users (CCPA)

You have the right to:

• Know what data is collected
• Request deletion
• Opt out of data sale (we do not sell data)
• Equal service regardless of exercising rights

7.3 Exercising Your Rights

To exercise your rights, contact: hello@thredly.io

We respond within 30 days (GDPR) or 45 days (CCPA).

8. International Data Transfers

Your data may be transferred outside the UK/EU, including to the United States. We ensure adequate safeguards through:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements
• Compliance with UK GDPR transfer requirements

9. Children's Privacy

The Service is not intended for users under 16.

We do not knowingly collect data from children under 16.

If such data is discovered, it will be deleted immediately.

10. Changes to This Policy

We may update this Privacy Policy at any time.

Updates will be posted here with a revised "Last updated" date.

Material changes will be communicated via email.

11. Contact Us

For questions or concerns:

• Email: hello@thredly.io
• Company: thredly Ltd
• Location: London, United Kingdom

If you are in the UK/EU and have concerns, you may lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk